Lucene search
K

170 matches found

AlpineLinux
AlpineLinux
added 2024/11/27 7:15 a.m.4 views

CVE-2024-36467

An authenticated user with API access e.g.: user with default User role, more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group e.g.: Zabbix Administrators, except to groups that are disabled or having restricted GUI access...

8.8CVSS7AI score0.0073EPSS
Exploits1References1
OSV
OSV
added 2024/11/27 7:15 a.m.3 views

DEBIAN-CVE-2024-36467

An authenticated user with API access e.g.: user with default User role, more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group e.g.: Zabbix Administrators, except to groups that are disabled or having restricted GUI access...

8.8CVSS7.2AI score0.0073EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/11/27 12:0 a.m.4 views

Zabbix 授权问题漏洞

Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. Zabbix suffers from an authorization issue vulnerability that stems from the fact that a user with endpoint access to the user.update AP...

8.8CVSS7.3AI score0.0073EPSS
Exploits1References2
CVE
CVE
added 2024/06/30 4:10 p.m.68 views

CVE-2023-35022

CVE-2023-35022: IBM InfoSphere Information Server 11.7 contains an insecure authorization flaw that could allow a local user to update projects they are not authorized to access. The issue stems from weaknesses in the authorization mechanism, enabling unauthorized project modification (CVE descri...

3.3CVSS3.6AI score0.00162EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2024/06/11 12:0 a.m.1 views

Lunary Improper Access Control Vulnerability

lunary is lunary open source a production toolkit for LLM . An improper access control vulnerability exists in lunary, which can be exploited by an attacker to update any organization user as the organization owner...

8.1CVSS6.9AI score0.00494EPSS
Exploits1References1
wpexploit
wpexploit
added 2024/05/24 12:0 a.m.175 views

Inquiry Cart <= 3.4.2 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make a logged in admin open an HTML file containing: alert9995'...

9AI score0.00212EPSS
Exploits2
UbuntuCve
UbuntuCve
added 2024/05/01 6:15 a.m.31 views

CVE-2024-27017

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: walk over current view on netlink dump The generation mask can be updated while netlink dump is in progress. The pipapo set backend walk iterator cannot rely on it to infer what view of the datastructure ...

5.5CVSS6.3AI score0.00277EPSS
Exploits0References14
CVE
CVE
added 2024/05/01 5:30 a.m.220 views

CVE-2024-27017

CVE-2024-27017 affects the Linux kernel netfilter nft_set_pipapo backend. The issue arises when a generation mask is updated during an in-progress netlink dump, causing the read/update walk iterator to potentially infer the wrong view of the data structure. The advisory notes this vulnerability i...

5.5CVSS6.3AI score0.00277EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2024/03/06 10:53 a.m.13 views

BIT-DISCOURSE-2023-45147 Arbitrary keys can be added to a topic's custom fields by any user in Discourse

Discourse is an open source community platform. In affected versions any user can create a topic and add arbitrary custom fields to a topic. The severity of this vulnerability depends on what plugins are installed and how the plugins uses topic custom fields. For a default Discourse installation...

4.9CVSS4.7AI score0.00268EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/08 10:46 p.m.3 views

CVE-2024-25107 Cross-Site Scripting in WikiDiscover

WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. On Special:WikiDiscover, the Language::date function is used when making the human-readable timestamp for inclusion on the wikicreation column. This function uses interface messages to translate the nam...

4.9CVSS6.2AI score0.00402EPSS
Exploits0References3
Prion
Prion
added 2024/01/16 4:15 p.m.19 views

Command injection

The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings...

4CVSS6.9AI score0.0053EPSS
Exploits2References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/29 12:0 a.m.5 views

PT-2023-32917 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus versions up to 4.2.0 Description: A problematic vulnerability has been found in Novel-Plus, affecting an unknown part of the file /user/updateUserInfo of the component HTTP POST Request Handler. The manipulation of the nickName...

5.4CVSS4.4AI score0.00545EPSS
Exploits1References10
CNNVD
CNNVD
added 2023/12/29 12:0 a.m.3 views

Novel-Plus Cross-Site Scripting Vulnerability

Novel-Plus is an online social reading and writing platform from Novel-Plus, Inc. A cross-site scripting vulnerability exists in Novel-Plus 4.2.0 and earlier versions, which stems from the parameter nickName in the file /user/updateUserInfo that causes cross-site scripting...

5.4CVSS6AI score0.00545EPSS
Exploits1References5
OSV
OSV
added 2023/11/14 12:33 a.m.7 views

CVE-2023-47628 Session Expiration Misconfiguration in datahub

DataHub is an open-source metadata platform. DataHub Frontend's sessions are configured using Play Framework's default settings for stateless session which do not set an expiration time for a cookie. Due to this, if a session cookie were ever leaked, it would be valid forever. DataHub uses a...

4.2CVSS5.1AI score0.00379EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2023/08/25 6:41 p.m.28 views

Netmaker IDOR Allows User to Update Other User's Password

Impact An IDOR vulnerability was found in the user update function. By specifying another user's username it is possible to update the other user's password. Patches Issue is patched in 0.17.1, and fixed in 0.18.6+. If Users are using 0.17.1, they should run "docker pull gravitl/netmaker:v0.17.1"...

7.5CVSS6.8AI score0.00561EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/08/25 6:41 p.m.11 views

GHSA-256M-J5QW-38F4 Netmaker IDOR Allows User to Update Other User's Password

Impact An IDOR vulnerability was found in the user update function. By specifying another user's username it is possible to update the other user's password. Patches Issue is patched in 0.17.1, and fixed in 0.18.6+. If Users are using 0.17.1, they should run "docker pull gravitl/netmaker:v0.17.1"...

7.5CVSS7.4AI score0.00561EPSS
Exploits0References5
NVD
NVD
added 2023/08/24 10:15 p.m.32 views

CVE-2023-32078

Netmaker makes networks with WireGuard. An Insecure Direct Object Reference IDOR vulnerability was found in versions prior to 0.17.1 and 0.18.6 in the user update function. By specifying another user's username, it was possible to update the other user's password. The issue is patched in 0.17.1 a...

7.5CVSS7.3AI score0.00561EPSS
Exploits0References3
CVE
CVE
added 2023/08/24 9:35 p.m.74 views

CVE-2023-32078

CVE-2023-32078 : In Gravitl Netmaker (WireGuard-based networks), an insecure direct object reference (IDOR) vulnerability exists in the user update function that lets an attacker change another user’s password by providing a different username. Affected versions: before 0.17.1 and before 0.18.6. ...

7.5CVSS7.3AI score0.00561EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/24 9:35 p.m.11 views

CVE-2023-32078 Netmaker IDOR Vulnerability Allows User to Update Other User's Password

Netmaker makes networks with WireGuard. An Insecure Direct Object Reference IDOR vulnerability was found in versions prior to 0.17.1 and 0.18.6 in the user update function. By specifying another user's username, it was possible to update the other user's password. The issue is patched in 0.17.1 a...

7.5CVSS6.6AI score0.00561EPSS
Exploits0References3
OSV
OSV
added 2023/08/24 9:35 p.m.24 views

CVE-2023-32078 Netmaker IDOR Vulnerability Allows User to Update Other User's Password

Netmaker makes networks with WireGuard. An Insecure Direct Object Reference IDOR vulnerability was found in versions prior to 0.17.1 and 0.18.6 in the user update function. By specifying another user's username, it was possible to update the other user's password. The issue is patched in 0.17.1 a...

7.5CVSS7.4AI score0.00561EPSS
Exploits0References5
Rows per page
Query Builder