Lucene search
+L

342 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-11665

Malware in sbrugna...

7.8CVSS7.7AI score0.00489EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-14306

Malicious code in bioql PyPI...

9.8CVSS6.3AI score0.00363EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-31042

Malicious code in bioql PyPI...

7.1CVSS6.6AI score0.00502EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-36950

Malicious code in bioql PyPI...

9.1CVSS8.8AI score0.00561EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2023-1056

Malicious code in bioql PyPI...

6.4CVSS4.8AI score0.0034EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-2549

Malicious code in bioql PyPI...

5CVSS6.1AI score0.02388EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/09/25 3:49 p.m.7 views

CVE-2025-7106

danny-avila/librechat is affected by an authorization bypass vulnerability due to improper access control checks. The checkAccess function in api/server/middleware/roles/access.js uses permissions.some to validate permissions, which incorrectly grants access if only one of multiple required...

5.3CVSS5.5AI score0.00256EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/24 9:29 a.m.2 views

CVE-2025-58457 Apache ZooKeeper: Insufficient Permission Check in AdminServer Snapshot/Restore Commands

Improper permission check in ZooKeeper AdminServer lets authorized clients to run snapshot and restore command with insufficient permissions. This issue affects Apache ZooKeeper: from 3.9.0 before 3.9.4. Users are recommended to upgrade to version 3.9.4, which fixes the issue. The issue can be...

6.9AI score0.00294EPSS
Exploits0References1
NVD
NVD
added 2025/09/23 10:15 a.m.6 views

CVE-2025-7106

danny-avila/librechat is affected by an authorization bypass vulnerability due to improper access control checks. The checkAccess function in api/server/middleware/roles/access.js uses permissions.some to validate permissions, which incorrectly grants access if only one of multiple required...

5.3CVSS0.00256EPSS
Exploits0References2
OSV
OSV
added 2025/09/23 9:54 a.m.5 views

CVE-2025-7106 Authorization Bypass due to Incorrect Access Control in danny-avila/librechat

danny-avila/librechat is affected by an authorization bypass vulnerability due to improper access control checks. The checkAccess function in api/server/middleware/roles/access.js uses permissions.some to validate permissions, which incorrectly grants access if only one of multiple required...

5.3CVSS6.1AI score0.00256EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/09/23 12:0 a.m.9 views

PT-2025-39160

Name of the Vulnerable Software and Affected Versions librechat versions prior to the fix Description An authorization bypass exists due to incorrect access control checks. The checkAccess function within api/server/middleware/roles/access.js utilizes permissions.some for permission validation,...

5.3CVSS5.4AI score0.00256EPSS
Exploits0References7
NVD
NVD
added 2025/09/18 3:15 p.m.6 views

CVE-2025-59040

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Backlog item representations do not verify the permissions of the child trackers. Users might see tracker names they should not have access to. This vulnerability is fixed in Tuleap Community Edition...

4.3CVSS0.0031EPSS
Exploits0References4
OSV
OSV
added 2025/09/04 7:15 p.m.5 views

CVE-2025-48546

In checkPermissions of SafeActivityOptions.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00086EPSS
Exploits0References2
OSV
OSV
added 2025/09/04 7:15 p.m.3 views

CVE-2025-48524

In isSystem of WifiPermissionsUtil.java, there is a possible permission bypass due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.9AI score0.00078EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-3758

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions...

5.4CVSS5.5AI score0.00577EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2025/08/19 9:5 p.m.165 views

Exploit for CVE-2025-9216

StoreEngine – Powerful WordPress eCommerce Plugin for Payments...

8.8CVSS7.9AI score0.00819EPSS
Exploits1
OSV
OSV
added 2025/07/02 5:37 p.m.6 views

DRUPAL-CONTRIB-2025-086

This module enables you to use config\pages as a content entity. The module doesn't check permission or entity access before rendering config\pages content...

5.3CVSS6.8AI score0.00265EPSS
Exploits0References1
Huntr
Huntr
added 2025/06/25 9:54 a.m.9 views

Incorrect Access Control check results in authorization bypass

Description When setting the access control for users, an incorrect access check allows for the bypass of authorization, due to the incorrect use of .some Proof of Concept 1. This is for a scenario, where I admin have created a custom agent and want everyone on the platform to use it, without bei...

5.3CVSS6.1AI score0.00256EPSS
Exploits0
NVD
NVD
added 2025/06/19 7:15 a.m.13 views

CVE-2025-4571

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized view and modification of data due to an insufficient capability check on the permissionsCheck functions in all versions up to, and including, 4.3.0. This makes it possible for authenticated...

5.4CVSS0.00259EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/05/23 9:16 a.m.10 views

CVE-2024-5483

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.8 due to incorrect implementation of getitemspermissionscheck function. This makes it possible for unauthenticated attackers to extract basic...

5.3CVSS5.7AI score0.01008EPSS
Exploits0References1
Rows per page
Query Builder