352 matches found
IBM i 安全漏洞
IBM i is a suite of operating systems from International Business Machines IBM running in IBM Power Systems and IBM PureSystems. A security vulnerability exists in IBM i versions 7.2, 7.3, 7.4, 7.5, and 7.6 that stems from an invalid database privilege check, which could lead to elevation of...
ZITADEL 安全漏洞
ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the container and serverless era from the Swiss ZITADEL open source. A security vulnerability exists in ZITADEL versions 4.0.0-rc.2, 3.3.2, 2.71.13, and prior to 2.70.14, which stems from a la...
CVE-2023-20909
In multiple functions of RunningTasks.java, there is a possible privilege escalation due to a missing privilege check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-...
PT-2025-49: Insufficient authorization in FreeScout
The vulnerability was identified in FreeScout, versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to access information or functionality that exceeds the privileges granted to the user because the application checks access rights incorrectly. Vulnerability status:...
CVE-2021-38137
Corero SecureWatch Managed Services 9.7.2.0020 does not correctly check swa-monitor and cns-monitor user’s privileges, allowing a user to perform actions not belonging to his role...
Apple多款产品 安全漏洞
Apple iOS is an operating system developed for mobile devices. apple macOS is a specialized operating system developed for Mac computers. apple iPadOS is an operating system for the iPad tablet computer. A security vulnerability exists in several Apple products that stems from insufficient...
XWiki Platform 安全漏洞
XWiki Platform is the XWiki open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform versions prior to 15.10.13, prior to 16.4.4, and prior to 16.8.0-rc-1, which stems from an improper privilege check in the Solr script...
SUSE CVE-2017-9792
In Apache Impala incubating before 2.10.0, a malicious user with "ALTER" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it "external" and then changing the underlying table mapping to point to other Kudu tables. This violates and works...
CVE-2024-8765
In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' anywhere within it. This allows unauthenticated attackers to access sensitive endpoints by including '/auth/' in the pat...
CVE-2024-8765
In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' anywhere within it. This allows unauthenticated attackers to access sensitive endpoints by including '/auth/' in the pat...
CVE-2024-8765
In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' anywhere within it. This allows unauthenticated attackers to access sensitive endpoints by including '/auth/' in the pat...
CVE-2024-8765 Improper Path Equivalence Resolution in lunary-ai/lunary
In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' anywhere within it. This allows unauthenticated attackers to access sensitive endpoints by including '/auth/' in the pat...
CVE-2024-8765 Improper Path Equivalence Resolution in lunary-ai/lunary
In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public if the path contains '/auth/' anywhere within it. This allows unauthenticated attackers to access sensitive endpoints by including '/auth/' in the pat...
CVE-2024-8765
CVE-2024-8765 affects lunary-ai/lunary (git afc5df4). The privilege check logic erroneously marks endpoints as public if the path contains "/auth/" anywhere, allowing unauthenticated attackers to access sensitive endpoints and potentially obtain/modify data or leverage resources across organizati...
PT-2025-12244 · Unknown · Lunary-Ai/Lunary
Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version git afc5df4 Description: The privilege check mechanism in lunary-ai/lunary is flawed, allowing unauthenticated attackers to access sensitive endpoints by including "/auth/" in the path. This is because the system...
WordPress plugin DesignThemes Core Features 路径遍历漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A path traversal vulnerability exists in WordPress plugin...
WordPress plugin Sparkling 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege checking vulnerability exists in the Huawei HarmonyOS media library module, which can be exploited by an attacker to compromise confidentiality...
UNISOC Chipsets 安全漏洞
UNISOC Chipsets is a chipset from China's Purple Spreadtrum UNISOC. A security vulnerability exists in UNISOC Chipsets, which stems from a missing privilege check and can be exploited by an attacker to elevate privileges...
CVE-2024-47742
In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hex numbers or such. However, there are a couple...