The Amelia WordPress plugin before 1.0.47 does not have proper authorisation when managing appointments, allowing any customer to update other’s booking, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it.
CWE-863
CVE-2022-0726
Improper Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0.
CVE-2022-0727
Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0.
CVE-2022-0732
The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability.
CVE-2022-0735
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure vulnerability using quick actions commands.
CVE-2022-0633
The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup’s nonce identifier, which may allow any users with an account on the site (such as subscriber) to download the most recent site & database backup.