Lucene search
+L

115 matches found

Vulnrichment
Vulnrichment
added 2026/02/25 1:32 p.m.7 views

CVE-2026-3186 feiyuchuixue sz-boot-parent Password Reset password default password

A vulnerability was determined in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this vulnerability is an unknown functionality of the file /api/admin/sys-user/reset/password/ of the component Password Reset Handler. This manipulation of the argument userId causes use of default...

6.5CVSS5.1AI score0.00222EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/02/25 1:32 p.m.3 views

CVE-2026-3186

A vulnerability was determined in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this vulnerability is an unknown functionality of the file /api/admin/sys-user/reset/password/ of the component Password Reset Handler. This manipulation of the argument userId causes use of default...

6.5CVSS6.2AI score0.00222EPSS
Exploits1References7
Veracode
Veracode
added 2026/02/12 5:5 a.m.7 views

Privilege Escalation

@cubejs-backend/server-core is vulnerable to Privilege Escalation. The vulnerability is due to improper authorization validation of specially crafted requests using a valid API token, which allows an attacker to escalate privileges beyond their intended access level...

7.7CVSS5.5AI score0.00352EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/01/22 3:16 p.m.4 views

CVE-2025-13928

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to cause a denial of service condition by exploiting incorrect authorization validation in API endpoints...

7.5CVSS0.00712EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/01/22 1:34 p.m.7 views

CVE-2025-13928

Removed by vendor...

7.5CVSS6AI score0.00712EPSS
Exploits0
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.9 views

WordPress plugin Forminator Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.3CVSS6.3AI score0.00262EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/07 9:16 a.m.27 views

CVE-2025-1495

IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation...

4.3CVSS6.2AI score0.00211EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/19 12:0 a.m.8 views

WordPress plugin Image Photo Gallery Final Tiles Grid 安全漏洞

...

5.4CVSS5.8AI score0.00251EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/12/13 12:0 a.m.5 views

WordPress plugin Employee Spotlight – Team Member Showcase & Meet the Team 安全漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin...

5.3CVSS5.8AI score0.00204EPSS
Exploits0References5
CNVD
CNVD
added 2025/11/20 12:0 a.m.6 views

Apache OpenOffice Information Disclosure Vulnerability

Apache OpenOffice is an open source office software suite from the U.S. Apache Apache Foundation. The suite contains text documents , spreadsheets , presentations , drawings , databases and so on. An information disclosure vulnerability exists in Apache OpenOffice, which is caused due to a lack o...

5.3CVSS6.3AI score0.00448EPSS
Exploits0References1
CNVD
CNVD
added 2025/11/14 12:0 a.m.5 views

Microsoft Excel Information Leakage Vulnerability (CNVD-2026-00026)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. An information leakage vulnerability exists in Microsoft Excel, which is caused due to improper authorization validation. An attacker could exploit the vulnerability to obtain sensitive information...

5.5CVSS6.4AI score0.00579EPSS
Exploits0References1
CNVD
CNVD
added 2025/11/14 12:0 a.m.6 views

Microsoft Nuance PowerScribe 360 Information Disclosure Vulnerability

Microsoft Nuance PowerScribe 360 is a medical image reporting system for speech recognition, report generation and workflow management in radiology. An information disclosure vulnerability exists in Microsoft Nuance PowerScribe 360, which is due to improper authorization validation. An attacker...

8.1CVSS6AI score0.00763EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/12 12:0 a.m.6 views

Dee Store 安全漏洞

Dee Store is an online shopping web application by the individual developer Dinuka Navaratna. A security vulnerability exists in Dee Store version 1.0, which stems from a lack of authorization validation and could allow a remote attacker to bypass privilege control by constructing a malicious...

7.5CVSS7.5AI score0.00341EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-13357

Malicious code in bioql PyPI...

4.3CVSS6.5AI score0.00211EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-48059

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00246EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/09/16 12:0 a.m.5 views

BMC Control-M 安全漏洞

BMC Control-M is an application from BMC Corporation. Simplifies application and data workflow orchestration locally or as a service. A security vulnerability exists in BMC Control-M/Agent, which stems from improper ordering of AUTHORIZEDCTMIP validation, and can be exploited by an attacker to...

6.9CVSS6.7AI score0.00362EPSS
Exploits0References3
Drupal
Drupal
added 2025/09/03 12:0 a.m.11 views

Acquia DAM - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-105

This module enables you to connect a Drupal site to the Acquia DAM service, which syncs media from the third party service to the site. The module doesn't sufficiently validate authorization to a list of DAM assets currently synced to the website creating an access bypass vulnerability. This...

7.5CVSS5.4AI score0.0028EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/07/02 12:0 a.m.5 views

Delinea Secret Server 安全漏洞

Delinea Secret Server is a powerful PAM in the cloud or locally from Delinea USA. A security vulnerability exists in Delinea Secret Server version 11.7.49 and earlier, which stems from insufficient validation in the initial authorization event and could lead to distributed engine impersonation...

3.8CVSS6.6AI score0.00126EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 1:12 a.m.9 views

CVE-2022-32277

Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to correctly validate authorization when submitting a request to change a user's contact details. NOTE: this is disputed by both the vendor and the original discoverer because it is a site-specific findin...

5.3CVSS6.8AI score0.00451EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:9 p.m.6 views

CVE-2012-2238

trytond 2.4: ModelView.button fails to validate authorization...

7.5CVSS6.7AI score0.01763EPSS
Exploits0References1
Rows per page
Query Builder