Lucene search
K

88 matches found

Cvelist
Cvelist
added 2025/11/06 7:27 a.m.22 views

CVE-2025-12360 Better Find and Replace <= 1.7.7 - Missing Authorization

The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to unauthorized API usage due to a missing capability check on the rtafarajax function in all versions up to, and including, 1.7.7. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS0.00195EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.3 views

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

6.9CVSS6.5AI score0.00206EPSS
Exploits0References2
OSV
OSV
added 2025/10/14 10:15 a.m.4 views

CVE-2025-40773

A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request. Successful exploitation...

5.3CVSS5.8AI score0.00178EPSS
Exploits0References1
NVD
NVD
added 2025/10/14 10:15 a.m.22 views

CVE-2025-40773

A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request. Successful exploitation...

5.3CVSS0.00178EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/14 9:15 a.m.3 views

CVE-2025-40773

A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications contains a broken access control vulnerability. The authorization mechanism lacks sufficient server-side checks, allowing an attacker to execute a specific API request. Successful exploitation...

5.1CVSS6.8AI score0.00178EPSS
Exploits0References1
OSV
OSV
added 2025/10/07 2:15 p.m.5 views

CVE-2025-50505

Clash Verge Rev thru 2.2.3 fixed in 2.3.0 forces the installation of system servicesclash-verge-service by default and exposes key functions through the unauthorized HTTP API /startclash, allowing local users to submit arbitrary binpath parameters and pass them directly to the service process for...

7.8CVSS5.9AI score0.0021EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-29639

Malware in sbrugna...

6.5CVSS6.5AI score0.01022EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-17087

Malicious code in bioql PyPI...

6.2CVSS6.6AI score0.00093EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-59669

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00275EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-46875

Malicious code in bioql PyPI...

4.3CVSS6.5AI score0.00378EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-43465

Malicious code in bioql PyPI...

8.1CVSS6.5AI score0.00401EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/20 12:0 a.m.4 views

Radar 安全漏洞

Radar wind control engine is a lightweight real-time wind control engine by feihu.wang individual developers. A security vulnerability exists in Radar v1.0.8, which stems from improper access control and could lead to unauthorized access to sensitive APIs...

9.8CVSS6.5AI score0.00397EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2025/06/10 9:7 p.m.351 views

Exploit for Deserialization of Untrusted Data in Wazuh

CVE-2025-24016 Wazuh Remote Code Execution RCE - PoC 🚨 De...

9.9CVSS10AI score0.92579EPSS
Exploits10
OSV
OSV
added 2025/06/06 7:15 a.m.4 views

CVE-2025-48904

Vulnerability that cards can call unauthorized APIs in the FRS process Impact: Successful exploitation of this vulnerability may affect availability...

6.2CVSS5.8AI score0.00093EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/06 6:36 a.m.7 views

CVE-2025-48904

Vulnerability that cards can call unauthorized APIs in the FRS process Impact: Successful exploitation of this vulnerability may affect availability...

4.4CVSS0.00093EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/06 6:36 a.m.4 views

CVE-2025-48904

Vulnerability that cards can call unauthorized APIs in the FRS process Impact: Successful exploitation of this vulnerability may affect availability...

4.4CVSS5AI score0.00093EPSS
Exploits0References1
CVE
CVE
added 2025/06/06 6:36 a.m.52 views

CVE-2025-48904

CVE-2025-48904 affects Huawei’s HarmonyOS family (noted with HarmonyOS 5.0.0 in CNVD/CNNVD). The issue is described as: cards can call unauthorized APIs in the FRS process, which can impact availability if exploited. The NVD entry documents a LOCAL, low-attack‑complexity vector with no privileges...

6.2CVSS6.9AI score0.00093EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 5:15 a.m.8 views

CVE-2023-47142

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267...

8.8CVSS6.4AI score0.00305EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/23 10:43 a.m.6 views

CVE-2025-42604 Detailed Error Response Vulnerability in Meon KYC solutions

This vulnerability exists in Meon KYC solutions due to debug mode is enabled in certain API endpoints. A remote attacker could exploit this vulnerability by accessing certain unauthorized API endpoints leading to detailed error messages as response leading to disclosure of system related...

6.9CVSS6.8AI score0.00392EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/23 10:43 a.m.15 views

CVE-2025-42604 Detailed Error Response Vulnerability in Meon KYC solutions

This vulnerability exists in Meon KYC solutions due to debug mode is enabled in certain API endpoints. A remote attacker could exploit this vulnerability by accessing certain unauthorized API endpoints leading to detailed error messages as response leading to disclosure of system related...

6.9CVSS0.00392EPSS
Exploits0References1
Rows per page
Query Builder