Lucene search
K

28 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-6862

Malicious code in bioql PyPI...

7.6CVSS7.2AI score0.0048EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/23 12:3 a.m.9 views

CVE-2022-24972

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which...

6.5CVSS5.9AI score0.00585EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/07/31 12:0 a.m.8 views

The vulnerability of the Fullscreen component in Google Chrome and Microsoft Edge browsers allows a malicious actor to gain unauthorized access to limited functionality.

The vulnerability of the Fullscreen component in Google Chrome and Microsoft Edge is related to lack of access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to limited functionality...

5.5CVSS7.1AI score0.00494EPSS
Exploits0References9Affected Software5
BDU FSTEC
BDU FSTEC
added 2023/08/23 12:0 a.m.9 views

The vulnerability of the Makves DCAP software lies in its lack of access control mechanisms, allowing attackers to bypass existing security restrictions.

The vulnerability of the Makves DCAP software is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions remotely...

8.6CVSS5.5AI score
Exploits0References1Affected Software1
Prion
Prion
added 2023/03/28 7:15 p.m.15 views

Design/Logic Flaw

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which...

3.3CVSS6.3AI score0.00585EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/28 12:0 a.m.8 views

CVE-2022-24972

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which...

6.5CVSS6.3AI score0.00585EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/03/28 12:0 a.m.34 views

CVE-2022-24972

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which...

6.5CVSS6.4AI score0.00585EPSS
Exploits0References1
Code423n4
Code423n4
added 2023/03/26 12:0 a.m.6 views

Upgraded Q -> 2 from #179 [1679871876484]

Judge has assessed an item in Issue 179 as 2 risk. The relevant finding follows: L-14 Lack of access control in setVault function leave it vulnerable to frontrunning attack --- The text was updated successfully, but these errors were encountered: All reactions...

6.9AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2023/01/18 12:0 a.m.29 views

VMware vRealize Operations CaSA Improper Access Control Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMware vRealize Operations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists with...

4.9CVSS3.3AI score0.00795EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2021/12/13 12:0 a.m.31 views

FreeBSD : Gitlab -- Multiple Vulnerabilities (b299417a-5725-11ec-a587-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b299417a-5725-11ec-a587-001b217b3468 advisory. - Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4...

8.8CVSS6.4AI score0.35649EPSS
Exploits0References21
Code423n4
Code423n4
added 2021/06/03 12:0 a.m.8 views

Possible DoS attack when creating Joins in Wand

Handle shw Vulnerability details Impact It is possible for an attacker to intendedly create a fake Join corresponding to a specific token beforehand to make Wand unable to deploy the actual Join, causing a DoS attack. Proof of Concept The address of Join corresponding to an underlying asset is...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2020/11/04 6:35 p.m.75 views

U.S. Dept Of Defense: Unauthorized access to admin panel of the Questionmark Perception system at https://██████████

Summary: Due to the lack of access control, an anonymous attacker can compromise the administrator account on the Questionmark Perception system. Description: By using the service description which publicly accessible on the internet, and by bypassing the access control, an anonymous attacker can...

0.4AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2020/10/09 12:0 a.m.43 views

CVE-2020-26919

NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

9.8CVSS9AI score0.57195EPSS
In wildExploits0References2
BDU FSTEC
BDU FSTEC
added 2020/05/21 12:0 a.m.6 views

The vulnerability of the Outside In Filters component of the Oracle Software Development Kit (SDK), as well as the Oracle Text component of the Oracle Database Server database management system, allows a malicious individual to gain access to read, delete, and modify data, or to cause a service failure.

The vulnerability of the Outside In Filters component of the Oracle Software Development Kit SDK and the Oracle Text component of the Oracle Database Server system is related to lack of access control mechanisms. Exploiting this vulnerability could allow an attacker to gain read, delete, and modi...

7.5CVSS6.9AI score0.01154EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2020/05/15 12:0 a.m.4 views

The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain control over the application.

The vulnerability of the Core component of the Oracle VM VirtualBox software is related to lack of access control. Exploiting this vulnerability can allow an attacker to gain full control over the application...

7CVSS7.1AI score0.00385EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/05/15 12:0 a.m.6 views

The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain access to modify, add, or delete data.

The vulnerability of the Core component of the Oracle VM VirtualBox software is related to lack of access control. Exploiting this vulnerability can allow an attacker to modify, add, or delete data...

6.5CVSS6.8AI score0.00368EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/05/13 12:0 a.m.5 views

The vulnerability of the Infrastructure component of the Oracle Financial Services Analytical Applications Infrastructure software for banking analytical systems, which allows a perpetrator to gain access to modify, add, or delete data, or to unauthorizedly access protected information.

The vulnerability of the Infrastructure component of the Oracle Financial Services Analytical Applications Infrastructure banking analytics system, a simulation-based modeling solution, is related to lack of access control mechanisms. Exploiting this vulnerability could allow an attacker to gain...

7.5CVSS7.1AI score0.01051EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/02/17 12:0 a.m.6 views

The vulnerability of the Message Display component of the Oracle Email Center software allows a malicious individual to gain access to modify, add, or delete data, or to obtain unauthorized access to protected information.

The vulnerability of the Message Display component in the Oracle Email Center software lies in its lack of access control mechanisms. Exploiting this vulnerability could allow an attacker to gain access to modify, add, or delete data, or to obtain unauthorized access to protected information usin...

8.2CVSS7.4AI score0.01314EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/01/27 12:0 a.m.6 views

Vulnerability of the Server component: The Information Schema of the MySQL Server database management system, which allows attackers to gain unauthorized access to protected information.

Vulnerability of the MySQL Server component: The information schema of the MySQL Server database management system is vulnerable due to lack of access control mechanisms. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information using the HTTP protoc...

3.1CVSS6.3AI score0.01502EPSS
Exploits0References4Affected Software1
Openbugbounty
Openbugbounty
added 2020/01/23 10:31 a.m.9 views

brazil2018.voices.wooster.edu Improper Access Control vulnerability

Open Bug Bounty ID: OBB-1073278 Security Researcher devl00p Helped patch 2974 vulnerabilities Received 10 Coordinated Disclosure badges Received 15 recommendations , a holder of 10 badges for responsible and coordinated disclosure, found a security vulnerability affecting...

0.4AI score
Exploits0
Rows per page
Query Builder