Lucene search
+L

352 matches found

CNNVD
CNNVD
added 2025/07/24 12:0 a.m.5 views

IBM i 安全漏洞

IBM i is a suite of operating systems from International Business Machines IBM running in IBM Power Systems and IBM PureSystems. A security vulnerability exists in IBM i versions 7.2, 7.3, 7.4, 7.5, and 7.6 that stems from an invalid database privilege check, which could lead to elevation of...

8.8CVSS6.6AI score0.00362EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/07/15 12:0 a.m.4 views

ZITADEL 安全漏洞

ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the container and serverless era from the Swiss ZITADEL open source. A security vulnerability exists in ZITADEL versions 4.0.0-rc.2, 3.3.2, 2.71.13, and prior to 2.70.14, which stems from a la...

8.8CVSS6.6AI score0.0034EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 3:6 a.m.5 views

CVE-2023-20909

In multiple functions of RunningTasks.java, there is a possible privilege escalation due to a missing privilege check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-...

5.5CVSS5.7AI score0.00178EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/23 12:0 a.m.15 views

PT-2025-49: Insufficient authorization in FreeScout

The vulnerability was identified in FreeScout, versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to access information or functionality that exceeds the privileges granted to the user because the application checks access rights incorrectly. Vulnerability status:...

8.1CVSS5.8AI score0.00345EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:8 p.m.8 views

CVE-2021-38137

Corero SecureWatch Managed Services 9.7.2.0020 does not correctly check swa-monitor and cns-monitor user’s privileges, allowing a user to perform actions not belonging to his role...

8.1CVSS6.9AI score0.00704EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/12 12:0 a.m.5 views

Apple多款产品 安全漏洞

Apple iOS is an operating system developed for mobile devices. apple macOS is a specialized operating system developed for Mac computers. apple iPadOS is an operating system for the iPad tablet computer. A security vulnerability exists in several Apple products that stems from insufficient...

9.1CVSS6.2AI score0.00886EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/04/30 12:0 a.m.6 views

XWiki Platform 安全漏洞

XWiki Platform is the XWiki open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform versions prior to 15.10.13, prior to 16.4.4, and prior to 16.8.0-rc-1, which stems from an improper privilege check in the Solr script...

3.8CVSS6.5AI score0.00334EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2025/04/04 3:19 a.m.8 views

SUSE CVE-2017-9792

In Apache Impala incubating before 2.10.0, a malicious user with "ALTER" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it "external" and then changing the underlying table mapping to point to other Kudu tables. This violates and works...

6.5CVSS7.2AI score0.01576EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/03/22 11:15 a.m.8 views

CVE-2024-8765

In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' anywhere within it. This allows unauthenticated attackers to access sensitive endpoints by including '/auth/' in the pat...

7.3CVSS6.9AI score0.0078EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:15 a.m.8 views

CVE-2024-8765

In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' anywhere within it. This allows unauthenticated attackers to access sensitive endpoints by including '/auth/' in the pat...

7.3CVSS7.1AI score0.0078EPSS
Exploits1References2
NVD
NVD
added 2025/03/20 10:15 a.m.7 views

CVE-2024-8765

In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' anywhere within it. This allows unauthenticated attackers to access sensitive endpoints by including '/auth/' in the pat...

7.3CVSS0.0078EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.6 views

CVE-2024-8765 Improper Path Equivalence Resolution in lunary-ai/lunary

In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' anywhere within it. This allows unauthenticated attackers to access sensitive endpoints by including '/auth/' in the pat...

7.3CVSS7.2AI score0.0078EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.13 views

CVE-2024-8765 Improper Path Equivalence Resolution in lunary-ai/lunary

In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' anywhere within it. This allows unauthenticated attackers to access sensitive endpoints by including '/auth/' in the pat...

7.3CVSS0.0078EPSS
Exploits1References2
CVE
CVE
added 2025/03/20 10:10 a.m.49 views

CVE-2024-8765

CVE-2024-8765 affects lunary-ai/lunary (git afc5df4). The privilege check logic erroneously marks endpoints as public if the path contains "/auth/" anywhere, allowing unauthenticated attackers to access sensitive endpoints and potentially obtain/modify data or leverage resources across organizati...

7.3CVSS7.2AI score0.0078EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.6 views

PT-2025-12244 · Unknown · Lunary-Ai/Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version git afc5df4 Description: The privilege check mechanism in lunary-ai/lunary is flawed, allowing unauthenticated attackers to access sensitive endpoints by including "/auth/" in the path. This is because the system...

7.3CVSS7.2AI score0.0078EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/03/05 12:0 a.m.5 views

WordPress plugin DesignThemes Core Features 路径遍历漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A path traversal vulnerability exists in WordPress plugin...

7.5CVSS8.7AI score0.00498EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/03/05 12:0 a.m.8 views

WordPress plugin Sparkling 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

5.3CVSS8.9AI score0.00355EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/03/04 12:0 a.m.21 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege checking vulnerability exists in the Huawei HarmonyOS media library module, which can be exploited by an attacker to compromise confidentiality...

5.5CVSS6.8AI score0.00097EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/02/26 12:0 a.m.4 views

UNISOC Chipsets 安全漏洞

UNISOC Chipsets is a chipset from China's Purple Spreadtrum UNISOC. A security vulnerability exists in UNISOC Chipsets, which stems from a missing privilege check and can be exploited by an attacker to elevate privileges...

8.4CVSS6.6AI score0.00113EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2024/10/21 2:42 p.m.26 views

CVE-2024-47742

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hex numbers or such. However, there are a couple...

7.8CVSS6.9AI score0.00286EPSS
Exploits0References4
Rows per page
Query Builder