17 matches found
Zammad 访问控制错误漏洞
Zammad is a ticketing management software developed by the German company Zammad. Versions of Zammad prior to 7.0.1 contained an access control vulnerability. This vulnerability stemmed from improper access control practices, which could allow customers within a shared organization to see fields...
EUVD-2022-45961
Malicious code in bioql PyPI...
Missing Authorization
Liferay Portal is vulnerable to Missing Authorization. The vulnerability is due to improper access control due to authenticated users being able to modify the content of calendar portlet emails, allowing attackers to send phishing emails to other users in the same organization...
CVE-2025-43739
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allow any authenticated user to modify the content of emails sent...
SUSE CVE-2025-3580
An access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server administrator account. This vulnerability exists in the DELETE /api/org/users/ endpoint. The vulnerability can be exploited when: 1. An Organization administrator...
Grafana OSS 安全漏洞
Grafana OSS is a visual dashboard in Grafana open source. A security vulnerability exists in Grafana OSS that stems from an access control issue in the DELETE /api/org/users/ endpoint that could cause an organization administrator to permanently delete the server administrator account...
PT-2025-7053 · Zulip · Zulip
Name of the Vulnerable Software and Affected Versions: Zulip affected versions not specified Description: A weekly cron job in Zulip demotes channels to being "inactive" after they have not received traffic for 180 days. However, upon doing so, an event was sent to all users in the organization,...
PT-2024-35320 · Lunary Ai · Lunary
Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 1.2.5 Description: An improper access control issue exists due to a missing permission check in the "GET /v1/users/me/org" endpoint. The platform's role definitions restrict the Prompt Editor role to prompt management...
PT-2024-34599 · Lunary Ai · Lunary
Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 1.2.4 Description: An account takeover issue exists due to the exposure of password recovery tokens in API responses. When a user initiates the password reset process, the recovery token is included in the response of...
ManageEngine SupportCenter Plus < 11.0 Build 11025
The version of ManageEngine SupportCenter Plus installed on the remote host is prior to 11.0 Build 11025. It is, therefore, affected by a vulnerability as referenced in the support-centercve-2022-42903 advisory. - Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to...
SUSE CVE-2014-3654
Multiple cross-site scripting XSS vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network RHN Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to 1 kickstart/cobbler/CustomSnippetList.do, 2...
CVE-2022-42903
Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list...
Code injection
Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list...
CVE-2022-42903
Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list...
CVE-2022-42903
Summary: CVE-2022-42903 affects Zoho ManageEngine SupportCenter Plus up to version 11.0 Build 11024. The issue allows low-privileged users to view the organization users list, indicating an access-control exposure. Affected product/versions (per provided documents): Zoho ManageEngine SupportCente...
CVE-2022-42903
Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list...
PT-2022-26654 · Zoho · Zoho Manageengine Supportcenter Plus
Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine SupportCenter Plus versions through 11024 Description: The issue allows low-privileged users to view the organization users list. Recommendations: For versions through 11024, update to a version that contains a fix for this...