Lucene search
K

15 matches found

Snyk
Snyk
added 2026/04/10 9:0 p.m.6 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the CloudSpec method on the Controller facade. An attacker can obtain sensitive cloud credentials by making an authenticated API call with only basic login permissions, without requiring elevated privileges...

9.9CVSS5.8AI score0.00445EPSS
Exploits1References2
OSV
OSV
added 2026/04/10 9:0 p.m.4 views

GHSA-W5FQ-8965-C969 Juju: CloudSpec method leaking cloud credentials

Impact If a user has login permission to a controller and knows the controller model UUID, they can call the CloudSpec method on the Controller facade and get cloud credentials used to bootstrap the controller. The CloudSpec API is called by workers running in the controller to maintain connectio...

9.9CVSS5.6AI score0.00445EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/04/10 9:0 p.m.10 views

Juju: CloudSpec method leaking cloud credentials

Impact If a user has login permission to a controller and knows the controller model UUID, they can call the CloudSpec method on the Controller facade and get cloud credentials used to bootstrap the controller. The CloudSpec API is called by workers running in the controller to maintain connectio...

9.9CVSS5.6AI score0.00445EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 8:18 a.m.4 views

CVE-2019-17070

The liquid-speech-balloon aka LIQUID SPEECH BALLOON plugin before 1.0.7 for WordPress allows XSS with Internet Explorer...

6.1CVSS6.2AI score0.00941EPSS
Exploits0References1
Circl
Circl
added 2020/11/11 12:34 p.m.4 views

CVE-2020-17070

creationtimestamp| type| source ---|---|--- 2020-11-11 12:34:58+00:00| seen| https://t.me/cibsecurity/16146 2021-08-11 18:46:50+00:00| seen| https://t.me/truesecator/1993...

7.8CVSS7.4AI score0.00886EPSS
Exploits0References2
OSV
OSV
added 2020/11/11 7:15 a.m.2 views

CVE-2020-17070

Windows Update Medic Service Elevation of Privilege Vulnerability...

7.8CVSS7.1AI score0.00886EPSS
Exploits0References1
NVD
NVD
added 2020/11/11 7:15 a.m.20 views

CVE-2020-17070

Windows Update Medic Service Elevation of Privilege Vulnerability...

7.8CVSS8.4AI score0.00886EPSS
Exploits0References1
CVE
CVE
added 2020/11/11 6:48 a.m.89 views

CVE-2020-17070

The CVE-2020-17070 entry concerns the Windows Update Medic Service Elevation of Privilege vulnerability. The available documents identify a local, low-privilege elevation of privilege in the Windows Update Medic Service, with the NVD metrics showing local access, low attack complexity, and high i...

7.8CVSS8.1AI score0.00886EPSS
Exploits0References1Affected Software3
Cvelist
Cvelist
added 2020/11/11 6:48 a.m.22 views

CVE-2020-17070 Windows Update Medic Service Elevation of Privilege Vulnerability

...

7.8CVSS8.7AI score0.00886EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/11/10 12:0 a.m.78 views

KB4586786: Windows 10 Version 1903 and Windows 10 Version 1909 November 2020 Security Update

The Windows installation on the remote host is missing security update 4586781. It is, therefore, affected by multiple vulnerabilities. Please review the vendor advisory for more details. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from t...

10CVSS7.2AI score0.25285EPSS
Exploits4References57
Cvelist
Cvelist
added 2019/10/10 10:51 a.m.12 views

CVE-2019-17070

The liquid-speech-balloon aka LIQUID SPEECH BALLOON plugin before 1.0.7 for WordPress allows XSS with Internet Explorer...

6.1AI score0.00941EPSS
Exploits0References2
CVE
CVE
added 2019/10/10 10:51 a.m.75 views

CVE-2019-17070

CVE-2019-17070 affects the WordPress plugin liquid-speech-balloon (aka LIQUID SPEECH BALLOON) prior to version 1.0.7. The available documents describe a cross-site scripting (XSS) vulnerability (specifically with Internet Explorer) in this plugin. The root cause and specific vulnerable component/...

6.1CVSS6AI score0.00941EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/09/15 9:0 p.m.48 views

CVE-2018-17070

UNL-CMS 7.59 is affected by a CSRF vulnerability (CVE-2018-17070) that allows an attacker to update site settings via the URL path ?q=admin/config/system/site-information&render=overlay&render=overlay. The vulnerability is documented across multiple sources (NVD/CNVD entries) as CSRF that can mod...

6.5CVSS6.5AI score0.00506EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/01/29 7:0 p.m.5 views

CVE-2017-17070

...

Exploits0
CVE
CVE
added 2018/01/29 7:0 p.m.24 views

CVE-2017-17070

CVE-2017-17070 is rejected/not used; this CVE ID does not represent an active vulnerability entry.

7.3AI score
Exploits0
Rows per page
Query Builder