Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

29 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2023-12944

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00201EPSS
Exploits1References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2023-12952

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00165EPSS
Exploits1References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2023-12930

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00128EPSS
Exploits1References3
RedhatCVE
RedhatCVEadded 2025/05/23 2:57 a.m.1 views

CVE-2023-0967

Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the administrator. This is possible because the application is vulnerable to IDOR, it does not properly validate user...

6.5CVSS6.6AI score0.00165EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/23 2:57 a.m.2 views

CVE-2023-0959

Bhima version 1.27.0 allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. This is possible because the application is vulnerable to CSRF...

6.5CVSS6.6AI score0.00201EPSS
Exploits1References1
The Hacker News
The Hacker Newsadded 2023/07/31 12:30 p.m.19 views

Patchwork Hackers Target Chinese Research Organizations Using EyeShell Backdoor

Threat actors associated with the hacking crew known as Patchwork have been spotted targeting universities and research organizations in China as part of a recently observed campaign. The activity, according to KnownSec 404 Team, entailed the use of a backdoor codenamed EyeShell. Patchwork, also...

7.1AI score
Exploits0
NVD
NVDadded 2023/04/05 8:15 p.m.6 views

CVE-2023-0944

Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update arbitrary user session data such as username, email and password. This is possible because the application is vulnerable to IDOR, it does not correctly validate user permissions with respect to certain...

4.3CVSS4.6AI score0.00128EPSS
Exploits1References2
OSV
OSVadded 2023/04/05 8:15 p.m.10 views

CVE-2023-0959

Bhima version 1.27.0 allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. This is possible because the application is vulnerable to CSRF...

6.5CVSS7.1AI score
Exploits0References2
NVD
NVDadded 2023/04/05 8:15 p.m.9 views

CVE-2023-0967

Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the administrator. This is possible because the application is vulnerable to IDOR, it does not properly validate user...

6.5CVSS6.3AI score0.00165EPSS
Exploits1References2
OSV
OSVadded 2023/04/05 8:15 p.m.10 views

CVE-2023-0967

Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the administrator. This is possible because the application is vulnerable to IDOR, it does not properly validate user...

6.5CVSS6.7AI score
Exploits0References2
NVD
NVDadded 2023/04/05 8:15 p.m.7 views

CVE-2023-0959

Bhima version 1.27.0 allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. This is possible because the application is vulnerable to CSRF...

6.5CVSS6.4AI score0.00201EPSS
Exploits1References2
Prion
Prionadded 2023/04/05 8:15 p.m.11 views

Cross site request forgery (csrf)

Bhima version 1.27.0 allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. This is possible because the application is vulnerable to CSRF...

4.3CVSS6.4AI score0.00201EPSS
Exploits1References2Affected Software1
Prion
Prionadded 2023/04/05 8:15 p.m.9 views

Code injection

Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update arbitrary user session data such as username, email and password. This is possible because the application is vulnerable to IDOR, it does not correctly validate user permissions with respect to certain...

4CVSS4.7AI score0.00128EPSS
Exploits1References2Affected Software1
Prion
Prionadded 2023/04/05 8:15 p.m.10 views

Design/Logic Flaw

Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the administrator. This is possible because the application is vulnerable to IDOR, it does not properly validate user...

4CVSS6.3AI score0.00165EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2023/04/05 12:0 a.m.36 views

CVE-2023-0967

CVE-2023-0967 affects Bhima 1.27.0. An attacker authenticated with normal user permissions can view data that should be admin-only due to an IDOR-like permission validation flaw. All connected sources consistently describe Bhima 1.27.0 as vulnerable to improper permission checks that expose sensi...

6.5CVSS6.2AI score0.00165EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2023/04/05 12:0 a.m.39 views

CVE-2023-0944

CVE-2023-0944 affects Bhima 1.27.0. An authenticated user with regular permissions can perform an IDOR to update arbitrary user session data (e.g., username, email, password) due to improper permission validation for certain actions. The connected documents describe the vulnerability and impact b...

4.3CVSS4.6AI score0.00128EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologiesadded 2023/04/05 12:0 a.m.2 views

PT-2023-16643 · Bhima · Bhima

Name of the Vulnerable Software and Affected Versions: Bhima version 1.27.0 Description: The issue allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. This is possible because the application is vulnerable t...

6.5CVSS7.1AI score0.00201EPSS
Exploits1References6
CNNVD
CNNVDadded 2023/04/05 12:0 a.m.2 views

Bhima 安全漏洞

BHIMA is a free, open source accounting and hospital information management system HIMS open source from IMAWorldHealth.org in Congo. A security vulnerability exists in Bhima version 1.27.0 that stems from not properly validating a user's privileges for certain actions that the user can perform...

4.3CVSS5AI score0.00128EPSS
Exploits1References3
Cvelist
Cvelistadded 2023/04/05 12:0 a.m.10 views

CVE-2023-0967

Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the administrator. This is possible because the application is vulnerable to IDOR, it does not properly validate user...

6.5AI score0.00165EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2023/04/05 12:0 a.m.3 views

CVE-2023-0944

Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update arbitrary user session data such as username, email and password. This is possible because the application is vulnerable to IDOR, it does not correctly validate user permissions with respect to certain...

4.7AI score0.00128EPSS
Exploits1References2
Rows per page
Query Builder