Security
Headlines
HeadlinesLatestCVEs

Search

lenovo warranty check/lookup | check warranty status | lenovo support us

Found 10000 results in 50 ms.

CVE-2021-25097

The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication

CVE
#csrf#wordpress#auth
CVE-2022-2405

The WP Popup Builder WordPress plugin through 1.2.8 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup

CVE-2022-2369

The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin

CVE-2023-46144

A download of code without integrity check vulnerability in PLCnext products allows an remote attacker with low privileges to compromise integrity on the affected engineering station and the connected devices.

CVE-2019-17675: Changeset 46477 – WordPress Trac

WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF.

CVE-2022-0268: Fixed XSS check not detecting escaped `&#58` · getgrav/grav@6f2fa93

Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to 1.7.28.

CVE-2023-0307: fix: added missing check on password length · thorsten/phpMyFAQ@8beed2f

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

CVE-2022-34008: Download Free Antivirus Software | Get Complete PC Virus Protection

Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privilege escalation. To escalate privilege, a low-privileged attacker can use an NTFS directory junction to restore a malicious DLL from quarantine into the System32 folder.

GHSA-7j55-28qq-676g: Missing Authorization in Jenkins Azure Credentials Plugin

A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

CoreDial sipXcom sipXopenfire 21.04 Remote Command Execution / Weak Permissionsundefined

CoreDial sipXcom sipXopenfire versions 21.04 and below suffer from XMPP message system command argument injection and insecure service file permissions that when chained together gives root.