Lucene search
K

4963 matches found

NVD
NVD
added 2024/05/14 3:39 p.m.13 views

CVE-2024-34701

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made...

5.9CVSS5.6AI score0.00647EPSS
Exploits0References6
OSV
OSV
added 2024/05/14 7:17 a.m.22 views

BIT-ELASTICSEARCH-2024-23449 Elasticsearch Uncaught Exception

An uncaught exception in Elasticsearch = 8.4.0 and 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypte...

5.3CVSS4.5AI score0.00681EPSS
Exploits0References2
OSV
OSV
added 2024/05/14 7:16 a.m.26 views

BIT-ELASTICSEARCH-2024-23451 Elasticsearch Incorrect Authorization in the Remote Cluster Security API key based security model

Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to...

6.5CVSS5.6AI score0.00435EPSS
Exploits0References2
Veracode
Veracode
added 2024/05/14 4:32 a.m.34 views

JWT Exposure

@valtimo/components is vulnerable to JWT Exposure. The vulnerability is due to a misconfiguration of the Form.io component, which exposes the user's access token JWT to api.form.io via the x-jwt-token header, allowing attackers to retrieve personal information or execute requests to the Valtimo...

9.8CVSS9.4AI score0.01057EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/13 4:2 p.m.16 views

CVE-2024-34706 @valtimo/components exposes access token to form.io

Valtimo is an open source business process and case management platform. When opening a form in Valtimo, the access token JWT of the user is exposed to api.form.io via the the x-jwt-token header. An attacker can retrieve personal information from this token, or use it to execute requests to the...

9.8CVSS6.8AI score0.01057EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/05/13 3:54 p.m.23 views

CVE-2024-34701 CreateWiki vulnerable to impersonation of wiki requester

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made...

5.9CVSS5.8AI score0.00647EPSS
Exploits0References6
OSV
OSV
added 2024/05/13 3:54 p.m.19 views

CVE-2024-34701 CreateWiki vulnerable to impersonation of wiki requester

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made...

5.9CVSS6.4AI score0.00647EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2024/05/13 3:54 p.m.15 views

CVE-2024-34701 CreateWiki vulnerable to impersonation of wiki requester

CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made...

5.9CVSS6.6AI score0.00647EPSS
Exploits0References6
CVE
CVE
added 2024/05/13 3:54 p.m.68 views

CVE-2024-34701

Summary: CVE-2024-34701 affects Miraheze’s CreateWiki MediaWiki extension. An attacker could be considered the requester for a wiki request if their local user ID on any wiki in the farm matches the requester’s local ID on the target wiki, enabling actions the requester is allowed to perform via ...

5.9CVSS6.5AI score0.00647EPSS
Exploits0References6
CNVD
CNVD
added 2024/05/11 12:0 a.m.13 views

Unspecified Vulnerability in Apache Superset (CNVD-2024-24409)

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A security vulnerability exists in Apache Superset versions prior to 3.1.2, which can be exploited by an authenticated attacker to access metadata from data sources they are not authorized to vie...

4.3CVSS6.4AI score0.00699EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/05/09 12:0 a.m.42 views

Debian dsa-5685 : wordpress - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5685 advisory. - WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the wplang' parameter. This allows unauthenticated attackers...

8.8CVSS6.4AI score0.79527EPSS
Exploits13References13
Positive Technologies
Positive Technologies
added 2024/05/09 12:0 a.m.7 views

PT-2024-4518 · Cyberpower · Cyberpower Powerpanel Enterprise

Name of the Vulnerable Software and Affected Versions: CyberPower PowerPanel Enterprise versions prior to 2.8.3 Description: The issue is related to missing authentication for certain utilities in CyberPower PowerPanel Enterprise, allowing an unauthenticated remote attacker to access the PDNU RES...

9.8CVSS7.9AI score0.06765EPSS
Exploits0References7
Veracode
Veracode
added 2024/05/08 6:5 a.m.17 views

Incorrect Authorization

apachesuperset is vulnerable to Incorrect Authorization. The vulnerability is due to improper validation on user permissions when accessing datasource metadata through REST API's. This allows attackers to access sensitive information without the necessary authorization...

4.3CVSS6.7AI score0.00699EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/05/07 3:30 p.m.39 views

Apache Superset Incorrect Authorization vulnerability

An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request. This issue affects Apache Superset before 3.1.2. Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue...

4.3CVSS4.5AI score0.00699EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/05/07 3:30 p.m.30 views

GHSA-299Q-3P96-5898 Apache Superset Incorrect Authorization vulnerability

An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request. This issue affects Apache Superset before 3.1.2. Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue...

4.3CVSS4.3AI score0.00699EPSS
Exploits0References3
NVD
NVD
added 2024/05/07 2:15 p.m.17 views

CVE-2024-28148

An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 3.1.2. Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue...

4.3CVSS4.5AI score0.00699EPSS
Exploits0References1
OSV
OSV
added 2024/05/07 2:15 p.m.10 views

CVE-2024-28148

An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 3.1.2. Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue...

4.3CVSS4.5AI score
Exploits0References1
CVE
CVE
added 2024/05/07 1:33 p.m.113 views

CVE-2024-28148

Summary: Multiple sources describe an authorization issue in Apache Superset prior to 3.1.2. Affected product/component: Apache Superset, specifically the REST API used to explore datasources. Root cause (as stated): Incorrect datasource authorization on the explore REST API allowing an authentic...

4.3CVSS6.5AI score0.00699EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/05/07 1:33 p.m.30 views

CVE-2024-28148 Apache Superset: Incorrect datasource authorization on explore REST API

An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 3.1.2. Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue...

4.3CVSS4.8AI score0.00699EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/07 1:33 p.m.14 views

CVE-2024-28148 Apache Superset: Incorrect datasource authorization on explore REST API

An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 3.1.2. Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue...

4.3CVSS6.7AI score0.00699EPSS
Exploits0References1
Rows per page
Query Builder