Lucene search
+L

71 matches found

nessus
nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 8 : varnish:6 (AXSA:2024-7669:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7669:01 advisory. varnish: HTTP/2 Broken Window Attack may result in denial of service CVE-2024-30156 Tenable has extracted the preceding description block directly from the...

7.5CVSS5.5AI score0.03663EPSS
Exploits0References2
euvd
euvd
added 2025/12/11 9:31 p.m.5 views

EUVD-2025-202724

OS Command Injection vulnerability in Ruijie RG-BCR RG-BCR860 allowing attackers to execute arbitrary commands via a crafted POST request to the actiondealupdate in file /usr/lib/lua/luci/controller/api/rcmsAPI.lua...

7.3AI score0.02769EPSS
Exploits1References4
euvd
euvd
added 2025/10/07 12:30 a.m.8 views

EUVD-2018-13299

Malware in sbrugna...

6.1CVSS6.2AI score0.00861EPSS
Exploits1References5
euvd
euvd
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-4664

Malicious code in bioql PyPI...

5.4CVSS6.4AI score0.0022EPSS
Exploits0References5
osv
osv
added 2025/09/07 4:1 p.m.4 views

EEF-CVE-2025-48042 Before action hooks may execute in certain scenarios despite a request being forbidden

Summary Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels. This vulnerability is associated with program files lib/ash/actions/create/bulk.ex, lib/ash/actions/destroy/bulk.ex, lib/ash/actions/update/bulk.ex and program...

7.1CVSS5.8AI score0.00293EPSS
Exploits0References4
ossf
ossf
added 2025/03/28 1:4 p.m.4 views

Malicious code in yaml-update-action (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
osv
osv
added 2025/03/28 1:4 p.m.5 views

MAL-2025-2919 Malicious code in yaml-update-action (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
osv
osv
added 2025/02/19 5:46 p.m.47 views

GHSA-99VM-5V2H-H6R6 Directus allows updates to non-allowed fields due to overlapping policies

Summary If there are two overlapping policies for the update action that allow access to different fields, instead of correctly checking access permissions against the item they apply for the user is allowed to update the superset of fields allowed by any of the policies. E.g. have one policy...

5.4CVSS5.9AI score0.0022EPSS
Exploits0References5
cnnvd
cnnvd
added 2025/02/06 12:0 a.m.5 views

PHPJabbers Cinema Booking System 安全漏洞

PHPJabbers Cinema Booking System is a theater booking system from PHPJabbers. A security vulnerability exists in PHPJabbers Cinema Booking System version v2.0, which stems from a cross-site request forgery vulnerability contained in the pjActionUpdate function...

5.4CVSS6.2AI score0.00273EPSS
Exploits3References2
ptsecurity
ptsecurity
added 2025/01/07 12:0 a.m.9 views

PT-2025-1792 · WordPress · Seo Lat Auto Post

Name of the Vulnerable Software and Affected Versions: SEO LAT Auto Post plugin for WordPress versions up to 2.2.1 Description: The issue is related to a missing capability check on the remote update AJAX action, which allows unauthenticated attackers to overwrite the seo-beginner-auto-post.php...

9.8CVSS8.2AI score0.03171EPSS
Exploits1References8
github
github
added 2024/10/23 5:22 p.m.16 views

In AshPostgres, empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability.

Impact What kind of vulnerability is it? Who is impacted? In certain very specific situations, it was possible for the policies of an update action to be skipped. This occurred only on "empty" update actions no changing fields, and would allow their hooks side effects to be performed when they...

5.3CVSS5.4AI score0.00499EPSS
Exploits0References6Affected Software1
nvd
nvd
added 2024/10/23 5:15 p.m.12 views

CVE-2024-49756

AshPostgres is the PostgreSQL data layer for Ash Framework. Starting in version 2.0.0 and prior to version 2.4.10, in certain very specific situations, it was possible for the policies of an update action to be skipped. This occurred only on "empty" update actions no changing fields, and would...

5.3CVSS0.00499EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2024/10/23 5:4 p.m.14 views

CVE-2024-49756 AshPostgres empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability.

AshPostgres is the PostgreSQL data layer for Ash Framework. Starting in version 2.0.0 and prior to version 2.4.10, in certain very specific situations, it was possible for the policies of an update action to be skipped. This occurred only on "empty" update actions no changing fields, and would...

5.3CVSS5.3AI score0.00499EPSS
Exploits0References4
cvelist
cvelist
added 2024/10/23 5:4 p.m.25 views

CVE-2024-49756 AshPostgres empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability.

AshPostgres is the PostgreSQL data layer for Ash Framework. Starting in version 2.0.0 and prior to version 2.4.10, in certain very specific situations, it was possible for the policies of an update action to be skipped. This occurred only on "empty" update actions no changing fields, and would...

5.3CVSS0.00499EPSS
Exploits0References4
cve
cve
added 2024/10/23 5:4 p.m.48 views

CVE-2024-49756

AshPostgres (Ash Framework data layer) has a vulnerability in versions 2.0.0 through 2.4.9 where update actions that are empty (no field changes) could skip policies and trigger side effects. The issue is limited to such actions and does not enable reading new data. It requires specific condition...

5.3CVSS5.2AI score0.00499EPSS
Exploits0References4
osv
osv
added 2024/10/23 5:4 p.m.10 views

CVE-2024-49756 AshPostgres empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability.

AshPostgres is the PostgreSQL data layer for Ash Framework. Starting in version 2.0.0 and prior to version 2.4.10, in certain very specific situations, it was possible for the policies of an update action to be skipped. This occurred only on "empty" update actions no changing fields, and would...

5.3CVSS6.6AI score0.00499EPSS
Exploits0References6
nvd
nvd
added 2024/10/03 4:15 p.m.13 views

CVE-2024-39755

A privilege escalation vulnerability exists in the node update functionality of Veertu Anka Build 1.42.0. A specially crafted PKG file can lead to execute priviledged operation. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

7.8CVSS0.00364EPSS
Exploits1References2
cvelist
cvelist
added 2024/10/03 3:16 p.m.21 views

CVE-2024-39755

A privilege escalation vulnerability exists in the node update functionality of Veertu Anka Build 1.42.0. A specially crafted PKG file can lead to execute priviledged operation. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

7.8CVSS0.00364EPSS
Exploits1References1
nvd
nvd
added 2024/05/28 2:15 p.m.24 views

CVE-2024-29072

A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low privilege user can trigger the update action which can result in unexpected elevation of privilege...

8.2CVSS8.3AI score0.00464EPSS
Exploits1References2
osv
osv
added 2023/10/27 9:15 p.m.5 views

CVE-2023-40123

In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS6AI score0.00089EPSS
Exploits0References2
Rows per page
Query Builder