Lucene search
K

10 matches found

Circl
Circl
added 11 hours ago4 views

CVE-2026-48370

creationtimestamp| type| source ---|---|--- 2026-07-15 05:08:02+00:00| seen| https://bsky.app/profile/hugovalters.bsky.social/post/3mqnxbgcyov2a 2026-07-15 05:08:50+00:00| seen| https://mastodon.social/users/hugovalters/statuses/116922259945417226...

7.8CVSS6.1AI score
Exploits0References2
Circl
Circl
added 2025/05/27 3:49 p.m.17 views

CVE-2025-48370

creationtimestamp| type| source ---|---|--- 2025-05-27 15:49:17+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/17659 2025-05-27 15:55:21+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lq62fj35jmy2...

6.9CVSS4.8AI score0.00745EPSS
Exploits0References2
CVE
CVE
added 2025/05/27 3:27 p.m.65 views

CVE-2025-48370

CVE-2025-48370 affects the auth-js library (Supabase Auth). Before 2.69.1, functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require UUIDs for user-controlled inputs, enabling potential URL path traversal and invocation of the wrong API function. The issue ta...

6.9CVSS5.2AI score0.00745EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/05/27 3:27 p.m.12 views

CVE-2025-48370 auth-js Vulnerable to Insecure Path Routing from Malformed User Input

auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.70.0, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the...

6.9CVSS5.2AI score0.00745EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/05/27 3:27 p.m.31 views

CVE-2025-48370 auth-js Vulnerable to Insecure Path Routing from Malformed User Input

auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.70.0, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the...

6.9CVSS0.00745EPSS
Exploits0References3
Circl
Circl
added 2023/05/09 7:43 a.m.5 views

CVE-2022-48370

creationtimestamp| type| source ---|---|--- 2023-05-09 07:43:31+00:00| seen| https://t.me/cibsecurity/63571...

5.5CVSS5.5AI score0.00089EPSS
Exploits0References1
NVD
NVD
added 2023/05/09 2:15 a.m.23 views

CVE-2022-48370

In dialer service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...

5.5CVSS5.3AI score0.00089EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/05/09 1:21 a.m.20 views

CVE-2022-48370

In dialer service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...

5.5AI score0.00089EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/05/09 1:21 a.m.9 views

CVE-2022-48370

In dialer service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges...

5.3AI score0.00089EPSS
Exploits0References1
CVE
CVE
added 2023/05/09 1:21 a.m.54 views

CVE-2022-48370

CVE-2022-48370 describes a local information disclosure in the Unisoc dialer service due to a missing permission check. The vulnerability affects Unisoc chipsets’ dialer component and could allow access to sensitive data without extra execution privileges. No explicit affected version ranges or p...

5.5CVSS5.2AI score0.00089EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder