Lucene search
K

54 matches found

CNNVD
CNNVD
added 2026/01/22 12:0 a.m.7 views

EXERT Education Management System has a security vulnerability

EXERT Education Management System is a comprehensive education management software developed by the Turkish company EXERT. The version 23.09.2025 and earlier of the EXERT Education Management System contained security vulnerabilities. These vulnerabilities stemmed from unauthorized access through...

7.5CVSS5.8AI score0.00344EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.6 views

WordPress plugin Curly has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

5.4CVSS5.8AI score0.00229EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.10 views

MiracleLinux 4 : kernel-2.6.32-220.4.1.el6 (AXSA:2012-228:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-228:02 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating...

9.1CVSS7.5AI score0.10904EPSS
Exploits23References19
EUVD
EUVD
added 2025/11/08 12:31 a.m.6 views

EUVD-2025-38342

Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. The list of APIs that are affected by this issue is: post:/platform/configuration/security/service-accounts...

8.8CVSS6.3AI score0.00324EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/31 12:0 a.m.6 views

PT-2025-44756

Name of the Vulnerable Software and Affected Versions Elastic Cloud Enterprise affected versions not specified Description An improper authorization issue exists in the Elastic Cloud Enterprise platform’s application programming interfaces. Exploitation of this issue may allow a remote attacker t...

9CVSS6.7AI score0.00324EPSS
Exploits0References12
OSV
OSV
added 2025/10/09 3:40 p.m.1 views

GHSA-99H5-PJCV-GR6V Better Auth: Unauthenticated API key creation through api-key plugin

Summary A critical authentication bypass was identified in the API key creation and update endpoints. An attacker could create or modify API keys for arbitrary users by supplying a victim’s user ID in the request body. Due to a flaw in how the authenticated user was derived, the endpoints could...

8.6CVSS7.5AI score0.18012EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-1957

Malware in sbrugna...

9.8CVSS8.1AI score0.0178EPSS
Exploits1References7
OSV
OSV
added 2025/08/21 2:54 p.m.5 views

GHSA-8HMM-4CRW-VM2C @musistudio/claude-code-router has improper CORS configuration

Impact Due to improper Cross-Origin Resource Sharing CORS configuration, there is a risk that user API Keys or equivalent credentials may be exposed to untrusted domains. Attackers could exploit this misconfiguration to steal credentials, abuse accounts, exhaust quotas, or access sensitive data...

9.3CVSS6.9AI score0.00285EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 8:49 p.m.2 views

CVE-2021-22257

An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. The route for /user.keys is not restricted on instances with public visibility disabled. This allows user...

5.3CVSS6.8AI score0.00908EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:54 a.m.5 views

CVE-2024-29841

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOPEDITUSERGETKEYSFIELDS, allowing for an unauthenticated attacker to return the keys value of any user...

7.5CVSS7.1AI score0.00498EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/08/07 12:0 a.m.5 views

PT-2024-29718 · Apache · Apache Cloudstack

Name of the Vulnerable Software and Affected Versions: Apache CloudStack versions 4.10.0 through 4.19.1.0 Description: The issue is caused by an access permission validation problem that allows domain admin accounts to query all registered account-users API and secret keys, including those of the...

7.2CVSS7.4AI score0.00946EPSS
Exploits0References11
CNNVD
CNNVD
added 2024/06/22 12:0 a.m.7 views

WordPress plugin Bricks Builder security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS6.9AI score0.00314EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/06/10 3:8 p.m.5 views

freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force

A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user...

8.1CVSS5.8AI score0.02053EPSS
Exploits1References5
OSV
OSV
added 2024/04/15 12:15 a.m.4 views

CVE-2024-29841

The Web interface of Evolution Controller Versions 2.04.560.31.03.2024 and below contains poorly configured access control on DESKTOPEDITUSERGETKEYSFIELDS, allowing for an unauthenticated attacker to return the keys value of any user...

7.5CVSS5.8AI score0.00583EPSS
Exploits0References1
CVE
CVE
added 2024/04/14 11:48 p.m.52 views

CVE-2024-29841

Technical details for CVE-2024-29841 are not publicly available in the provided documents. Monitor for updates.

7.5CVSS7AI score0.00498EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/14 12:0 a.m.4 views

PT-2024-23079

Name of the Vulnerable Software and Affected Versions Evolution Controller versions 2.04.560.31.03.2024 and below Description The issue concerns poorly configured access control on DESKTOP EDIT USER GET KEYS FIELDS in the Web interface, allowing an unauthenticated attacker to return the keys valu...

9.8CVSS6.5AI score0.00583EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/01/03 4:25 p.m.2 views

CVE-2023-46742 CubeFS leaks users key in logs

CubeFS is an open-source cloud-native file storage system. CubeFS prior to version 3.3.1 was found to leak users secret keys and access keys in the logs in multiple components. When CubeCS creates new users, it leaks the users secret key. This could allow a lower-privileged user with access to th...

4.8CVSS6.3AI score0.00271EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/01/03 4:25 p.m.48 views

CVE-2023-46742 CubeFS leaks users key in logs

CubeFS is an open-source cloud-native file storage system. CubeFS prior to version 3.3.1 was found to leak users secret keys and access keys in the logs in multiple components. When CubeCS creates new users, it leaks the users secret key. This could allow a lower-privileged user with access to th...

4.8CVSS6.5AI score0.00271EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/01/03 12:0 a.m.4 views

CubeFS Log Information Disclosure Vulnerability

CubeFS is a cloud-native file storage for CubeFS individual developers. A log information disclosure vulnerability exists in CubeFS versions prior to 3.3.1, which stems from disclosing user keys and access keys in logs...

6.5CVSS6.2AI score0.00271EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/12/11 12:0 a.m.5 views

PT-2023-25657 · Prolion · Prolion Cryptospike

Name of the Vulnerable Software and Affected Versions: ProLion CryptoSpike version 3.0.15P2 Description: The issue allows remote authenticated attackers to download host server SSH private keys associated with a Linux root user by injecting paths inside REST API endpoint parameters, specifically ...

6.5CVSS6.3AI score0.01241EPSS
Exploits1References5
Rows per page
Query Builder