Lucene search
K

21 matches found

Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.16 views

PT-2026-44941

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orders. The order detail actions cancel, mark paid, mark...

8.1CVSS5.8AI score0.00258EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/14 3:38 p.m.7 views

CVE-2024-23104

An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, FortiVoice 7.0.0 through 7.0.1 may allow a remote authenticated attacker with at...

5.4CVSS5.8AI score0.00255EPSS
Exploits0References1
OSV
OSV
added 2026/02/17 6:9 p.m.6 views

GO-2026-4450 Gogs user can update repository content with read-only permission in gogs.io/gogs

Gogs user can update repository content with read-only permission in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners,...

6.5CVSS5.6AI score0.00282EPSS
Exploits0References4
CVE
CVE
added 2026/02/06 5:43 p.m.24 views

CVE-2026-23632

CVE-2026-23632 (Gogs) : A bug in Gogs prior to 0.13.4 allows a token with read permission to modify repository contents via the PUT /repos/:owner/:repo/contents/* endpoint. After repoAssignment() passes, PutContents() calls UpdateRepoFile(), leading to commit creation and git push, enabling unaut...

6.5CVSS5.6AI score0.00282EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/12/05 5:44 p.m.17 views

CVE-2025-66545

CVE-2025-66545 affects Nextcloud Groupfolders . A user with read-only permissions could restore a file from the trash bin in group/shared folders, before versions 14.0.11, 15.3.12, 16.0.15, 17.0.14, 18.1.8, 19.1.8, and 20.1.2. The issue is resolved in those respective fixed versions. If you use G...

4.3CVSS6.3AI score0.00239EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/12/05 5:44 p.m.4 views

CVE-2025-66545 Nextcloud Groupfolders users with read-only permissions for team folder can restore deleted files from trash bin

Nextcloud Groupfolders provides admin-configured folders shared by everyone in a group or team. Prior to 14.0.11, 15.3.12, 16.0.15, 17.0.14, 18.1.8, 19.1.8, and 20.1.2, a user with read-only permission can restore a file from the trash bin. This vulnerability is fixed in 14.0.11, 15.3.12, 16.0.15...

3.5CVSS6.6AI score0.00239EPSS
Exploits0References6
Nextcloud
Nextcloud
added 2025/12/05 8:3 a.m.9 views

Users with read-only permissions for team folder can restore deleted files from trash bin

None...

4.3CVSS5.2AI score0.00239EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2025/11/18 5:16 p.m.5 views

CVE-2025-54971

An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiADC 7.4.0, FortiADC 7.2 all versions, FortiADC 7.1 all versions, FortiADC 7.0 all versions, FortiADC 6.2 all versions may allow an admin with read-only permission to get the external resources password vi...

6.5CVSS0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-10307

Malicious code in bioql PyPI...

7.2CVSS6.4AI score0.00394EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-54238

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00494EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-24971

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.00545EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-54459

Malicious code in bioql PyPI...

8.1CVSS8AI score0.00458EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/15 6:17 a.m.15 views

CVE-2024-52961

An improper neutralization of special elements used in an OS Command vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 5.0.0, FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2.1 through 4.2.7, FortiSandbox 4.0.0 through 4.0.5, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all version...

8.8CVSS7AI score0.00494EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/03/11 3:15 p.m.2 views

CVE-2024-52961

An improper neutralization of special elements used in an OS Command vulnerability CWE-78 vulnerability in Fortinet FortiSandbox 5.0.0, FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2.1 through 4.2.7, FortiSandbox 4.0.0 through 4.0.5, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all version...

8.8CVSS5.7AI score0.00494EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/03/11 2:54 p.m.63 views

CVE-2024-52961

CVE-2024-52961 affects Fortinet FortiSandbox OS command handling. Affected are FortiSandbox versions 3.0–5.0.0 (various 3.x and 4.x releases; 5.0.0 cited). The vulnerability is due to improper neutralization of specific elements used in an OS command, allowing an authenticated attacker with read-...

8.8CVSS6.5AI score0.00494EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/24 8:25 p.m.10 views

CVE-2023-4606

An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected...

8.1CVSS6.9AI score0.00458EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/10/24 12:0 a.m.7 views

PT-2023-29817 · Lenovo · Thinksystem

Name of the Vulnerable Software and Affected Versions: ThinkSystem versions v2 and v3 Description: An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This issue affects ThinkSystem servers with XCC. Recommendations: For...

8.1CVSS7.9AI score0.00458EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2023/02/09 12:0 a.m.24 views

Huawei EulerOS: Security Advisory for libvirt (EulerOS-SA-2023-1348)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.4CVSS6.3AI score0.01108EPSS
Exploits1References2
Hacker One
Hacker One
added 2016/03/15 5:47 a.m.27 views

HackerOne: Email Address Leak

Hello, I have found out that when a team invites a team member via username, the email address of the invited user is being disclosed after he accepted it. This can be abused since we all know that the email address is not publicly visible through hackerone profile. One team can abuse its functio...

0.2AI score
Exploits0
Hacker One
Hacker One
added 2016/02/25 11:49 a.m.29 views

HackerOne: User with Read-Only permissions can edit the SwagAwarded Activities on Bug Reports

Poc : 1.Login into Programtestbug as owner account 2.Create a new group with "Reward" Permission . Add a user to that group 3.Create a new group with "Read-only" Permission . Add a user to that group 3.Login into user account Report a bug to Program testbug 4."Reward" Permission User awarded a sw...

7AI score
Exploits0
Rows per page
Query Builder