Lucene search
K

16 matches found

Snyk
Snyk
added 2026/05/06 5:27 p.m.8 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the HTTP Filestore API endpoints. An attacker can access files from other organizations without explicit permissions by issuing a single authenticated HTTP GET request while holding only minimal read privileg...

6.8CVSS5.8AI score0.00236EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/30 1:18 p.m.4 views

CVE-2026-7163

A vulnerability in the assisted-service REST API, an optional Assisted Installer assisted-service component in the Multicluster Engine MCE, allows an authenticated user with minimal namespace-scoped privileges to obtain administrative credentials for arbitrary clusters provisioned through the hub...

6.1CVSS5.7AI score0.00165EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/12/26 7:5 p.m.5 views

CVE-2025-68938

A flaw was found in Gitea. An incorrect authorization allows an authenticated user with minimal privileges to delete project releases, causing a loss of availability of project assets and distribution history. Mitigation Mitigation for this issue is either not available or the currently available...

5.4CVSS5.9AI score0.00349EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/12/16 6:7 p.m.30 views

CVE-2025-46296

An authorization bypass vulnerability in FileMaker Server Admin Console allowed administrator roles with minimal privileges to access administrative features such as viewing license details and downloading application logs. This vulnerability has been fully addressed in FileMaker Server 22.0.4...

0.00142EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/04/14 3:11 p.m.337 views

Exploit for CVE-2025-32579

⚠️ CVE-2025-32579 - Critical RCE via Sync Posts Plugin WordPr...

9.9CVSS9.9AI score0.00634EPSS
Exploits1
OSV
OSV
added 2023/02/14 4:15 a.m.3 views

CVE-2023-0019

In SAP GRC Process Control - versions GRCFNDA V1200, GRCFNDA V8100, GRCPINW V1100700, GRCPINW V1100731, GRCPINW V1200750, remote-enabled function module in the proprietary SAP solution enables an authenticated attacker with minimal privileges to access all the confidential data stored in the...

6.5CVSS6.7AI score0.00534EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/02/14 12:0 a.m.4 views

PT-2023-15951 · Sap · Sap Grc

Name of the Vulnerable Software and Affected Versions: SAP GRC Process Control versions GRCFND A V8100 through GRCFND A V1200 SAP GRC Process Control versions GRCPINW V1100 700 through GRCPINW V1200 750 Description: The issue allows an authenticated attacker with minimal privileges to access all...

6.5CVSS6.3AI score0.00534EPSS
Exploits0References4
OSV
OSV
added 2021/12/14 6:15 p.m.5 views

CVE-2021-44043

An issue was discovered in UiPath App Studio 21.4.4. There is a persistent XSS vulnerability in the file-upload functionality for uploading icons when attempting to create new Apps. An attacker with minimal privileges in the application can build their own App and upload a malicious file containi...

5.4CVSS5.8AI score0.00455EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/05/06 12:0 a.m.5 views

Hongdian H8922 路径遍历漏洞

The Hongdian H8922 is a router from the Chinese company Hongdian. A path traversal vulnerability exists in the Hongdian H8922 3.0.5 devices. The vulnerability allows remote attackers to download any file from the device with minimal privileges...

6.5CVSS7.2AI score0.13751EPSS
Exploits1References2
OSV
OSV
added 2020/03/06 7:15 p.m.3 views

CVE-2020-9458

In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote authenticated users with minimal privileges to export submitted form data and settings via classrmformcontroller.php rmformexport...

8.8CVSS5.8AI score0.02511EPSS
Exploits1References3
Prion
Prion
added 2020/03/06 7:15 p.m.13 views

Privilege escalation

The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users with minimal privileges to import custom vulnerable forms and change form settings via classrmformsettingscontroller.php, resulting in privilege escalation...

6.5CVSS8.3AI score0.02533EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/03/06 6:49 p.m.19 views

CVE-2020-9455

The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users with minimal privileges to send arbitrary emails on behalf of the site via classrmuserservices.php sendemailuserview...

4.6AI score0.01439EPSS
Exploits1References3
Symantec
Symantec
added 2019/12/26 12:0 a.m.23 views

WordPress bbPress Members Only Plugin Cross Site Request Forgery Vulnerability

Description The 'bbPress Members Only' Plugin for WordPress is prone to a cross-site request-forgery vulnerability. An attacker can exploit this issue to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. The 'bbPress Members Only'...

6.8AI score
Exploits0References3Affected Software1
Symantec
Symantec
added 2019/12/18 12:0 a.m.28 views

PHP PEAR 'Archive_Tar' Multiple Security Vulnerabilities

Description PEAR ArchiveTar is prone to multiple security vulnerabilities. An attacker can exploit these issues to execute arbitrary code in the context of the application, obtain sensitive information, bypass certain security restrictions and perform unauthorized actions. PEAR ArchiveTar version...

0.1AI score
Exploits0References2Affected Software2
Symantec
Symantec
added 2019/12/02 12:0 a.m.15 views

Google Android System Component Multiple Security Vulnerabilities

Description Google Android is prone to multiple security vulnerabilities. An attacker can leverage these issues to gain sensitive information, elevate privileges or execute arbitrary code in the context of a privileged process. Failed attacks may cause a denial-of-service condition. These issues...

0.9AI score
Exploits0References1Affected Software1
Symantec
Symantec
added 2003/05/13 12:0 a.m.20 views

IBM AIX Multiple Unspecified Security Vulnerabilities

Description It has been reported that multiple security issues exist in the print sub-system of IBM AIX. These issues could lead to an attacker gaining unauthorized access to the host, and potentially elevated privileges. Technologies Affected IBM AIX 4.3.0 IBM AIX 4.3.1 IBM AIX 4.3.2 IBM AIX 4.3...

1AI score
Exploits0Affected Software1
Rows per page
Query Builder