Lucene search
K

38 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-6862

Malicious code in bioql PyPI...

7.6CVSS7.2AI score0.0048EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/23 12:3 a.m.9 views

CVE-2022-24972

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which...

6.5CVSS5.9AI score0.00585EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/07/31 12:0 a.m.6 views

The vulnerability of the Fullscreen component in Google Chrome and Microsoft Edge browsers allows a malicious actor to gain unauthorized access to limited functionality.

The vulnerability of the Fullscreen component in Google Chrome and Microsoft Edge is related to lack of access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to limited functionality...

5.5CVSS7.1AI score0.00494EPSS
Exploits0References9Affected Software5
Veracode
Veracode
added 2024/04/08 6:29 a.m.13 views

File Integrity Manipulation

psitransfer is vulnerable to File integrity Manipulation. The vulnerability is due to the lack of proper access controls or restrictions on the endpoint designed for uploading files, allowing an attacker with the file distribution ID to alter the files within that distribution...

7.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/08/23 12:0 a.m.8 views

The vulnerability of the Makves DCAP software lies in its lack of access control mechanisms, allowing attackers to bypass existing security restrictions.

The vulnerability of the Makves DCAP software is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions remotely...

8.6CVSS5.5AI score
Exploits0References1Affected Software1
Prion
Prion
added 2023/03/28 7:15 p.m.14 views

Design/Logic Flaw

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which...

3.3CVSS6.3AI score0.00585EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/28 12:0 a.m.7 views

CVE-2022-24972

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which...

6.5CVSS6.3AI score0.00585EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/03/28 12:0 a.m.34 views

CVE-2022-24972

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which...

6.5CVSS6.4AI score0.00585EPSS
Exploits0References1
Code423n4
Code423n4
added 2023/03/26 12:0 a.m.6 views

Upgraded Q -> 2 from #179 [1679871876484]

Judge has assessed an item in Issue 179 as 2 risk. The relevant finding follows: L-14 Lack of access control in setVault function leave it vulnerable to frontrunning attack --- The text was updated successfully, but these errors were encountered: All reactions...

6.9AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/03/06 12:0 a.m.6 views

The vulnerability of ShareFile’s software for working with content-related features, due to lack of access control mechanisms, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of software for working with ShareFile content is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to compromise the confidentiality, integrity, and accessibility of the protected information...

10CVSS8AI score0.53585EPSS
Exploits1References3Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2023/01/18 12:0 a.m.29 views

VMware vRealize Operations CaSA Improper Access Control Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMware vRealize Operations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists with...

4.9CVSS3.3AI score0.00795EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2021/12/13 12:0 a.m.31 views

FreeBSD : Gitlab -- Multiple Vulnerabilities (b299417a-5725-11ec-a587-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b299417a-5725-11ec-a587-001b217b3468 advisory. - Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4...

8.8CVSS6.4AI score0.30496EPSS
Exploits0References21
Positive Technologies
Positive Technologies
added 2021/08/02 12:0 a.m.3 views

PT-2021-16026 · WordPress · Wplms

Name of the Vulnerable Software and Affected Versions: The WP LMS – Best WordPress LMS Plugin versions 1.1.2 and earlier Description: The issue arises from the plugin's failure to properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Additionally, the lack ...

6.1CVSS6AI score0.00762EPSS
Exploits2References5
Code423n4
Code423n4
added 2021/06/03 12:0 a.m.8 views

Possible DoS attack when creating Joins in Wand

Handle shw Vulnerability details Impact It is possible for an attacker to intendedly create a fake Join corresponding to a specific token beforehand to make Wand unable to deploy the actual Join, causing a DoS attack. Proof of Concept The address of Join corresponding to an underlying asset is...

6.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/02/02 12:0 a.m.4 views

The vulnerability of the Console component of the Oracle WebLogic Server application server allows a attacker to gain full control over the application.

The vulnerability of the Console component of the Oracle WebLogic Server application lies in its lack of access control mechanisms. Exploiting this vulnerability allows an attacker, operating remotely, to gain full control over the application using the HTTP protocol...

9CVSS7.2AI score0.70241EPSS
Exploits7References3Affected Software1
Hacker One
Hacker One
added 2020/11/04 6:35 p.m.75 views

U.S. Dept Of Defense: Unauthorized access to admin panel of the Questionmark Perception system at https://██████████

Summary: Due to the lack of access control, an anonymous attacker can compromise the administrator account on the Questionmark Perception system. Description: By using the service description which publicly accessible on the internet, and by bypassing the access control, an anonymous attacker can...

0.4AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2020/10/09 12:0 a.m.41 views

CVE-2020-26919

NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS9AI score0.57195EPSS
In wildExploits0References2
BDU FSTEC
BDU FSTEC
added 2020/05/21 12:0 a.m.3 views

The vulnerability of the Outside In Filters component of the Oracle Software Development Kit (SDK), as well as the Oracle Text component of the Oracle Database Server database management system, allows a malicious individual to gain access to read, delete, and modify data, or to cause a service failure.

The vulnerability of the Outside In Filters component of the Oracle Software Development Kit SDK and the Oracle Text component of the Oracle Database Server system is related to lack of access control mechanisms. Exploiting this vulnerability could allow an attacker to gain read, delete, and modi...

7.5CVSS6.9AI score0.01154EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2020/05/15 12:0 a.m.3 views

The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain control over the application.

The vulnerability of the Core component of the Oracle VM VirtualBox software is related to lack of access control. Exploiting this vulnerability can allow an attacker to gain full control over the application...

7CVSS7.1AI score0.00385EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/05/15 12:0 a.m.4 views

The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain access to modify, add, or delete data.

The vulnerability of the Core component of the Oracle VM VirtualBox software is related to lack of access control. Exploiting this vulnerability can allow an attacker to modify, add, or delete data...

6.5CVSS6.8AI score0.00368EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder