Lucene search
K

3977 matches found

CNNVD
CNNVD
added 2025/12/17 12:0 a.m.3 views

UliCMS 安全漏洞

UliCMS is a content management system CMS open source by UliCMS. The system supports features such as access control and WYSIWYG editing. A security vulnerability exists in UliCMS version 2023.1, which stems from an improper bulk assignment in UserController that could lead to authentication bypa...

9.8CVSS6.8AI score0.00598EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.6 views

PT-2025-51952

Name of the Vulnerable Software and Affected Versions UliCMS version 2023.1 Description An authentication bypass allows unauthenticated attackers to create administrative users. This is possible through mass assignment in the UserController by sending a crafted POST request to the ''index.php''...

9.8CVSS7AI score0.00598EPSS
Exploits1References7
Snyk
Snyk
added 2025/12/15 6:30 p.m.2 views

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment via the processing of ArgoCD Custom Resources. A namespace admin can gain elevated privileges and execute arbitrary workloads with root access on master nodes by crafting malicious custom resources after...

9.1CVSS7.5AI score0.0063EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/13 6:30 p.m.4 views

EUVD-2025-203232

The Eyewear prescription form plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.0.1. This is due to missing authorization checks on the SubmitCatProductRequest AJAX action. This makes it possible for unauthenticated attackers to create arbitrary...

5.3CVSS5.6AI score0.00227EPSS
Exploits0References4
OSV
OSV
added 2025/12/04 4:16 p.m.6 views

AZL-71420 CVE-2025-40251 affecting package kernel for versions less than 6.6.119.3-1

In the Linux kernel, the following vulnerability has been resolved: devlink: rate: Unset parent pointer in devlratenodesdestroy The function devlratenodesdestroy is documented to "Unset parent for all rate objects". However, it was only calling the driver-specific rateleafparentset or...

5.5CVSS5.9AI score0.00123EPSS
Exploits0References1
OSV
OSV
added 2025/12/04 3:31 p.m.4 views

CVE-2025-40231 vsock: fix lock inversion in vsock_assign_transport()

In the Linux kernel, the following vulnerability has been resolved: vsock: fix lock inversion in vsockassigntransport Syzbot reported a potential lock inversion deadlock between vsockregistermutex and sklock-AFVSOCK when vsocklinger is called. The issue was introduced by commit 687aa0c5581b "vsoc...

6.3AI score0.00173EPSS
Exploits0References10
Veracode
Veracode
added 2025/12/04 5:45 a.m.5 views

Insecure Direct Object Reference (IDOR)

com.liferay.portal, com.liferay.portal.impl is vulnerable to an Insecure Direct Object Reference IDOR. The vulnerability is due to improper access control on the comliferayusersadminwebportletUsersAdminPortletaddUserIds parameter, which allows an attacker to assign an organization to a user acros...

5.3CVSS6.9AI score0.00243EPSS
Exploits0References6Affected Software1
Packet Storm News
Packet Storm News
added 2025/12/01 12:0 a.m.3 views

Physical ID-Transfer Attacks against Multi-Object Tracking Via Adversarial Trajectory

Multi-Object Tracking MOT is a critical task in computer vision, with applications ranging from surveillance systems to autonomous driving. However, threats to MOT algorithms have yet been widely studied. In particular, incorrect association between the tracked objects and their assigned IDs can...

6.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.5 views

PT-2025-48210

Name of the Vulnerable Software and Affected Versions VIPRE Advanced Security for PC affected versions not specified Description A local attacker can gain higher-level access on systems running VIPRE Advanced Security for PC. To exploit this, an attacker must first be able to run code with limite...

7.8CVSS7.6AI score0.00116EPSS
Exploits0References4
OSV
OSV
added 2025/11/25 6:12 p.m.2 views

GO-2025-4153 Grafana Incorrect Privilege Assignment vulnerability in github.com/grafana/grafana

Grafana Incorrect Privilege Assignment vulnerability in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...

10CVSS6.8AI score0.17293EPSS
Exploits1References7
Redos
Redos
added 2025/11/25 12:0 a.m.8 views

ROS-20251125-06

A vulnerability in the Moodle virtual learning environment is related to the disclosure of hidden group names to users, who have permission to create events in the calendar. Exploitation of the vulnerability could allow an attacker, acting remotely, to gain unauthorized access to protected...

6.5CVSS6.9AI score0.00246EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/11/25 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-62401

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in Moodle's timed assignment feature allowed students to bypass the time restriction, potentially giving them more time than allowed to complete an...

5.4CVSS6AI score0.00204EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/20 12:0 a.m.3 views

SOPlanning 安全漏洞

SOPlanning is a suite of online project management software from SOPlanning, Inc. A security vulnerability exists in SOPlanning versions prior to 1.55 that stems from an improper assignment of privileges in the User Management tab, which could result in elevated privileges...

8.8CVSS6.3AI score0.00255EPSS
Exploits0References2
OSV
OSV
added 2025/11/17 7:11 p.m.5 views

GO-2025-4125 Observability Operator is vulnerable to Incorrect Privilege Assignment through its Custom Resource MonitorStack in github.com/rhobs/observability-operator

Observability Operator is vulnerable to Incorrect Privilege Assignment through its Custom Resource MonitorStack in github.com/rhobs/observability-operator...

8.8CVSS6.6AI score0.00285EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/11/17 7:3 a.m.13 views

CVE-2025-64307

The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes...

7.1CVSS6.8AI score0.0022EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/07 5:33 p.m.2 views

CVE-2025-6325

Incorrect Privilege Assignment vulnerability in KingAddons.com King Addons for Elementor king-addons allows Privilege Escalation.This issue affects King Addons for Elementor: from n/a through = 51.1.36...

9.8CVSS7AI score0.00395EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/07 5:33 p.m.3 views

CVE-2025-60195

Incorrect Privilege Assignment vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Privilege Escalation.This issue affects Atarim: from n/a through = 4.2.1...

9.8CVSS5.9AI score0.00351EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/07 5:33 p.m.5 views

CVE-2025-60243

Incorrect Privilege Assignment vulnerability in Holest Engineering Selling Commander for WooCommerce selling-commander-connector allows Privilege Escalation.This issue affects Selling Commander for WooCommerce: from n/a through = 1.2.46...

9.8CVSS7AI score0.00365EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/07 5:32 p.m.6 views

CVE-2025-62034

Incorrect Privilege Assignment vulnerability in uxper Togo togo.This issue affects Togo: from n/a through 1.0.4...

8.8CVSS7AI score0.00295EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/07 3:54 p.m.4 views

CVE-2025-49900

Incorrect Privilege Assignment vulnerability in bPlugins Advanced scrollbar advanced-scrollbar allows Privilege Escalation.This issue affects Advanced scrollbar: from n/a through = 1.1.8...

8.8CVSS7AI score0.00295EPSS
Exploits0References1
Rows per page
Query Builder