Lucene search
K

30 matches found

EUVD
EUVD
added 2026/05/13 6:30 p.m.8 views

EUVD-2026-29965

An authenticated iControl SOAP user may be able to obtain information of other accounts. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

7.1CVSS5.8AI score0.00248EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 4:16 p.m.13 views

CVE-2026-35062

An authenticated iControl SOAP user may be able to obtain information of other accounts. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

7.1CVSS0.00248EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 2:12 p.m.9 views

CVE-2026-35062 iControl SOAP vulnerability

An authenticated iControl SOAP user may be able to obtain information of other accounts. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

7.1CVSS5.8AI score0.00248EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.24 views

PT-2026-40639

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4 F5 BIG-IP versions prior to 21.0.0.1 Description An authenticated iControl SOAP user can obtain information regarding other accounts through a privilege assignment issue...

7.1CVSS5.8AI score0.00248EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.9 views

saleor 授权问题漏洞

Saleor is an open-source interface software developed by Saleor Commerce. Versions of Saleor from 2.10.0 to 3.23.0a3, as well as versions before 3.22.47, 3.21.54, and 3.20.118, have issues with authorization vulnerabilities. These vulnerabilities stem from logical and authorization flaws in the...

6.5CVSS5.8AI score0.00294EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.9 views

PT-2026-7727

Name of the Vulnerable Software and Affected Versions CIPPlanner CIPAce versions prior to 9.17 Description Issues in the My Account and User Management components allow for access escalation. A user with low privileges can gain access to other accounts by manipulating the client’s user ID to modi...

8.8CVSS5.4AI score0.00232EPSS
Exploits0References5
NVD
NVD
added 2026/01/27 8:16 p.m.8 views

CVE-2026-24858

An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0 through 7.0.15, FortiManager 7.6.0 through 7.6.5, FortiManager...

9.8CVSS0.85844EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/20 8:48 p.m.2 views

CVE-2026-21641

HackerOne community member Jad Ghamloush 0xjad has reported an authorization bypass vulnerability in the tracker-delete.php script of Revive Adserver. Users with permissions to delete trackers are mistakenly allowed to delete trackers owned by other accounts...

7.1CVSS5.5AI score0.00227EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/20 8:48 p.m.3 views

CVE-2026-21641

HackerOne community member Jad Ghamloush 0xjad has reported an authorization bypass vulnerability in the tracker-delete.php script of Revive Adserver. Users with permissions to delete trackers are mistakenly allowed to delete trackers owned by other accounts...

7.1CVSS5.4AI score0.00227EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/01/20 8:48 p.m.16 views

CVE-2026-21641

HackerOne community member Jad Ghamloush 0xjad has reported an authorization bypass vulnerability in the tracker-delete.php script of Revive Adserver. Users with permissions to delete trackers are mistakenly allowed to delete trackers owned by other accounts...

7.1CVSS0.00227EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.7 views

Revive Adserver security vulnerability

Revive Adserver is a set of open-source advertising management systems developed by the Revive Adserver team. This system offers functions such as advertising placement, ad slot management, and data statistics. There is a security vulnerability in Revive Adserver; this vulnerability stems from an...

7.1CVSS7AI score0.00227EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/08 12:0 a.m.3 views

Asseco InfoMedica 安全漏洞

Asseco InfoMedica is a comprehensive medical information management system from Asseco Poland. A security vulnerability exists in Asseco InfoMedica version 4.50.1 and prior to version 5.38.0, which stems from insufficient access control granularity and could lead to the acquisition of coded...

5.1CVSS6.2AI score0.00138EPSS
Exploits0References1
CNVD
CNVD
added 2025/11/24 12:0 a.m.6 views

Revive Adserver Missing Authorization Vulnerability

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...

7.1CVSS6.9AI score0.00281EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/21 7:37 p.m.5 views

CVE-2025-52670

Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts...

7.1CVSS6.9AI score0.00281EPSS
Exploits1References1
NVD
NVD
added 2025/11/20 8:16 p.m.4 views

CVE-2025-52670

Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts...

7.1CVSS0.00281EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/11/20 7:10 p.m.4 views

CVE-2025-52670

Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts...

7.1CVSS6.4AI score0.00281EPSS
Exploits1References1
CVE
CVE
added 2025/11/20 7:10 p.m.14 views

CVE-2025-52670

Revive Adserver is affected by an IDOR-style authorization flaw in the banner deletion workflow. Multiple sources (CNVD, Red Hat, EUVD, NVD/NVD mirrors, OSV, CVE lists, and the HackerOne report) describe a missing ownership check when deleting banners, allowing a user to delete banners owned by a...

7.1CVSS6.4AI score0.00281EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/30 6:21 p.m.6 views

CVE-2023-47799

Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the resulting export files are given to the account holders. They may contain images of other account holders because the...

7.5CVSS6.4AI score0.0038EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/25 12:0 a.m.7 views

PT-2025-34608 · Mahara · Mahara

Name of the Vulnerable Software and Affected Versions: Mahara versions prior to 22.10.4 Mahara versions 23.x prior to 23.04.4 Description: Mahara is susceptible to information disclosure when the experimental HTML bulk export feature is utilized through the administration interface or command-lin...

7.5CVSS6AI score0.0038EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/05/12 12:0 a.m.5 views

Schweitzer Engineering Laboratories多款产品 安全漏洞

Schweitzer Engineering Laboratories SEL-5033 acSELerator RTAC Software and more are products of Schweitzer Engineering Laboratories, Inc. of the U.S.A. Schweitzer Engineering Laboratories SEL-5033 acSELerator RTAC Software is a graphical, easy-to-use tool that helps users quickly and easily...

5.7CVSS6.6AI score0.00259EPSS
Exploits0References2
Rows per page
Query Builder