Lucene search
K

87 matches found

OSV
OSV
added 2025/07/29 12:15 a.m.5 views

CVE-2025-54766

An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to export the appliance configuration, exposing sensitive information...

5.3CVSS5.8AI score0.06894EPSS
Exploits2References3
OSV
OSV
added 2025/07/29 12:15 a.m.5 views

CVE-2025-54765

An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to import the appliance configuration, allowing an attacker to control the configuration of the appliance, to include...

5.3CVSS5.8AI score0.06894EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2025/01/27 12:0 a.m.5 views

PT-2025-2648 · Otrs · Otrs

Name of the Vulnerable Software and Affected Versions: OTRS versions 6.0.x through 8.0.x OTRS versions 2023.x through 2024.x Description: An improper privilege management issue in the OTRS Generic Interface module allows users with read-only permissions to change the ticket status. This issue may...

3.5CVSS7.2AI score0.00208EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/12/17 12:0 a.m.6 views

PT-2024-29789 · Hcl · Hcl Bigfix Inventory

Name of the Vulnerable Software and Affected Versions: HCL BigFix Inventory affected versions not specified Description: The issue is related to an improper handling of insufficient permissions or privileges in HCL BigFix Inventory. An attacker with access via a read-only account can possibly...

3.1CVSS6.9AI score0.00257EPSS
Exploits0References5
OSV
OSV
added 2024/11/12 1:15 p.m.5 views

CVE-2024-50558

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.2, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.2, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.2, SCALANCE M812-1 ADSL-Router 6GK5812-1AA00-2AA2 All versions V8.2, SCALANCE...

5.3CVSS5.7AI score0.00304EPSS
Exploits0References1
OSV
OSV
added 2024/07/15 8:15 a.m.5 views

CVE-2024-23794

An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with read-only permissions to gain full access to a ticket. This issue arises in very rare instances when an admin has previously enabled the...

7.5CVSS5.8AI score0.0027EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/06/20 12:0 a.m.10 views

PT-2024-11728 · Northern.Tech · Mender

Name of the Vulnerable Software and Affected Versions: Northern.tech Mender versions 3.3.x through 3.3.1 Northern.tech Mender versions 3.4.x through 3.4.0 Northern.tech Mender versions 3.5.x through 3.5.0 Northern.tech Mender versions 3.6.x through 3.6.0 Description: The issue is related to...

8.8CVSS7.1AI score0.00384EPSS
Exploits0References8
OSV
OSV
added 2024/04/16 8:15 p.m.6 views

ALPINE-CVE-2022-24805

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains...

8.8CVSS7.4AI score0.01299EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/03/21 12:0 a.m.6 views

PT-2024-13477 · Ibm · Ibm Storage Protect Plus Server

Name of the Vulnerable Software and Affected Versions: IBM Storage Protect Plus Server versions 10.1.0 through 10.1.16 Description: The issue allows an authenticated user with read-only permissions to add or delete entries from an existing HyperVisor configuration, resulting in unauthorized acces...

4.3CVSS6.4AI score0.00331EPSS
Exploits0References8
OSV
OSV
added 2024/02/03 9:15 a.m.2 views

CVE-2023-43183

Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows read-only users to arbitrarily change the password of an admin and hijack their account...

8.8CVSS5.8AI score0.01178EPSS
Exploits3References3
CVE
CVE
added 2024/02/03 12:0 a.m.52 views

CVE-2023-43183

CVE-2023-43183 affects Reprise License Manager (RLM) v15.1. An incorrect access control vulnerability allows a read-only user to arbitrarily change an administrator’s password and hijack the admin account. The issue is documented across multiple sources (NVD/Red Hat/CVE list) and has public PoCs/...

8.8CVSS8.7AI score0.01178EPSS
Exploits3References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/07 12:0 a.m.15 views

PT-2023-31122 · Peplink · Peplink Balance

Name of the Vulnerable Software and Affected Versions: Peplink Balance Two versions prior to 8.4.0 Description: An issue was discovered in the administration web service, where a missing authorization check allows read-only, unprivileged users to obtain sensitive information about the device...

4.3CVSS4.4AI score0.00488EPSS
Exploits1References8
OSV
OSV
added 2023/10/16 10:15 p.m.4 views

UBUNTU-CVE-2023-45807

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can perform create, edit...

5.4CVSS5.8AI score0.0041EPSS
Exploits0References3
OSV
OSV
added 2023/06/28 3:15 p.m.3 views

CVE-2023-20136

A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator privileges. The attacker would need valid user credentials. This vulnerability is due to improper...

6.5CVSS5.9AI score0.00517EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/06/07 11:0 p.m.3 views

CVE-2023-20136

A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator privileges. The attacker would need valid user credentials. This vulnerability is due to improper...

6.5CVSS6.7AI score0.00517EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/05/11 12:15 p.m.4 views

CVE-2023-31445

Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged -information disclosure vulnerability that allows read-only users have the ability to enumerate all other users and discover e-mail addresses, phone numbers, and privileges of all other users...

5.3CVSS6.1AI score0.01155EPSS
Exploits1References5
NVD
NVD
added 2023/05/11 12:15 p.m.17 views

CVE-2023-31445

Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged -information disclosure vulnerability that allows read-only users have the ability to enumerate all other users and discover e-mail addresses, phone numbers, and privileges of all other users...

5.3CVSS5.3AI score0.01155EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/02/25 12:0 a.m.5 views

JetBrains YouTrack 安全漏洞

JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. The software features error tracking, creating workflows and monitoring project progress.An elevation of privilege vulnerability exists in versions prior to JetBrains YouTrack...

4.3CVSS5.6AI score0.00621EPSS
Exploits0References2
Citrix
Citrix
added 2021/04/30 12:0 a.m.4 views

How to create read-only users on xenserver

Create read-only users on xenserver...

7.1AI score
Exploits0
OSV
OSV
added 2019/12/19 7:15 p.m.3 views

CVE-2019-18181

In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configlet Builder modules. This vulnerability can potentially enable authenticated users with read-only...

7.8CVSS7.1AI score0.0034EPSS
Exploits0References1
Rows per page
Query Builder