9 matches found
Exploit for Incorrect Authorization in Pydio Cells
CVE-2023-32749 | Pydio Cells Unauthorised Role Assignment Exp...
CVE-2026-33638 Ech0 authenticated user-list exposed data via public `/api/allusers` endpoint
Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to version 4.2.0, GET /api/allusers is mounted as a public endpoint and returns user records without authentication. This allows remote unauthenticated user enumeration and exposure of user profile metadata. ...
free5GC 安全漏洞
free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.0 contain security vulnerabilities, which stem from issues with the HandleAuthenticationFailure function in the AMF component. These vulnerabilities may lead to denial-of-service...
CVE-2025-62057
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through 4.2.0...
PT-2024-36795 · Unknown · Onyxia-Api
Name of the Vulnerable Software and Affected Versions: Onyxia-API versions prior to 2.8.2 Onyxia-API versions prior to 3.1.1 Onyxia-API versions prior to 4.2.0 Description: This issue allows authenticated users to remotely execute code within the Onyxia-API, potentially leading to unauthorized...
GHSA-GG42-MWR6-P82C Mattermost Server has intermittent Authorization bypass for resource-owners
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Resource-owner authorization can be intermittently bypassed, allowing account takeover...
jenkins-git-plugin: stored cross-site scripting
Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability...
Subrion CMS Cross-Site Request Forgery Vulnerability
Subrion CMS is a PHP-based content management system CMS developed by the Subrion team. The system can be integrated into a website and supports a variety of extensions plug-ins and more. A cross-site request forgery vulnerability exists in Subrion CMS versions prior to 4.2.0 that stems from a...
CVE-2015-1591
The kamailio build in kamailio before 4.2.0-2 process allows local users to gain privileges...