Lucene search
K

212 matches found

CVE
CVE
added 2025/02/04 7:28 p.m.96 views

CVE-2025-24968

CVE-2025-24968 — reNgine is affected by an unrestricted project deletion vulnerability. According to PT Security and Red Hat entries, attackers with specific roles (e.g., penetration tester , auditor ) can delete all projects, potentially enabling a complete system takeover via redirection to the...

8.8CVSS6.8AI score0.00604EPSS
Exploits1References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/01/24 12:0 a.m.5 views

The vulnerability of the Web Access component of the Oracle Primavera P6 Enterprise Project Portfolio Management application allows a malicious individual to gain unauthorized access to read, modify, add, or delete data.

The vulnerability of the Web Access component of the Oracle Primavera P6 Enterprise Project Portfolio Management application relates to deficiencies in the authorization process. Exploiting this vulnerability could allow an attacker to gain unauthorized access to read, modify, add, or delete data...

5.5CVSS7.7AI score0.00187EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/01/23 5:15 p.m.42 views

CVE-2024-52330

ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates...

9.5CVSS0.00334EPSS
Exploits1References3
CVE
CVE
added 2025/01/21 11:44 a.m.44 views

CVE-2025-0615

CVE-2025-0615 affects Qualifio’s Wheel of Fortune. The vulnerability is an input validation issue in the Wheel of Fortune component that allows an attacker to insert a '+' into an email address to access the application and win prizes multiple times. Concrete details across sources confirm the af...

5.3CVSS5.2AI score0.00373EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/01/13 12:0 a.m.6 views

The vulnerability of the Woocommerce Product Design plugin of the WordPress content management system arises from incorrect restrictions on the path to the restricted catalog. This allows attackers to gain access to read, modify, or delete data.

The vulnerability of the Woocommerce Product Design plugin in the WordPress content management system is related to an incorrect restriction on the path to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to gain access to read, modify, or delete data...

8.6CVSS5.5AI score0.01296EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/12/12 2:15 a.m.2 views

CVE-2024-44243

A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2. An app may be able to modify protected parts of the file system...

5.5CVSS5.8AI score0.00577EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/12/06 8:24 a.m.11 views

CVE-2024-9872 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcitasaveuserdatacallback function in all versions up to, and including, 4.5.1. This makes it possible for authenticated...

5.4CVSS6.5AI score0.0025EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/22 12:0 a.m.5 views

PT-2024-34176 · Qnap · Qnap Qts +1

Name of the Vulnerable Software and Affected Versions: QNAP QTS versions prior to 5.2.1.2930 build 20241025 QNAP QuTS hero versions prior to h5.2.1.2929 build 20241025 Description: A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system...

2.1CVSS7.3AI score0.00574EPSS
Exploits0References3
Hacker One
Hacker One
added 2024/10/24 4:17 p.m.10 views

MTN Group: Admin Dashboard Access Leads to Updating Merchant Info

The application had a hidden registration endpoint that allowed an unauthorized user to sign up for an admin portal. This granted the user access to the admin dashboard, where they could view, edit, and delete information for registered merchants, cashiers, stations, and supervisors...

6.7AI score
Exploits0
OSV
OSV
added 2024/10/15 8:15 p.m.3 views

CVE-2024-21265

Vulnerability in the Oracle Site Hub product of Oracle E-Business Suite component: Site Hierarchy Flows. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Site Hub. Successful...

8.1CVSS5.8AI score0.00435EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/15 12:0 a.m.3 views

Oracle BI Publisher 安全漏洞

Oracle BI Publisher is a reporting solution from Oracle Corporation USA that makes it easier and faster to create, manage and deliver all reports and documents than traditional reporting tools. A security vulnerability exists in Oracle BI Publisher versions 7.0.0.0.0, 7.6.0.0.0 and 12.2.1.4.0. An...

7.6CVSS7.9AI score0.00426EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/09/04 7:12 p.m.2 views

flatpak: Access to files outside sandbox for apps using persistent= (--persist)

A sandbox escape vulnerability was found in Flatpak due to a symlink-following issue when mounting persistent directories. This flaw allows a local user or attacker to craft a symbolic link that can bypass the intended restrictions, enabling access to and modification of files outside the...

10CVSS7.3AI score0.01283EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2024/06/05 12:0 a.m.4 views

PT-2024-32870 · WordPress · Boostify Header Footer Builder

Name of the Vulnerable Software and Affected Versions: Boostify Header Footer Builder for Elementor plugin for WordPress versions up to, and including, 1.3.3 Description: The issue is related to unauthorized modification of data due to a missing capability check on the create bhf post function...

4.3CVSS6.7AI score0.00343EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/03/21 12:0 a.m.5 views

Sangoma cg6kwin2k.sys 安全漏洞

Sangoma cg6kwin2k.sys is a configuration program from Sangoma Canada. A security vulnerability exists in Sangoma cg6kwin2k.sys versions prior to 2.1.7.0, which stems from vulnerability to insufficient IOCTL access control, where by sending a specific IOCTL request, a user without administrator...

6.1CVSS6.2AI score0.00179EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/03/21 12:0 a.m.6 views

PT-2024-21879 · Planet · Planet Igs-4215-16T2S

Name of the Vulnerable Software and Affected Versions: Planet IGS-4215-16T2S version 1.305b210528 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that could allow a remote attacker to trick some authenticated users into performing actions in their session. This includes...

7.1CVSS7.4AI score0.00225EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/12 12:0 a.m.6 views

PT-2024-6681 · Mongodb · Mongodb Rust Driver

Name of the Vulnerable Software and Affected Versions: MongoDB Rust Driver versions prior to 2.8.2 Description: The issue is related to incorrect handling of syntactically incorrect structures, which may result in the construction of unintended server commands. This could lead to unexpected...

6.4CVSS7.1AI score0.00277EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/02/27 12:0 a.m.6 views

WordPress Plugin Categorify Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

4.3CVSS6.6AI score0.0034EPSS
Exploits0References3
OSV
OSV
added 2024/01/31 7:15 p.m.4 views

CVE-2024-21917

A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory. If exploited, a...

9.1CVSS5.8AI score0.00858EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/01/24 12:0 a.m.6 views

The vulnerability of the Outcome-Result sub-component of the Oracle Customer Interaction History component in the Oracle E-Business Suite system allows a malicious actor to gain access to read, modify, add, or delete data.

The vulnerability of the CRM User Management Framework component of the Oracle Customer Interaction History component within the Oracle E-Business Suite system is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain access to read, modify...

6.4CVSS6.8AI score0.00361EPSS
Exploits0References4Affected Software2
RedHat Linux
RedHat Linux
added 2024/01/17 7:19 p.m.5 views

OpenJDK: incorrect handling of ZIP files with duplicate entries (8276123)

Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modificati...

7.5CVSS7.3AI score0.00775EPSS
Exploits0References5
Rows per page
Query Builder