Lucene search
K

130 matches found

CVE
CVE
added 2025/09/10 12:36 p.m.16 views

CVE-2025-10224

The CVE-2025-10224 entry concerns AxxonSoft Axxon One (C-Werk) prior to or equal to 2.0.2 on Windows, where the LDAP authentication engine improperly evaluates nested LDAP group memberships. This allows a remote authenticated user to be denied access or receive misassigned roles during login. The...

7.1CVSS6.5AI score0.00304EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/09/10 12:0 a.m.3 views

AxxonSoft AxxonOne 安全漏洞

AxxonSoft AxxonOne is a video surveillance and security management software from AxxonSoft Ireland. A security vulnerability exists in AxxonSoft AxxonOne version 2.0.2 and earlier, which stems from improper authentication of the LDAP authentication engine and could result in access denial or role...

7.1CVSS6.9AI score0.00304EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/06 2:18 a.m.14 views

CVE-2025-5953

The WP Human Resource Management plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the ajaxinsertemployee and updateempoyee functions in versions 2.0.0 through 2.2.17. The AJAX handler reads the client-supplied $POST'role' and, after basic cleaning via...

8.8CVSS6.2AI score0.00364EPSS
Exploits0References1
OSV
OSV
added 2025/06/23 5:15 p.m.3 views

CVE-2023-47031

An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization SOAP API component...

9.8CVSS5.9AI score0.00523EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/23 8:31 a.m.7 views

CVE-2024-5127

In lunary-ai/lunary versions 1.2.2 through 1.2.25, an improper access control vulnerability allows users on the Free plan to invite other members and assign them any role, including those intended for Paid and Enterprise plans only. This issue arises due to insufficient backend validation of role...

5.4CVSS6.8AI score0.00298EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:50 a.m.9 views

CVE-2023-32749

Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all...

8.8CVSS6.8AI score0.14197EPSS
Exploits6References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:37 p.m.8 views

CVE-2021-25931

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to CSRF, due to no CSRF protection at...

8.8CVSS6.8AI score0.00726EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 5:12 p.m.6 views

CVE-2020-8188

We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on Protect firmware v1.13.2, v1.14.9 and prior according to the description below:View only users can r...

8.8CVSS7.7AI score0.01342EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:16 a.m.7 views

CVE-2012-5557

The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, does not properly assign roles when there are more than three roles on the site and certain unspecified configurations, which might allow remote authenticated users to gain privileges by performing certain...

3.6CVSS6.9AI score0.01433EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2025/05/06 12:0 a.m.402 views

ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)

Exploit Title: ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery CSRF Google Dork: inurl:"/api/method/frappe" Date: 2025-04-29 Exploit Author: Ahmed Thaiban Thvt0ne Vendor Homepage: https://erpnext.com Software Link: https://github.com/frappe/erpnext Version: Delete User Click Her...

8.1CVSS7.1AI score0.00759EPSS
Exploits3
Github Security Blog
Github Security Blog
added 2025/04/15 2:48 p.m.6 views

aws-cdk-lib's aspect order change causes different Permissions Boundary assigned to Role

Summary The AWS Cloud Development Kit AWS CDK is an open-source software development framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation. In the CDK, developers organize their applications into reusable components called "constructs," which are...

7.2AI score
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/06 4:27 a.m.14 views

CVE-2025-2075

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3.0.2. This is due to addrole and userrole functions missing proper capability checks performed through the...

8.8CVSS6.8AI score0.02474EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/04 4:21 a.m.11 views

CVE-2025-2075 Uncanny Automator <= 6.3.0.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3.0.2. This is due to addrole and userrole functions missing proper capability checks performed through the...

8.8CVSS0.02474EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/01/29 12:0 a.m.4 views

PT-2025-3445 · Ruoyi · Ruoyi

Name of the Vulnerable Software and Affected Versions: RuoYi version 4.8.0 Description: The issue concerns insecure permissions that allow authenticated attackers to escalate privileges by assigning themselves higher level roles. Recommendations: For RuoYi version 4.8.0, update the permissions to...

7.1CVSS6.5AI score0.00322EPSS
Exploits1References10
OSV
OSV
added 2024/10/25 5:15 p.m.5 views

CVE-2022-30356

OvalEdge 5.2.8.0 and earlier is affected by a Privilege Escalation vulnerability via a POST request to /user/assignuserrole via the userid and role parameters . Authentication is required with OEADMIN role privilege...

4.7CVSS5.8AI score0.00365EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2024/10/25 5:15 p.m.2 views

CVE-2022-30356

OvalEdge 5.2.8.0 and earlier is affected by a Privilege Escalation vulnerability via a POST request to /user/assignuserrole via the userid and role parameters . Authentication is required with OEADMIN role privilege...

8.8CVSS5.8AI score0.00365EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/10/25 12:0 a.m.3 views

OvalEdge 安全漏洞

OvalEdge is a solution from US-based OvalEdge that helps users create, manage and use data from a variety of sources through AI and human intelligence. A security vulnerability exists in OvalEdge version 5.2.8.0 and earlier, which stems from a POST request to /user/assignuserrole via the userid a...

8.8CVSS7AI score0.00365EPSS
Exploits1References1
OSV
OSV
added 2024/06/06 6:15 p.m.16 views

CVE-2024-5127

In lunary-ai/lunary versions 1.2.2 through 1.2.25, an improper access control vulnerability allows users on the Free plan to invite other members and assign them any role, including those intended for Paid and Enterprise plans only. This issue arises due to insufficient backend validation of role...

5.4CVSS6.7AI score0.00298EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/05/27 12:0 a.m.4 views

IdentiBot 安全漏洞

IdentiBot is an open source Discord bot at MIT University written in Node.js that is used to verify an individual's affiliation with MIT, grant them a role in the Discord server, and store information about them in a database backend. IdentiBot has a security vulnerability that stems from members...

7.5CVSS6.6AI score0.005EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 11:12 a.m.36 views

BIT-MOODLE-2020-14321

In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course...

8.8CVSS8.5AI score0.16425EPSS
Exploits8References2
Rows per page
Query Builder