Lucene search
K

643 matches found

Positive Technologies
Positive Technologies
added 2022/01/27 12:0 a.m.3 views

PT-2022-12233

Name of the Vulnerable Software and Affected Versions Single Connect affected versions not specified Description The issue is related to the lack of an authorization check in the log-monitor module, allowing a remote attacker to access the logging interface and potentially obtain sensitive...

5.3CVSS6.1AI score0.00993EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/01/27 12:0 a.m.5 views

Kron Single Connect 安全漏洞

Kron Single Connect is a comprehensive Privileged Access Management Pam software suite from Kron Turkey. It is designed to create a flexible, centrally managed and layered defense security architecture against insider threats. A security vulnerability exists in Kron Single Connect, which stems fr...

5.3CVSS5.9AI score0.00993EPSS
Exploits0References2
OSV
OSV
added 2022/01/17 1:15 p.m.3 views

CVE-2021-25025

The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the addcalendarevent AJAX actions, allowing users with a role as low as subscriber to create events...

4.3CVSS5.8AI score0.00347EPSS
Exploits2References1
OSV
OSV
added 2021/12/27 11:15 a.m.2 views

CVE-2021-24988

The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise and escape data before outputting it in the System Info admin dashboard, which could lead to a Stored XSS issue due to the wprssdismissaddonnotice AJAX action missing authorisation and CSRF checks, allowing any authenticated...

5.4CVSS6.1AI score0.00292EPSS
Exploits2References1
OSV
OSV
added 2021/12/13 11:15 a.m.3 views

CVE-2021-24836

The Temporary Login Without Password WordPress plugin before 1.7.1 does not have authorisation and CSRF checks when updating its settings, which could allows any logged-in users, such as subscribers to update them...

4.3CVSS5.8AI score0.00347EPSS
Exploits2References1
OSV
OSV
added 2021/11/10 4:15 p.m.1 views

CVE-2021-42062

SAP ERP HCM Portugal does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts...

4.3CVSS6.4AI score
Exploits0References2
OSV
OSV
added 2021/11/08 6:15 p.m.5 views

CVE-2021-24801

The WP Survey Plus WordPress plugin through 1.0 does not have any authorisation and CSRF checks in place in its AJAX actions, allowing any user to call them and add/edit/delete Surveys. Furthermore, due to the lack of sanitization in the Surveys' Title, this could also lead to Stored Cross-Site...

4.3CVSS5.8AI score0.00435EPSS
Exploits2References1
OSV
OSV
added 2021/11/01 9:15 a.m.5 views

CVE-2018-25019

The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndashassignmentprocessinit function, which could allow unauthenticated users to upload arbitrary files to the web server...

7.5CVSS5.8AI score0.01531EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2020/12/17 4:1 p.m.7 views

postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks

A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption...

6.5CVSS7.1AI score0.01183EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2020/12/09 12:0 a.m.4 views

PT-2020-16516 · Sap · Sap As Abap +1

Name of the Vulnerable Software and Affected Versions: SAP AS ABAP SAP Landscape Transformation versions 2011 1 620 through 2020 SAP S4 HANA SAP Landscape Transformation versions 101 through 105 Description: The issue allows a high privileged user to execute a RFC function module to which access...

7.6CVSS7.4AI score0.02162EPSS
Exploits2References9
CNNVD
CNNVD
added 2020/11/17 12:0 a.m.6 views

Moodle 访问控制错误漏洞

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. Moodle suffers from an Access Control Error vulnerability that stems from a failure to adequately check a user's ability to enroll when...

7.5CVSS6.4AI score0.01895EPSS
Exploits0References7
Cvelist
Cvelist
added 2020/11/10 4:17 p.m.30 views

CVE-2020-26818

SAP NetWeaver AS ABAP Web Dynpro, versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization,...

6.5CVSS8.3AI score0.0114EPSS
Exploits0References2
OSV
OSV
added 2020/05/13 7:15 p.m.4 views

CVE-2020-1996

A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. This vulnerability can be leveraged to obfuscate an ongoing attack or fabricate log entries in the ms.log fil...

5.3CVSS6.1AI score0.00905EPSS
Exploits0References1
OSV
OSV
added 2019/12/18 4:15 a.m.4 views

CVE-2019-15013

The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version 8.5.0 before version 8.5.2 allows authenticated remote attackers who do not have project administration access to remove a configured issue status from a projec...

4.3CVSS5.8AI score0.0121EPSS
Exploits0References1
CNVD
CNVD
added 2019/12/04 12:0 a.m.2 views

Unspecified vulnerability in SAP Treasury and Risk Management

SAP Treasury and Risk Management TRM is a finance and risk management solution from SAP. The product is primarily used to analyze and optimize business processes in the area of corporate finance. A security vulnerability exists in SAP TRM, which stems from a lack of authorization checks in the...

8.8CVSS6.8AI score0.00887EPSS
Exploits0References1
OSV
OSV
added 2019/08/14 3:15 p.m.3 views

CVE-2019-0349

SAP Kernel ABAP Debugger, versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.49, 7.53, 7.73, 7.75, 7.76, 7.77, allows a user to execute “Go to...

7.2CVSS7.2AI score0.01247EPSS
Exploits0References2
OSV
OSV
added 2019/08/09 8:15 p.m.4 views

CVE-2018-20826

The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check...

4.3CVSS5.8AI score0.00847EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2019/08/09 12:0 a.m.5 views

PT-2019-10264 · Atlassian · Jira

Name of the Vulnerable Software and Affected Versions: Jira versions prior to 7.12.3 Description: The issue is related to a missing authorization check in the inline-create rest resource, allowing authenticated remote attackers to set the reporter in issues. Recommendations: For versions prior to...

4.3CVSS4.4AI score0.00847EPSS
Exploits1References4
OSV
OSV
added 2019/07/10 12:15 p.m.5 views

CVE-2019-10119

eQ-3 HomeMatic CCU2 devices before 2.41.8 and CCU3 devices before 3.43.16 use session IDs for authentication but lack authorization checks. An attacker can obtain a session ID via an invalid login attempt to the RemoteApi account, aka HMCCU-154. This leads to automatic login as admin...

9.8CVSS7.3AI score0.01956EPSS
Exploits0References2
CNVD
CNVD
added 2017/10/19 12:0 a.m.4 views

Juniper Networks Junos Space Man-in-the-Middle Attack Vulnerability

Juniper Junos Space is a network management solution from Juniper Networks. The solution supports automated configuration, monitoring and troubleshooting of devices and services throughout their lifecycle. A security vulnerability exists in Juniper Networks Junos Space prior to version 17.1R1 tha...

8.1CVSS7.6AI score0.00917EPSS
Exploits0References1
Rows per page
Query Builder