Tanium addressed an information disclosure vulnerability in Threat Response. [CVSS 4.9 MEDIUM]
Quick.Cart version 6.7 stores user passwords in plaintext, allowing authenticated administrators to retrieve plaintext credentials through the user editing interface. This vulnerability poses a significant risk in multi-administrator environments where high-privileged users may abuse account access. No patch is currently available, and other versions may be similarly affected though unconfirmed.
Open redirect in web2py 2.27.1 and earlier allows unauthenticated remote attackers to redirect users to arbitrary websites via specially crafted URLs, potentially facilitating phishing attacks. The vulnerability requires user interaction to exploit and affects the application's integrity with network-accessible attack vectors. No patch is currently available.
Improper access controls in Wekan's REST API endpoint (models/boards.js) prior to version 8.21 allow authenticated users to modify resources they should not have permission to access. The vulnerability requires valid credentials but no user interaction, making it exploitable by any authenticated attacker with network access. Administrators should upgrade to version 8.21 or later to remediate this issue.
Tanium addressed an uncontrolled resource consumption vulnerability in Connect. [CVSS 4.3 MEDIUM]
Tanium addressed an improper access controls vulnerability in Reputation. [CVSS 4.3 MEDIUM]
Tanium addressed an information disclosure vulnerability in Threat Response. [CVSS 4.3 MEDIUM]
Tanium addressed an improper access controls vulnerability in Deploy. [CVSS 4.3 MEDIUM]
Tanium addressed an improper access controls vulnerability in Patch. [CVSS 4.3 MEDIUM]
The ProfileGrid - User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized user suspension due to a missing capability check on the pm_deactivate_user_from_group() function in all versions up to, and including, 5.9.7.2. [CVSS 4.3 MEDIUM]
WeKan versions up to 8.20 contain an authorization bypass in the position history tracking functionality that allows authenticated remote attackers to access sensitive information without proper permissions. The vulnerability exists in the server/methods/positionHistory.js file and can be exploited by any user with login credentials. Upgrading to version 8.21 or later resolves this issue.
Tanium addressed an information disclosure vulnerability in Threat Response. [CVSS 4.3 MEDIUM]
Tanium addressed an information disclosure vulnerability in Threat Response. [CVSS 4.3 MEDIUM]