342 matches found
EUVD-2019-11665
Malware in sbrugna...
EUVD-2025-14306
Malicious code in bioql PyPI...
EUVD-2023-31042
Malicious code in bioql PyPI...
EUVD-2023-36950
Malicious code in bioql PyPI...
EUVD-2023-1056
Malicious code in bioql PyPI...
EUVD-2022-2549
Malicious code in bioql PyPI...
CVE-2025-7106
danny-avila/librechat is affected by an authorization bypass vulnerability due to improper access control checks. The checkAccess function in api/server/middleware/roles/access.js uses permissions.some to validate permissions, which incorrectly grants access if only one of multiple required...
CVE-2025-58457 Apache ZooKeeper: Insufficient Permission Check in AdminServer Snapshot/Restore Commands
Improper permission check in ZooKeeper AdminServer lets authorized clients to run snapshot and restore command with insufficient permissions. This issue affects Apache ZooKeeper: from 3.9.0 before 3.9.4. Users are recommended to upgrade to version 3.9.4, which fixes the issue. The issue can be...
CVE-2025-7106
danny-avila/librechat is affected by an authorization bypass vulnerability due to improper access control checks. The checkAccess function in api/server/middleware/roles/access.js uses permissions.some to validate permissions, which incorrectly grants access if only one of multiple required...
CVE-2025-7106 Authorization Bypass due to Incorrect Access Control in danny-avila/librechat
danny-avila/librechat is affected by an authorization bypass vulnerability due to improper access control checks. The checkAccess function in api/server/middleware/roles/access.js uses permissions.some to validate permissions, which incorrectly grants access if only one of multiple required...
PT-2025-39160
Name of the Vulnerable Software and Affected Versions librechat versions prior to the fix Description An authorization bypass exists due to incorrect access control checks. The checkAccess function within api/server/middleware/roles/access.js utilizes permissions.some for permission validation,...
CVE-2025-59040
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Backlog item representations do not verify the permissions of the child trackers. Users might see tracker names they should not have access to. This vulnerability is fixed in Tuleap Community Edition...
CVE-2025-48546
In checkPermissions of SafeActivityOptions.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48524
In isSystem of WifiPermissionsUtil.java, there is a possible permission bypass due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...
Linux Distros Unpatched Vulnerability : CVE-2022-3758
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions...
Exploit for CVE-2025-9216
StoreEngine – Powerful WordPress eCommerce Plugin for Payments...
DRUPAL-CONTRIB-2025-086
This module enables you to use config\pages as a content entity. The module doesn't check permission or entity access before rendering config\pages content...
Incorrect Access Control check results in authorization bypass
Description When setting the access control for users, an incorrect access check allows for the bypass of authorization, due to the incorrect use of .some Proof of Concept 1. This is for a scenario, where I admin have created a custom agent and want everyone on the platform to use it, without bei...
CVE-2025-4571
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized view and modification of data due to an insufficient capability check on the permissionsCheck functions in all versions up to, and including, 4.3.0. This makes it possible for authenticated...
CVE-2024-5483
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.8 due to incorrect implementation of getitemspermissionscheck function. This makes it possible for unauthenticated attackers to extract basic...