Lucene search
K

3977 matches found

Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.6 views

PT-2025-45212

Incorrect Privilege Assignment vulnerability in bPlugins Advanced scrollbar advanced-scrollbar allows Privilege Escalation.This issue affects Advanced scrollbar: from n/a through = 1.1.8...

7AI score0.00295EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.4 views

PT-2025-45284

Incorrect Privilege Assignment vulnerability in Holest Engineering Selling Commander for WooCommerce selling-commander-connector allows Privilege Escalation.This issue affects Selling Commander for WooCommerce: from n/a through = 1.2.46...

7AI score0.00365EPSS
Exploits0References2
OSV
OSV
added 2025/11/04 7:17 p.m.3 views

CVE-2025-64322

Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Agentforce Vibes Extension allows Manipulating Writeable Configuration Files.This issue affects Agentforce Vibes Extension: before 3.3.0...

5.3CVSS5.8AI score0.00187EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/11/04 4:35 a.m.261 views

poc

Filament Demo PoC — mass-assignment Purpose Minimal reprod...

6.9AI score
Exploits0
CVE
CVE
added 2025/11/03 3:14 p.m.14 views

CVE-2025-36091

CVE-2025-36091 affects IBM Cloud Pak for Business Automation Core components (25.0.0, 24.0.1, 24.0.0). Description and vendor advisories identify an ownership misassignment vulnerability (CWE-283: Unverified Ownership) that could allow an authenticated user to make dashboards inaccessible to legi...

4.3CVSS6.1AI score0.00284EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/11/03 12:0 a.m.4 views

IBM Cloud Pak for Business Automation 安全漏洞

IBM Cloud Pak for Business Automation is a suite of modular, integrated software components for any type of hybrid cloud environment, designed to accelerate business growth and improve operational efficiency by automating technologies that enable digital transformation of business processes. An...

4.3CVSS7.1AI score0.00284EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2025/11/01 10:54 a.m.5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: do not index invalid pin Assignments A poorly implemented DisplayPort Alt Mode port partner may indicate that its pin assignment capabilities exceed the maximum value, DPPINASSIGNF. In this case,...

5.5CVSS6.2AI score0.0017EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/30 9:16 p.m.11 views

CVE-2021-4461 Seeyon Zhiyuan OA Web Application System < 7.0 SP1 Authentication Bypass

Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the enc parameter in thirdpartyController.do. The decoded map values can influence session attributes without sufficient authentication/authorization checks, enabling attackers to assign a...

9.3CVSS0.00602EPSS
Exploits0References4
NVD
NVD
added 2025/10/28 12:15 p.m.7 views

CVE-2025-40055

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix double free in userclusterconnect userclusterdisconnect frees "conn-ccprivate" which is "lc" but then the error handling frees "lc" a second time. Set "lc" to NULL on this path to avoid a double free...

0.00207EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/10/27 12:2 p.m.4 views

CVE-2025-12270 LearnHouse Student Assignment Submission sub_file resource injection

A vulnerability was determined in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The impacted element is an unknown function of the file /api/v1/assignments/assignmentid/tasks/taskid/subfile of the component Student Assignment Submission Handler. This manipulation causes improper...

5.3CVSS6.3AI score0.00369EPSS
Exploits1References4
CVE
CVE
added 2025/10/27 12:2 p.m.15 views

CVE-2025-12270

CVE-2025-12270 affects LearnHouse, impacting the Student Assignment Submission Handler. The vulnerability resides in an unknown function within /api/v1/assignments/{assignment_id}/tasks/{task_id}/sub_file, causing improper control of resource identifiers. Exploitation can be performed remotely; m...

7.5CVSS6.3AI score0.00369EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/10/27 12:2 p.m.10 views

CVE-2025-12270 LearnHouse Student Assignment Submission sub_file resource injection

A vulnerability was determined in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The impacted element is an unknown function of the file /api/v1/assignments/assignmentid/tasks/taskid/subfile of the component Student Assignment Submission Handler. This manipulation causes improper...

5.3CVSS0.00369EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/27 12:2 p.m.5 views

EUVD-2025-36164

A vulnerability was determined in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The impacted element is an unknown function of the file /api/v1/assignments/assignmentid/tasks/taskid/subfile of the component Student Assignment Submission Handler. This manipulation causes improper...

5.3CVSS6.1AI score0.00369EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.7 views

PT-2025-43939

Name of the Vulnerable Software and Affected Versions LearnHouse affected versions not specified Description A flaw exists that results in improper control of resource identifiers. This issue is located within the Student Assignment Submission Handler component, specifically affecting an unknown...

7.5CVSS4.4AI score0.00369EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/10/26 6:36 a.m.9 views

CVE-2025-6639

The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.8.3 due to missing validation on a user controlled key when viewing and editing assignments through the tutorassignmentsubmit...

5.4CVSS5.6AI score0.00161EPSS
Exploits0References1
NVD
NVD
added 2025/10/25 6:15 a.m.7 views

CVE-2025-6680

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.8.3. This makes it possible for authenticated attackers, with tutor-level access and above, to view assignments for courses they don't...

4.3CVSS0.00195EPSS
Exploits0References2
NVD
NVD
added 2025/10/25 6:15 a.m.5 views

CVE-2025-6639

The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.8.3 due to missing validation on a user controlled key when viewing and editing assignments through the tutorassignmentsubmit...

5.4CVSS0.00161EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/25 5:31 a.m.5 views

EUVD-2025-35911

The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.8.3 due to missing validation on a user controlled key when viewing and editing assignments through the tutorassignmentsubmit...

5.4CVSS5.1AI score0.00161EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/25 5:31 a.m.8 views

CVE-2025-6639 Tutor LMS Pro – eLearning and online course solution <= 3.8.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to View/Edit Other Assignments

The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.8.3 due to missing validation on a user controlled key when viewing and editing assignments through the tutorassignmentsubmit...

5.4CVSS0.00161EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/25 5:31 a.m.3 views

CVE-2025-6680 Tutor LMS <= 3.8.3 - Missing Authorization to Sensitive Information Exposure

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.8.3. This makes it possible for authenticated attackers, with tutor-level access and above, to view assignments for courses they don't...

4.3CVSS5.3AI score0.00195EPSS
Exploits0References2
Rows per page
Query Builder