Lucene search
K

28 matches found

NVD
NVD
added 2026/04/14 6:16 p.m.2 views

CVE-2026-24906

October is a Content Management System CMS and web platform. Versions prior to 3.7.14 and 4.1.10 contain a Stored Cross-Site Scripting XSS vulnerability in the Backend Editor Settings. The Markup Classes fields used for paragraph styles, inline styles, table styles, etc. did not sanitize input to...

5.4CVSS0.00252EPSS
Exploits0References1
Snyk
Snyk
added 2026/01/09 6:12 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the stylesheet input in the backend configuration forms. An attacker can execute arbitrary scripts in the context of other users by injecting malicious HTML or JavaScript through the editor settings. This ca...

8.4CVSS5.5AI score0.00183EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/22 8:8 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient validation of the serviceAccount path in the HashiCorp Vault authentication process. An attacker can access and exfiltrate arbitrary files from the node's filesystem by creating or modifying a...

8.2CVSS7.8AI score0.00433EPSS
Exploits0References3
CNVD
CNVD
added 2025/12/19 12:0 a.m.3 views

Apple macOS Tahoe Insufficient Privilege Restriction Vulnerability

Apple macOS Tahoe is a desktop operating system released by Apple on June 10, 2025, using the LiquidGlass design language and integrating several AI and cross-device features. Apple macOS Tahoe suffers from a permission restriction insufficiency vulnerability that stems from a flaw in the system'...

5.5CVSS6.5AI score0.00112EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-1407

Malware in sbrugna...

7.5CVSS7.5AI score0.01195EPSS
Exploits0References6
OSV
OSV
added 2025/05/28 5:43 p.m.4 views

DRUPAL-CONTRIB-2025-071

The "Simple Klaro" module adds the "Klaro! A Simple Consent Manager" to your website and allows you to configure it according to your needs in the Drupal backend. The module doesn't sufficiently mark its administrative permission as restricted, creating the possibility for the permission to be...

8.8CVSS6.1AI score0.00225EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/22 6:39 a.m.13 views

CVE-2024-8071 System Role with edit access to permissions can elevate themselves to system admin

Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0 and 9.8.x = 9.8.2 fail to restrict which roles can promote a user as system admin which allows a System Role with edit access to the permissions section of system console to update their role e.g. member to include the managesystem...

4.7CVSS6.9AI score0.00344EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/05/29 6:40 p.m.34 views

Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects

Impact What kind of vulnerability is it? Who is impacted? A user with permissions to view Dynamic Group records extras.viewdynamicgroup permission can use the Dynamic Group detail UI view /extras/dynamic-groups// and/or the members REST API view /api/extras/dynamic-groups//members/ to list the...

6.5CVSS6.5AI score0.00398EPSS
Exploits0References8Affected Software1
Prion
Prion
added 2023/05/26 10:15 p.m.18 views

Command injection

NextCloud Cookbook is a recipe library app. Prior to commit a46d9855 on the master branch and commit 489bb744 on the main-0.9.x branch, the pull-checks.yml workflow is vulnerable to command injection attacks because of using an untrusted github.headref field. The github.headref value is an...

6.5CVSS8.9AI score0.03344EPSS
Exploits1References5Affected Software1
UbuntuCve
UbuntuCve
added 2023/05/03 12:15 a.m.27 views

CVE-2023-2459

Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS6.8AI score0.00968EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/09/21 12:0 a.m.5 views

PT-2022-25760 · Jenkins · Jenkins Worksoft Execution Manager Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Worksoft Execution Manager Plugin versions 10.0.3.503 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs, capturin...

8.8CVSS8.6AI score0.00436EPSS
Exploits0References6
Prion
Prion
added 2022/07/14 6:15 p.m.21 views

Design/Logic Flaw

The Guest account feature in Mattermost version 6.7.0 and earlier fails to properly restrict the permissions, which allows a guest user to fetch a list of all public channels in the team, in spite of not being part of those channels...

4CVSS4.6AI score0.00501EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/07/14 5:25 p.m.73 views

CVE-2022-2408

Mattermost CVE-2022-2408 affects version 6.7.0 and earlier. The Guest account feature fails to properly restrict permissions, allowing a guest to fetch a list of all public channels in a team even if not a member of those channels. Root cause is a permission-check issue within the Guest feature. ...

4.3CVSS4.5AI score0.00501EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/04/18 12:0 a.m.5 views

PT-2022-18870 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.6 MediaWiki versions 1.36.x prior to 1.36.4 MediaWiki versions 1.37.x prior to 1.37.2 Description: An issue was discovered in MediaWiki where users with the editinterface permission can trigger infinite...

9.8CVSS5.8AI score0.0182EPSS
Exploits6References56
CNVD
CNVD
added 2022/01/06 12:0 a.m.18 views

DayByDay CRM Information Disclosure Vulnerability

DayByDay CRM is an open source CRM Customer Relationship Management software, based on Laravel, that helps users keep track of clients, tasks, meetings and more. DayByDay CRM Information Disclosure Vulnerability, the vulnerability stems from the product's failure to add an effective restriction o...

4.3CVSS4.1AI score0.0068EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/06 12:0 a.m.19 views

DayByDay CRM Information Disclosure Vulnerability (CNVD-2022-68548)

DayByDay CRM is an open source CRM Customer Relationship Management software, based on Laravel, that helps users keep track of clients, tasks, meetings and more. DayByDay CRM Information Disclosure Vulnerability, the vulnerability stems from the product's failure to add an effective restriction o...

4.3CVSS4.1AI score0.0068EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2020/11/23 12:0 a.m.9 views

openGauss: Restricting the Permission for the ${GAUSSHOME}/share Directory

The $GAUSSHOME /share directory stores the shared components of openGauss. To prevent them from being tampered or damaged, the directory must be protected and deny unauthorized user access. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced source...

7.3AI score
Exploits0References1
NVD
NVD
added 2020/06/19 8:15 p.m.20 views

CVE-2017-18916

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction...

5.3CVSS0.00775EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/06/19 7:19 p.m.24 views

CVE-2017-18916

An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction...

5.3AI score0.00775EPSS
Exploits0References1
CVE
CVE
added 2020/06/03 11:20 p.m.96 views

CVE-2020-11094

CVE-2020-11094 affects the October CMS debugbar plugin prior to v3.1.0. The issue is an information disclosure vulnerability where the plugin logs all requests, including session data, which could allow untrusted users to view sensitive information. Affected component is the debugbar feature that...

9.8CVSS7.7AI score0.01047EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder