Lucene search
K

121 matches found

Positive Technologies
Positive Technologies
added 2025/01/21 12:0 a.m.6 views

PT-2025-3072 · Spagobi · Spagobi

Name of the Vulnerable Software and Affected Versions: SpagoBI version 3.5.1 Description: A Cross-Site Request Forgery CSRF issue has been found in the user administration panel. An authenticated user can lead another user into executing unwanted actions inside the application they are logged in,...

6.1CVSS6.2AI score0.00281EPSS
Exploits4References5
CVE
CVE
added 2025/01/21 12:0 a.m.58 views

CVE-2024-54792

CVE-2024-54792 : SpagoBI 3.5.1 is affected by a CSRF vulnerability in the user administration panel. An authenticated attacker can induce a logged-in admin to perform unwanted actions (e.g., add/edit/delete users) on behalf of the victim via crafted requests. The issue is demonstrated in multiple...

6.1CVSS6.7AI score0.00281EPSS
Exploits4References2Affected Software1
Rockylinux
Rockylinux
added 2024/09/30 2:30 p.m.6 views

libuser bug fix and enhancement update

An update is available for libuser. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libuser library implements a standardized interface for manipulating and...

7.4AI score
Exploits0
CNVD
CNVD
added 2024/05/16 12:0 a.m.5 views

Siemens SIMATIC RTLS Locating Manager Incorrectly Assigns Critical Resource Privileges Vulnerability

SIMATIC RTLS Locating Manager is used to configure, operate and maintain the SIMATIC RTLS unit, a real-time wireless positioning system that provides locating solutions. Siemens SIMATIC RTLS Locating Manager suffers from an incorrect assignment of critical resource privileges vulnerability, which...

9.4CVSS6.7AI score0.00458EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.4 views

Siemens 多款产品 安全漏洞

SIMATIC RTLS Locating Manager is used to configure, operate and maintain the SIMATIC RTLS unit, a real-time wireless positioning system that provides locating solutions. Siemens SIMATIC RTLS Locating Manager suffers from an incorrect assignment of critical resource privileges vulnerability, which...

9.4CVSS6.8AI score0.00458EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2024/03/04 10:44 p.m.510 views

Exploit for Authentication Bypass Using an Alternate Path or Channel in Jetbrains Teamcity

TeamCity Exploit Script 🛠️ This script is designed to demonst...

9.8CVSS10AI score0.99938EPSS
Exploits24
CNNVD
CNNVD
added 2023/05/09 12:0 a.m.7 views

Microsoft Windows Win32K 安全漏洞

Microsoft Windows Win32k is a system file for Windows multi-user administration from Microsoft USA. A security vulnerability exists in Microsoft Windows Win32K. The following products and versions are affected: Windows 11 version 21H2 for x64-based Systems,Windows 11 version 21H2 for ARM64-based...

7.8CVSS8.2AI score0.05092EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:41 a.m.6 views

SUSE CVE-2013-1399

Multiple cross-site request forgery CSRF vulnerabilities in the 1 node request management, 2 live management, and 3 user administration components in the console in Puppet Enterprise PE before 2.7.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors...

6.8CVSS7.3AI score0.00607EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/01/10 12:0 a.m.9 views

Microsoft Windows Win32k 安全漏洞

Microsoft Windows Win32k is a system file for Windows multi-user administration from Microsoft USA. A security vulnerability exists in Microsoft Windows Win32k. An attacker can exploit the vulnerability to elevate privileges...

7.8CVSS7.6AI score0.00476EPSS
Exploits0References5
NVD
NVD
added 2022/11/12 4:15 a.m.29 views

CVE-2022-41339

In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation...

7.8CVSS0.00519EPSS
Exploits0References1
OSV
OSV
added 2022/11/12 4:15 a.m.4 views

CVE-2022-41339

In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, the User Administration module allows privilege escalation...

7.8CVSS5.8AI score0.00519EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/11/12 12:0 a.m.5 views

PT-2022-25817 · Zoho · Zoho Manageengine Mobile Device Manager Plus

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Mobile Device Manager Plus versions prior to 10.1.2207.5 Description: The issue allows privilege escalation through the User Administration module. Recommendations: For versions prior to 10.1.2207.5, update to version...

7.8CVSS7.8AI score0.00519EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/08/16 12:0 a.m.51 views

GLSA-202208-17 : Nextcloud: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202208-17 Nextcloud: Multiple Vulnerabilities - Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server versions prior to 19.0.11, 20.0.10, or 21.0.2 send user IDs to the lookup server even if the user...

10CVSS6.7AI score0.02604EPSS
Exploits2References33
CNVD
CNVD
added 2022/04/16 12:0 a.m.16 views

Kentico CMS has an unspecified vulnerability

Kentico is the United States Kentico company's set of ASP.NET-based content management system CMS. A security vulnerability exists in Kentico CMS before 13.0.66, which can be exploited by an attacker with user administrative privileges administrator by default to export any user's user options,...

4.9CVSS6.8AI score0.00883EPSS
Exploits1References1
NVD
NVD
added 2022/02/18 9:15 p.m.24 views

CVE-2021-40840

A Stored XSS issue exists in the admin/users user administration form in LiveConfig 2.12.2...

5.4CVSS0.00483EPSS
Exploits0References2
Prion
Prion
added 2022/02/18 9:15 p.m.14 views

Cross site scripting

A Stored XSS issue exists in the admin/users user administration form in LiveConfig 2.12.2...

3.5CVSS5.2AI score0.00483EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/02/18 8:27 p.m.22 views

CVE-2021-40840

A Stored XSS issue exists in the admin/users user administration form in LiveConfig 2.12.2...

5.4AI score0.00483EPSS
Exploits0References2
CVE
CVE
added 2022/02/18 8:27 p.m.68 views

CVE-2021-40840

CVE-2021-40840 affects LiveConfig 2.12.2: a stored XSS in the admin/users form. The connected sources consistently describe a stored cross-site scripting issue in the user administration interface but provide no public details on vulnerable input, specific payloads, affected configurations, explo...

5.4CVSS5.2AI score0.00483EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2021/06/01 10:15 p.m.24 views

CVE-2021-32657

Nextcloud Server is a Nextcloud package that handles data storage. In versions of Nextcloud Server prior to 10.0.11, 20.0.10, and 21.0.2, a malicious user may be able to break the user administration page. This would disallow administrators to administrate users on the Nextcloud instance. The...

4.3CVSS0.01823EPSS
Exploits0References3
Prion
Prion
added 2021/06/01 10:15 p.m.21 views

Command injection

Nextcloud Server is a Nextcloud package that handles data storage. In versions of Nextcloud Server prior to 10.0.11, 20.0.10, and 21.0.2, a malicious user may be able to break the user administration page. This would disallow administrators to administrate users on the Nextcloud instance. The...

4CVSS4.7AI score0.01823EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder