Lucene search
K

305 matches found

ATTACKERKB
ATTACKERKB
added 2026/01/19 8:47 p.m.5 views

CVE-2026-23875

CrawlChat is an open-source, AI-powered platform that transforms technical documentation into intelligent chatbots. Prior to version 0.0.8, a non-existing permission check for the CrawlChat's Discord bot allows non-manage guild users to put malicious content onto the collection knowledge base...

7.1CVSS5.4AI score0.00196EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/13 1:13 a.m.5 views

CVE-2026-0497 Missing Authorization check in Business Server Pages Application (Product Designer Web UI)

SAP Product Designer Web UI of Business Server Pages allows authenticated non-administrative users to access non-sensitive information. This results in a low impact on confidentiality, with no impact on integrity or availability of the application...

4.3CVSS6.1AI score0.00195EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/18 1:52 a.m.14 views

CVE-2025-67794

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent...

8.4CVSS6.6AI score0.00097EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/18 12:34 a.m.4 views

EUVD-2025-204000

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent...

8.4CVSS6.1AI score0.00097EPSS
Exploits0References2
NVD
NVD
added 2025/12/17 10:16 p.m.4 views

CVE-2025-67794

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent...

8.4CVSS0.00097EPSS
Exploits0References1
OSV
OSV
added 2025/12/17 10:16 p.m.4 views

CVE-2025-67794

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent...

6.1CVSS5.8AI score0.00097EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/04 5:16 p.m.7 views

CVE-2025-20386

In Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Splunk Enterprise for Windows Installation directory. This lets non-administrator users on the machine...

8CVSS6.8AI score0.00488EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/27 6:30 p.m.5 views

EUVD-2025-199830

Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9...

6.4AI score0.00326EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/27 3:30 p.m.5 views

CVE-2025-13765

Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9...

6.5AI score0.00326EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/21 7:37 p.m.6 views

CVE-2025-52671

Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use...

4.3CVSS5AI score0.00307EPSS
Exploits1References1
OSV
OSV
added 2025/11/21 7:15 a.m.7 views

CVE-2025-62189

LogStare Collector contains an incorrect authorization vulnerability in UserRegistration. If exploited, a non-administrative user may create a new user account by sending a crafted HTTP request...

5.3CVSS5.5AI score0.00203EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/21 6:17 a.m.11 views

CVE-2025-62189

LogStare Collector contains an incorrect authorization vulnerability in UserRegistration. If exploited, a non-administrative user may create a new user account by sending a crafted HTTP request...

5.3CVSS0.00203EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/21 6:17 a.m.7 views

EUVD-2025-198423

The installation directory of LogStare Collector is configured with incorrect access permissions. A non-administrative user may manipulate files within the installation directory and execute arbitrary code with the administrative privilege...

6.8CVSS6.2AI score0.00106EPSS
Exploits0References5
CVE
CVE
added 2025/11/21 6:17 a.m.11 views

CVE-2025-58097

CVE-2025-58097 concerns LogStare Collector where the installation directory has incorrect access permissions. The issue allows a non-administrative user to manipulate files in the installation path and execution of arbitrary code with administrative privileges (local attack). The CVSS metrics ind...

7.8CVSS7.4AI score0.00106EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/21 6:17 a.m.5 views

CVE-2025-58097

The installation directory of LogStare Collector is configured with incorrect access permissions. A non-administrative user may manipulate files within the installation directory and execute arbitrary code with the administrative privilege...

6.8CVSS6.2AI score0.00106EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/20 7:10 p.m.8 views

CVE-2025-52671

Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use...

4.3CVSS0.00307EPSS
Exploits1References1
OSV
OSV
added 2025/11/20 7:10 p.m.5 views

CVE-2025-52671

Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use...

4.3CVSS6.8AI score0.00307EPSS
Exploits1References3
OSV
OSV
added 2025/11/20 7:10 p.m.4 views

CVE-2025-52669

Insecure design policies in the user management system of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to have access to the contact name and email address of other users on the system...

4.3CVSS6.7AI score0.00252EPSS
Exploits1References3
CVE
CVE
added 2025/11/20 7:10 p.m.9 views

CVE-2025-52671

CVE-2025-52671 describes an information-disclosure vulnerability in Revive Adserver where SQL error messages reveal debugging details, enabling non-admin users to learn software, PHP, and database versions. Connected sources (CNVD, RH, EUVD, NVD, OSV, CVE/CVEList, and a HackerOne report) consiste...

4.3CVSS6.4AI score0.00307EPSS
Exploits1References1Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/18 5:42 p.m.10 views

XWiki AdminTools application doesn't set permissions on the AdminTools space

Impact Users without admin rights have access to AdminTools.SpammedPages. Details View rights are not restricted only to admin users for AdminTools.SpammedPages. While no data is visible to non admin users, the page is still accessible. Workarounds Set the view rights for the AdminTools space to ...

5.3CVSS6.9AI score0.00207EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder