Lucene search
K

859 matches found

CNNVD
CNNVD
added 2025/10/30 12:0 a.m.6 views

Seeyon Zhiyuan OA Web Application System 安全漏洞

Seeyon Zhiyuan OA Web Application System is a comprehensive office automation platform from Seeyon. A security vulnerability exists in Seeyon Zhiyuan OA Web Application System 7.0 SP1 and prior versions, which stems from improper encoding and parsing of parameters in thirdpartyController.do, whic...

9.3CVSS6.7AI score0.00602EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.11 views

PT-2025-44460

Name of the Vulnerable Software and Affected Versions Anheng Mingyu Operation and Maintenance Audit and Risk Control System versions prior to 2023-08-10 Description The software contains a server-side request forgery SSRF issue in the xmlrpc.sock handler. The system is susceptible to specially...

9.3CVSS6.9AI score0.0037EPSS
Exploits0References6
VulnCheck KEV
VulnCheck KEV
added 2025/10/30 12:0 a.m.5 views

VulnCheck KEV: CVE-2023-7325

Anheng Mingyu Operation and Maintenance Audit and Risk Control System up to 2023-08-10 contains a server-side request forgery SSRF vulnerability in the xmlrpc.sock handler. The product accepts specially crafted XML-RPC requests that can be used to instruct the server to connect to internal unix...

9.3CVSS5.9AI score0.0037EPSS
In wildExploits0References100
VulnCheck KEV
VulnCheck KEV
added 2025/10/30 12:0 a.m.13 views

VulnCheck KEV: CVE-2021-4461

Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the enc parameter in thirdpartyController.do. The decoded map values can influence session attributes without sufficient authentication/authorization checks, enabling attackers to assign a...

9.3CVSS5.8AI score0.00602EPSS
In wildExploits0References119
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 8:54 a.m.5 views

Security Bulletin: CVE-2025-46801 - Pgpool-II Authentication Bypass

Summary Pgpool-II contains an authentication bypass vulnerability that can be exploited under certain conditions. If an attacker exploits the vulnerability they may be able to log in to the system as an arbitrary user, which could allow them to read or tamper with data in the database, and/or...

9.8CVSS8.8AI score0.26049EPSS
Exploits1Affected Software2
Vulnrichment
Vulnrichment
added 2025/10/27 6:0 a.m.5 views

CVE-2025-11154 IDonate < 2.1.13 - Unauthenticated User Deletion

The IDonate WordPress plugin before 2.1.13 does not have authorisation and CSRF when deleting users via an action handler, allowing unauthenticated attackers to delete arbitrary users...

6.5AI score0.0013EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/10/24 9:16 p.m.11 views

CVE-2025-34293 GN4 Publishing System Insecure Direct Object Reference (IDOR) Information Disclosure

GN4 Publishing System versions prior to 2.6 contain an insecure direct object reference IDOR vulnerability via the API. Authenticated requests to the API's object endpoints allow an authenticated user to request arbitrary user IDs and receive sensitive account data for those users, including the...

8.6CVSS0.0038EPSS
Exploits0References4
NVD
NVD
added 2025/10/23 8:15 p.m.9 views

CVE-2025-57848

A container privilege escalation flaw was found in certain Container-native Virtualization images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container,...

6.4CVSS0.00166EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/23 3:13 p.m.7 views

CVE-2025-62604

MeterSphere is an open source continuous testing platform. Prior to version 2.10.25-lts, a logic flaw allows retrieval of arbitrary user information. This allows an unauthenticated attacker to log in to the system as any user. This issue has been patched in version 2.10.25-lts...

7.5CVSS7AI score0.00387EPSS
Exploits1References1
NVD
NVD
added 2025/10/22 3:16 p.m.7 views

CVE-2025-62604

MeterSphere is an open source continuous testing platform. Prior to version 2.10.25-lts, a logic flaw allows retrieval of arbitrary user information. This allows an unauthenticated attacker to log in to the system as any user. This issue has been patched in version 2.10.25-lts...

7.5CVSS0.00387EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/10/22 3:3 p.m.11 views

CVE-2025-62604 MeterSphere logic flaw allows retrieval of arbitrary user information

MeterSphere is an open source continuous testing platform. Prior to version 2.10.25-lts, a logic flaw allows retrieval of arbitrary user information. This allows an unauthenticated attacker to log in to the system as any user. This issue has been patched in version 2.10.25-lts...

5.3CVSS0.00387EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/10/21 12:23 a.m.12 views

CVE-2025-56219

Incorrect access control in SigningHub v8.6.8 allows attackers to arbitrarily add user accounts without any rate limiting. This can lead to a resource exhaustion and a Denial of Service DoS when an excessively large number of user accounts are created...

7.1CVSS6.7AI score0.00293EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/15 2:55 p.m.7 views

CVE-2025-59428

EspoCRM is an open source customer relationship management application. In versions before 9.1.9, a vulnerability allows arbitrary user creation, including administrative accounts, through a combination of stored SVG injection and lack of CSRF protection. An attacker with Knowledge Base edit...

5.4CVSS6.8AI score0.00133EPSS
Exploits1References1
NVD
NVD
added 2025/10/14 3:16 p.m.9 views

CVE-2025-59428

EspoCRM is an open source customer relationship management application. In versions before 9.1.9, a vulnerability allows arbitrary user creation, including administrative accounts, through a combination of stored SVG injection and lack of CSRF protection. An attacker with Knowledge Base edit...

5.4CVSS0.00133EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/14 2:38 p.m.4 views

EUVD-2025-34207

EspoCRM is an open source customer relationship management application. In versions before 9.1.9, a vulnerability allows arbitrary user creation, including administrative accounts, through a combination of stored SVG injection and lack of CSRF protection. An attacker with Knowledge Base edit...

5.4CVSS6.3AI score0.00133EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/10/14 2:38 p.m.8 views

CVE-2025-59428 EspoCRM allows arbitrary user creation via stored SVG injection and CSRF

EspoCRM is an open source customer relationship management application. In versions before 9.1.9, a vulnerability allows arbitrary user creation, including administrative accounts, through a combination of stored SVG injection and lack of CSRF protection. An attacker with Knowledge Base edit...

5.4CVSS0.00133EPSS
Exploits1References1
CVE
CVE
added 2025/10/14 2:38 p.m.19 views

CVE-2025-59428

CVE-2025-59428 affects EspoCRM up to version 9.1.8. A combination of stored SVG injection and missing CSRF protection allows an attacker with Knowledge Base edit permissions to cause arbitrary user creation (including admin accounts) by luring an authenticated user to click a malicious SVG link t...

5.4CVSS6.4AI score0.00133EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/10/14 2:38 p.m.4 views

CVE-2025-59428 EspoCRM allows arbitrary user creation via stored SVG injection and CSRF

EspoCRM is an open source customer relationship management application. In versions before 9.1.9, a vulnerability allows arbitrary user creation, including administrative accounts, through a combination of stored SVG injection and lack of CSRF protection. An attacker with Knowledge Base edit...

5.4CVSS6.8AI score0.00133EPSS
Exploits1References3
OSV
OSV
added 2025/10/09 3:40 p.m.1 views

GHSA-99H5-PJCV-GR6V Better Auth: Unauthenticated API key creation through api-key plugin

Summary A critical authentication bypass was identified in the API key creation and update endpoints. An attacker could create or modify API keys for arbitrary users by supplying a victim’s user ID in the request body. Due to a flaw in how the authenticated user was derived, the endpoints could...

8.6CVSS7.5AI score0.18012EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-5440

Malware in sbrugna...

7.5CVSS7.6AI score0.01024EPSS
Exploits0References3
Rows per page
Query Builder