IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.4 could allow an authenticated GUI user to perform unauthorized actions due to missing function level access control. IBM X-Force ID: 178414
The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove user roles from packages and/or project met...
The Authenticated User Page Caching (Authcache) module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to cached pages, which allows remote attackers with the same role-combination...
In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data.
On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This a...
In Drupal 8.x prior to 8.3.7 When creating a view, you can optionally use Ajax to update the displayed data via filter parameters. The views subsystem/module did not restrict access to the Ajax endpoi...
Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query.