Lucene search
K

63 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-5080

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.0259EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-41525

Malicious code in bioql PyPI...

9.2CVSS6.6AI score0.00432EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-39951

Malicious code in bioql PyPI...

6.5CVSS6.7AI score0.00582EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-33404

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00451EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-7794

Malicious code in bioql PyPI...

4.3CVSS6.3AI score0.00298EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-2371

Malicious code in bioql PyPI...

4.9CVSS6.4AI score0.00397EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/07/29 12:0 a.m.5 views

XORUX XorMon-NG 安全漏洞

XORUX XorMon-NG is an infrastructure performance monitoring platform from the Czech company XORUX. A security vulnerability exists in XORUX XorMon-NG, which stems from improper access control of API endpoints and could lead to the disclosure of sensitive information...

5.3CVSS6.2AI score0.06894EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/05/25 12:18 a.m.15 views

CVE-2025-48695

An issue was discovered in CyberDAVA before 1.1.20. A privilege escalation vulnerability allows a low-privileged user to escalate their privilege by abusing the following API due to the lack of access control: /api/v2/users/user//role/ROLE/ admin access can be achieved...

6.4CVSS7.3AI score0.00186EPSS
Exploits0References1
CVE
CVE
added 2025/05/23 12:0 a.m.69 views

CVE-2025-48695

CVE-2025-48695 affects CyberDAVA before 1.1.20. A privilege escalation flaw exists in the API endpoint /api/v2/users/user//role/ROLE/, where a low-privileged user can escalate to admin due to insufficient access control. The issue is reflected in multiple sources (NVD/CVE records) with a base sco...

6.4CVSS6.7AI score0.00186EPSS
Exploits0References2
NVD
NVD
added 2025/04/18 4:15 p.m.22 views

CVE-2025-32796

Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users can enable or disable apps through the API, even though the web UI button for this action is disabled and normal users are not permitted to make such changes...

6.5CVSS0.0035EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/04/10 3:33 p.m.9 views

CVE-2025-24866 Unauthorized Access to User Activity Logs API by delegated granular administration roles

Mattermost versions 9.11.x = 9.11.8 fail to enforce proper access controls on the /api/v4/audits endpoint, allowing users with delegated granular administration roles who lack access to Compliance Monitoring to retrieve User Activity Logs...

2.7CVSS3.9AI score0.00259EPSS
Exploits0References1
Wallarm Lab
Wallarm Lab
added 2025/03/31 12:25 p.m.9 views

Unsolved Challenge: Why API Access Control Vulnerabilities Remain a Major Security Risk

Despite advancements in API security, access control vulnerabilities, such as broken object-level authentication BOLA and broken function-level authentication BFLA, remain almost impossible to detect. This blog will explore why these vulnerabilities are so difficult to detect, the limitations of...

8.4AI score
Exploits0
Veracode
Veracode
added 2025/03/17 5:44 p.m.14 views

Improper Authorization

Umbraco.Cms.Api.Management is vulnerable to improper access control. The vulnerability is due to insufficient API access restrictions due to low-privilege authenticated users being able to create and update data type information meant for higher-privilege users...

4.3CVSS6.3AI score0.00298EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/14 9:8 a.m.9 views

CVE-2025-27601

Umbraco is a free and open source .NET content management system. An improper API access control issue has been identified Umbraco's API management package prior to versions 15.2.3 and 14.3.3, allowing low-privilege, authenticated users to create and update data type information that should be...

4.3CVSS6.2AI score0.00298EPSS
Exploits0References1
NVD
NVD
added 2025/03/11 4:15 p.m.15 views

CVE-2025-27601

Umbraco is a free and open source .NET content management system. An improper API access control issue has been identified Umbraco's API management package prior to versions 15.2.3 and 14.3.3, allowing low-privilege, authenticated users to create and update data type information that should be...

4.3CVSS0.00298EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/11 3:30 p.m.8 views

CVE-2025-27601 Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality

Umbraco is a free and open source .NET content management system. An improper API access control issue has been identified Umbraco's API management package prior to versions 15.2.3 and 14.3.3, allowing low-privilege, authenticated users to create and update data type information that should be...

4.3CVSS4.4AI score0.00298EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/03/11 3:30 p.m.20 views

CVE-2025-27601 Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality

Umbraco is a free and open source .NET content management system. An improper API access control issue has been identified Umbraco's API management package prior to versions 15.2.3 and 14.3.3, allowing low-privilege, authenticated users to create and update data type information that should be...

4.3CVSS0.00298EPSS
Exploits0References3
CVE
CVE
added 2025/03/11 3:30 p.m.92 views

CVE-2025-27601

CVE-2025-27601 concerns Umbraco in the API management package, where an improper API access control allows low-privilege authenticated users to create and update data type information restricted to settings-access users. Affected are Umbraco.Cms.Api.Management versions prior to 14.3.3 and 15.2.3....

4.3CVSS4.4AI score0.00298EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/03/11 3:30 p.m.6 views

CVE-2025-27601 Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality

Umbraco is a free and open source .NET content management system. An improper API access control issue has been identified Umbraco's API management package prior to versions 15.2.3 and 14.3.3, allowing low-privilege, authenticated users to create and update data type information that should be...

4.3CVSS6.1AI score0.00298EPSS
Exploits0References5
OSV
OSV
added 2025/03/11 3:27 p.m.6 views

GHSA-6FFG-MJG7-585X Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality

Impact An improper API access control issue has been identified, allowing low-privilege, authenticated users to create and update data type information that should be restricted to users with access to the settings section. Patches Will be patched in 14.3.3 and 15.2.3. Workarounds None available...

4.3CVSS6.4AI score0.00298EPSS
Exploits0References5
Rows per page
Query Builder