Lucene search
K

9 matches found

GithubExploit
GithubExploit
added 2026/04/06 3:17 p.m.122 views

Exploit for Incorrect Authorization in Pydio Cells

CVE-2023-32749 | Pydio Cells Unauthorised Role Assignment Exp...

8.8CVSS7.2AI score0.14197EPSS
Exploits6
Vulnrichment
Vulnrichment
added 2026/03/26 8:52 p.m.3 views

CVE-2026-33638 Ech0 authenticated user-list exposed data via public `/api/allusers` endpoint

Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to version 4.2.0, GET /api/allusers is mounted as a public endpoint and returns user records without authentication. This allows remote unauthenticated user enumeration and exposure of user profile metadata. ...

5.3CVSS5.9AI score0.00484EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.9 views

free5GC 安全漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.0 contain security vulnerabilities, which stem from issues with the HandleAuthenticationFailure function in the AMF component. These vulnerabilities may lead to denial-of-service...

7.5CVSS5.8AI score0.00392EPSS
Exploits1References1
NVD
NVD
added 2025/11/06 4:16 p.m.13 views

CVE-2025-62057

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality.This issue affects Houzez Theme - Functionality: from n/a through 4.2.0...

7.1CVSS0.00222EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/20 12:0 a.m.8 views

PT-2024-36795 · Unknown · Onyxia-Api

Name of the Vulnerable Software and Affected Versions: Onyxia-API versions prior to 2.8.2 Onyxia-API versions prior to 3.1.1 Onyxia-API versions prior to 4.2.0 Description: This issue allows authenticated users to remotely execute code within the Onyxia-API, potentially leading to unauthorized...

9.4CVSS7.4AI score0.00623EPSS
Exploits0References7
OSV
OSV
added 2022/05/24 5:21 p.m.3 views

GHSA-GG42-MWR6-P82C Mattermost Server has intermittent Authorization bypass for resource-owners

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Resource-owner authorization can be intermittently bypassed, allowing account takeover...

8.1CVSS6.9AI score0.00821EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2020/06/17 10:38 p.m.4 views

jenkins-git-plugin: stored cross-site scripting

Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability...

5.4CVSS5.6AI score0.00853EPSS
Exploits0References5
CNVD
CNVD
added 2017/10/17 12:0 a.m.4 views

Subrion CMS Cross-Site Request Forgery Vulnerability

Subrion CMS is a PHP-based content management system CMS developed by the Subrion team. The system can be integrated into a website and supports a variety of extensions plug-ins and more. A cross-site request forgery vulnerability exists in Subrion CMS versions prior to 4.2.0 that stems from a...

8.8CVSS8.8AI score0.00515EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2017/06/27 8:29 p.m.27 views

CVE-2015-1591

The kamailio build in kamailio before 4.2.0-2 process allows local users to gain privileges...

7.8CVSS7.1AI score0.00389EPSS
Exploits0References3
Rows per page
Query Builder