CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

30 matches found

OSV•added 2026/04/08 12:18 a.m.•1 views

GHSA-RFGH-63MG-8PWM pyload-ng has a WebUI JSON permission mismatch that lets ADD/DELETE users invoke MODIFY-only actions

Summary Several WebUI JSON endpoints enforce weaker permissions than the core API methods they invoke. This allows authenticated low-privileged users to execute MODIFY operations that should be denied by pyLoad's own permission model. Confirmed mismatches: - ADD user can reorder packages/files...

5.4CVSS6AI score0.00039EPSS

Exploits1References3

Github Security Blog•added 2026/03/18 7:49 p.m.•7 views

ApostropheCMS has Arbitrary File Write (Zip Slip / Path Traversal) in Import-Export Gzip Extraction

Reported: 2026-03-08 Status: patched and released in version 3.5.3 of @apostrophecms/import-export --- Product | Field | Value | |---|---| | Repository | apostrophecms/apostrophe monorepo | | Affected Package | @apostrophecms/import-export | | Affected File |...

9.9CVSS5.8AI score0.00099EPSS

Exploits1References2Affected Software1

OSV•added 2026/03/05 12:32 a.m.•0 views

GHSA-6PX9-J4QR-XFJW pyLoad has an Arbitrary File Write via Path Traversal in edit_package()

The editpackage function implements insufficient sanitization for the packfolder parameter. The current protection relies on a single-pass string replacement of "../", which can be bypassed using crafted recursive traversal sequences. Exploitation An authenticated user with MODIFY permission can...

7.1CVSS5.9AI score0.00022EPSS

Exploits1References3

Github Security Blog•added 2026/03/05 12:32 a.m.•5 views

pyLoad has an Arbitrary File Write via Path Traversal in edit_package()

7.1CVSS5.9AI score0.00022EPSS

Exploits1References3Affected Software1

Positive Technologies•added 2026/03/05 12:0 a.m.•1 views

PT-2026-23442

Name of the Vulnerable Software and Affected Versions pyLoad versions 0.5.0b3.dev13 through 0.5.0b3.dev96 Description pyLoad contains a flaw in the edit package function where insufficient sanitization of the pack folder parameter allows for path traversal. The existing protection uses a single...

7.1CVSS5.9AI score0.00022EPSS

Exploits1References8

NVD•added 2025/12/17 10:16 p.m.•3 views

CVE-2025-68399

ChurchCRM is an open-source church management system. In versions prior to 6.5.4, there is a Stored Cross-Site Scripting XSS vulnerability within the GroupEditor.php page of the application. When a user attempts to create a group role, they can execute malicious JavaScript. However, for this to...

5.4CVSS0.00027EPSS

Exploits1References1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-25767

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00076EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-0230

Malicious code in bioql PyPI...

8.8CVSS7.4AI score0.00408EPSS

Exploits0References8

Veracode•added 2025/09/19 8:6 a.m.•1 views

Privilege Defined With Unsafe Actions

org.apache.cassandra, cassandra-all is vulnerable to Privilege Defined With Unsafe Actions. The vulnerability is due to unsafe actions on a system resource, which allow a user with MODIFY permission on all keyspaces to escalate privileges to superuser within an Apache Cassandra cluster...

8.8CVSS6.8AI score0.00076EPSS

Exploits0References3Affected Software1

OSV•added 2025/08/27 8:36 a.m.•3 views

BIT-CASSANDRA-2025-26467 Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only)

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on...

8.8CVSS7.3AI score0.00076EPSS

Exploits0References2

OSV•added 2025/08/25 3:32 p.m.•0 views

GHSA-5C4F-PXMX-XCM4 Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only)

8.8CVSS6.9AI score0.00076EPSS

Exploits0References3

OSV•added 2025/08/25 2:15 p.m.•2 views

AZL-66698 CVE-2025-26467 affecting package cassandra 5.0.0-2

8.8CVSS5.7AI score0.00076EPSS

Exploits0References1

OSV•added 2025/08/25 2:15 p.m.•0 views

AZL-66675 CVE-2025-26467 affecting package cassandra 4.0.10-1

8.8CVSS5.7AI score0.00076EPSS

Exploits0References1

Cvelist•added 2025/08/25 2:6 p.m.•7 views

CVE-2025-26467 Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only)

0.00076EPSS

Exploits0References1

Vulnrichment•added 2025/08/25 2:6 p.m.•1 views

CVE-2025-26467 Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only)

7.3AI score0.00076EPSS

Exploits0References1

CVE•added 2025/08/25 2:6 p.m.•31 views

CVE-2025-26467

CVE-2025-26467 affects Apache Cassandra. A user with MODIFY permission ON ALL KEYSPACES can escalate to superuser via unsafe actions in a targeted cluster. Affected: 3.0.30, 3.11.17, 4.0.16, 4.1.7, 5.0.2. 4.0.16 remains affected because CVE-2025-23015 fix was incorrectly applied; upgrade to 4.0.1...

8.8CVSS7.1AI score0.00076EPSS

Exploits0References1Affected Software1

OSV•added 2025/02/06 7:9 a.m.•7 views

BIT-CASSANDRA-2025-23015 Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions

8.8CVSS8AI score0.00408EPSS

Exploits0References5

Veracode•added 2025/02/06 3:38 a.m.•11 views

Privilege Defined With Unsafe Actions

8.8CVSS6.9AI score0.00408EPSS

Exploits0References8Affected Software1

OSV•added 2025/02/04 12:30 p.m.•0 views

GHSA-WMCC-9VCH-JMX4 Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions