Lucene search
K

15 matches found

Cvelist
Cvelist
added 6 days ago17 views

CVE-2026-56772 NewsBlur < 14.5.0 - Insecure Direct Object Reference in Social Interactions Endpoint

NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notification feeds by supplying arbitrary userid values to the GET /social/interactions endpoint without ownership verification. Attackers can enumerate userid values to access...

5.3CVSS0.00204EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/15 8:0 p.m.13 views

EUVD-2026-30603

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, FolderForm uses modelconfig = ConfigDictextra='allow', which permits arbitrary fields to pass through Pydantic validation and be included in modeldumpexcludeunset=True. In...

5CVSS6AI score0.00287EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/15 7:24 p.m.6 views

CVE-2026-33708

Chamilo LMS is a learning management system. Prior to 1.11.38, the getuserinfofromusername REST API endpoint returns personal information email, first name, last name, user ID, active status of any user to any authenticated user, including students. There is no authorization check. This...

6.5CVSS5.8AI score0.00209EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2000-1162

Malware in sbrugna...

5CVSS6.4AI score0.07953EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2009-4434

Malware in sbrugna...

4CVSS6.4AI score0.01657EPSS
Exploits2References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-49500

Malicious code in bioql PyPI...

9.8CVSS6.4AI score0.02994EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 6:33 p.m.7 views

CVE-2021-32653

Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server versions prior to 19.0.11, 20.0.10, or 21.0.2 send user IDs to the lookup server even if the user has no fields set to published. The vulnerability is patched in versions 19.0.11, 20.0.10, and 21.0.2; no workaroun...

4CVSS6.7AI score0.01205EPSS
Exploits0References1
CVE
CVE
added 2025/02/14 5:52 p.m.75 views

CVE-2025-0503

Mattermost 9.11.x

5.3CVSS7AI score0.00234EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/01/30 12:0 a.m.3 views

Broadcom Symantec Privileged Access Management 安全漏洞

Broadcom Symantec Privileged Access Management Broadcom Symantec PAM is a security software from Broadcom, Inc. It helps prevent security breaches by protecting sensitive administrative credentials, controlling privileged user access, proactively enforcing security policies, and monitoring and...

5.3CVSS6.2AI score0.0024EPSS
Exploits0References1
OSV
OSV
added 2024/02/12 8:15 p.m.5 views

CVE-2022-22506

IBM Robotic Process Automation 21.0.2 contains a vulnerability that could allow user ids may be exposed across tenants. IBM X-Force ID: 227293...

4.6CVSS5.7AI score0.0029EPSS
Exploits0References2
OSV
OSV
added 2023/01/12 4:15 a.m.4 views

UBUNTU-CVE-2022-3870

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. GitLab allows unauthenticated users to download user avatars using the victim's user ID, on private...

5.3CVSS5.7AI score0.007EPSS
Exploits0References5
CNVD
CNVD
added 2021/06/03 12:0 a.m.9 views

Unspecified vulnerability in Nextcloud (CNVD-2021-39032)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server that can be exploited by an attacker to send a user ID to a lookup server when the user is not set to a...

4CVSS6.6AI score0.01205EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2004/03/31 12:0 a.m.25 views

Roger Wilco Server 1.4.1 - Unauthorized Audio Stream Denial of Service

source: https://www.securityfocus.com/bid/10025/info A vulnerability has been reported in the Roger Wilco Server, it is reported that a user does not need to connect to the server over the TCP port to have UDP based audio streams handled. Rather the attacker will require knowledge of user ID's...

7AI score
Exploits0
NVD
NVD
added 2001/01/09 5:0 a.m.12 views

CVE-2000-1177

bb-hist.sh, bb-histlog.sh, bb-hostsvc.sh, bb-rep.sh, bb-replog.sh, and bb-ack.sh in Big Brother BB before 1.5d3 allows remote attackers to determine the existence of files and user ID's by specifying the target file in the HISTFILE parameter...

5CVSS6.6AI score0.07953EPSS
Exploits1References3
CVE
CVE
added 2000/12/19 5:0 a.m.59 views

CVE-2000-1177

CVE-2000-1177 affects Big Brother (BB) prior to 1.5d3, where several scripts (bb-hist.sh, bb-histlog.sh, bb-hostsvc.sh, bb-rep.sh, bb-replog.sh, bb-ack.sh) allow remote attackers to determine whether files exist and deduce user IDs by passing a target filename in HISTFILE. The entry bases impact ...

5CVSS7AI score0.07953EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder