Lucene search
+L

865 matches found

Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.27 views

PT-2026-40726

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description The endpoint "/api/tag/getTag" is registered using only the model.CheckAuth middleware, missing the model.CheckAdminRole and model.CheckReadonly checks. This allows any authenticated user, including...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/11 12:0 a.m.15 views

Malicious code in briantreehttp (npm)

briantreehttp is a typosquatting package impersonating braintreehttp, the HTTP client library published by Braintree/PayPal. The package bundles the legitimate library source to appear functional while hiding a credential-theft payload in index1.js, which is executed at install time via the...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/07 8:20 a.m.20 views

CVE-2026-34458

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, an INI injection vulnerability allows any standard local user to bypass configuration restrictions EditAdminOnly and ConfigPassword and inject arbitrary directives into the global...

9.3CVSS5.9AI score0.00251EPSS
Exploits1References1
NVD
NVD
added 2026/05/05 8:16 p.m.8 views

CVE-2026-34458

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, an INI injection vulnerability allows any standard local user to bypass configuration restrictions EditAdminOnly and ConfigPassword and inject arbitrary directives into the global...

9.3CVSS0.00251EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.10 views

Automotive Grade Linux app-framework-binder 访问控制错误漏洞

Automotive Grade Linux app-framework-binder is an application framework communication component from Automotive Grade Linux, Inc. An Access Control Error vulnerability exists in Automotive Grade Linux app-framework-binder version 19.90.0 and earlier, which stems from a lack of authentication on...

7.8CVSS5.9AI score0.00123EPSS
Exploits0References1
NVD
NVD
added 2026/04/21 7:16 a.m.5 views

CVE-2026-6703

The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticat...

4.3CVSS0.0023EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/20 6:41 a.m.9 views

Security Bulletin: The IBM Engineering Lifecycle Management products using WebSphere Application Server Liberty is affected by a remote code execution vulnerability (CVE-2025-14914)

Summary WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.1 with the restConnector-1.0 or restConnector-2.0 feature enabled is affected by a remote code execution vulnerability. Following IBM® Engineering Lifecycle Management products are vulnerable to this attack, it has been addressed in...

7.6CVSS6.3AI score0.0039EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/20 6:39 a.m.5 views

Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server Liberty could provide weaker than expected security (CVE-2025-14923)

Summary IBM WebSphere Application Server Liberty with versions ranging 17.0.0.3 - 26.0.0.2 could provide weaker than expected security when using the Security Utility when administering security settings. Following IBM Engineering Lifecycle Management products are vulnerable to this attack, it ha...

9.8CVSS5.7AI score0.00173EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/04/17 9:39 p.m.16 views

CVE-2026-40474

CVE-2026-40474 - wger : In versions 2.5 and below, GymConfigUpdateView declares permission_required = 'config.change_gymconfig' but uses WgerFormMixin (which enforces ownership checks) instead of the permission-enforcing mixin. Since GymConfig is a singleton without get_owner_object(), the permis...

7.6CVSS5.8AI score0.00333EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/04/16 1:35 a.m.4 views

GHSA-XPPV-4JRX-QF8M wger has Broken Access Control in Global Gym Configuration Update Endpoint

Summary wger exposes a global configuration edit endpoint at /config/gym-config/edit implemented by GymConfigUpdateView. The view declares permissionrequired = 'config.changegymconfig' but does not enforce it because it inherits WgerFormMixin ownership-only checks instead of the project’s...

7.6CVSS5.8AI score0.00333EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/04/16 1:35 a.m.7 views

wger has Broken Access Control in Global Gym Configuration Update Endpoint

Summary wger exposes a global configuration edit endpoint at /config/gym-config/edit implemented by GymConfigUpdateView. The view declares permissionrequired = 'config.changegymconfig' but does not enforce it because it inherits WgerFormMixin ownership-only checks instead of the project’s...

7.6CVSS5.8AI score0.00333EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/05 1:23 a.m.9 views

CVE-2025-36033

IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 004 IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary...

5.4CVSS4.9AI score0.00136EPSS
Exploits0References1
NVD
NVD
added 2026/02/03 11:16 p.m.10 views

CVE-2025-36033

IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 004 IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary...

5.4CVSS0.00136EPSS
Exploits0References1
OSV
OSV
added 2026/02/03 11:16 p.m.6 views

CVE-2025-36033

IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 004 IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary...

5.4CVSS5.5AI score0.00136EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 10:12 p.m.3 views

CVE-2025-36033

IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 004 IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary...

5.4CVSS4.9AI score0.00136EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/02/03 10:12 p.m.34 views

CVE-2025-36033 IBM Engineering Lifecycle Management - Global Configuration Management is vulnerable to cross-site scripting

IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 004 IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary...

5.4CVSS0.00136EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/03 10:12 p.m.4 views

CVE-2025-36033 IBM Engineering Lifecycle Management - Global Configuration Management is vulnerable to cross-site scripting

IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 004 IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary...

5.4CVSS5AI score0.00136EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 10:12 p.m.33 views

CVE-2025-36033

CVE-2025-36033 affects IBM Engineering Lifecycle Management - Global Configuration Management (Jazz Foundation) versions 7.0.3 with iFix017 and 7.1.0 with iFix004. The issue is a cross-site scripting vulnerability that allows an authenticated user to inject JavaScript into the Web UI, potentially...

5.4CVSS5AI score0.00136EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.9 views

IBM Engineering Lifecycle Management - Global Configuration Management 跨站脚本漏洞

IBM Engineering Lifecycle Management - Global Configuration Management is a configuration management software provided by IBM Corporation. Versions 7.0.3 to 7.0.3 Interim Fix 017 and 7.1.0 to 7.1.0 Interim Fix 004 of IBM Engineering Lifecycle Management - Global Configuration Management contain...

5.4CVSS5.8AI score0.00136EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/27 6:59 a.m.8 views

Security Bulletin: IBM Engineering Lifecycle Management - Global Configuration Management is vulnerable to cross-site scripting

Summary Cross-site scripting vulnerability has been identified in IBM Engineering Lifecycle Management - Global Configuration Management. Vulnerability Details CVEID:CVE-2025-36033 DESCRIPTION: IBM Global Configuration Management is vulnerable to cross-site scripting. This vulnerability allows an...

5.4CVSS5.5AI score0.00136EPSS
Exploits0Affected Software1
Rows per page
Query Builder