Lucene search
K

206 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 8:10 a.m.8 views

CVE-2019-19989

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. Several PHP pages, and other type of files, are reachable by any user without checking for user identity and authorization...

7.5CVSS7.1AI score0.01341EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:40 a.m.14 views

CVE-2019-19885

In Bender COMTRAXX, user authorization is validated for most, but not all, routes in the system. A user with knowledge about the routes can read and write configuration data without prior authorization. This affects COM465IP, COM465DP, COM465ID, CP700, CP907, and CP915 devices before 4.2.0...

9.1CVSS6.9AI score0.00987EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:59 p.m.14 views

CVE-2005-2286

WebEOC before 6.0.2 does not properly check user authorization, which allows remote attackers to gain privileges via a direct request to a resource...

10CVSS7.3AI score0.02191EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.3 views

SudoLLM : on Multi-Role Alignment of Language Models

User authorization-based access privileges are a key feature in many safety-critical systems, but have thus far been absent from the large language model LLM realm. In this work, drawing inspiration from such access control systems, we introduce sudoLLM, a novel framework that results in multi-ro...

6.8AI score
Exploits0
OSV
OSV
added 2025/04/25 2:43 p.m.6 views

CVE-2025-3647 Moodle: idor when accessing the cohorts report

A flaw was discovered in Moodle. Additional checks were required to ensure that users can only access cohort data they are authorized to retrieve...

4.3CVSS6AI score0.00268EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/04/22 1:30 p.m.18 views

CVE-2025-3647

A flaw was discovered in Moodle. Additional checks were required to ensure that users can only access cohort data they are authorized to retrieve...

4.3CVSS7AI score0.00268EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/04/12 2:51 p.m.29 views

CVE-2025-0362

An issue has been discovered in GitLab CE/EE affecting all versions from 7.7 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions, an attacker could potentially trick users into unintentionally authorizing sensitive actions on their behalf...

6.5CVSS6.4AI score0.00265EPSS
Exploits0References1
OSV
OSV
added 2025/04/12 8:5 a.m.12 views

BIT-GITLAB-2025-0362 Improper Restriction of Rendered UI Layers or Frames in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 7.7 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions, an attacker could potentially trick users into unintentionally authorizing sensitive actions on their behalf...

6.5CVSS6AI score0.00265EPSS
Exploits0References3
NVD
NVD
added 2025/04/10 3:16 p.m.19 views

CVE-2025-0362

An issue has been discovered in GitLab CE/EE affecting all versions from 7.7 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions, an attacker could potentially trick users into unintentionally authorizing sensitive actions on their behalf...

6.5CVSS0.00265EPSS
Exploits0References2
CVE
CVE
added 2025/04/10 2:31 p.m.70 views

CVE-2025-0362

The CVE-2025-0362 entry applies to GitLab CE/EE and affects all versions prior to 17.8.7 (7.7–7.8.x line), 17.9 prior to 17.9.6, and 17.10 prior to 17.10.4. Under certain conditions, an attacker could trick users into unintentionally authorizing sensitive actions on their behalf. The issue is des...

6.5CVSS6.2AI score0.00265EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/04/10 2:31 p.m.29 views

CVE-2025-0362 Improper Restriction of Rendered UI Layers or Frames in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 7.7 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions, an attacker could potentially trick users into unintentionally authorizing sensitive actions on their behalf...

6.4CVSS0.00265EPSS
Exploits0References2
OSV
OSV
added 2025/04/10 2:31 p.m.10 views

CVE-2025-0362 Improper Restriction of Rendered UI Layers or Frames in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 7.7 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4. Under certain conditions, an attacker could potentially trick users into unintentionally authorizing sensitive actions on their behalf...

6.4CVSS6.4AI score0.00265EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/04/09 12:0 a.m.1 views

PT-2025-15992 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 7.7 through 17.8.6 GitLab CE/EE versions 17.9 through 17.9.5 GitLab CE/EE versions 17.10 through 17.10.3 Description: An issue has been discovered in GitLab CE/EE that could potentially allow an attacker to trick users...

6.6CVSS6.4AI score0.00265EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2025/04/01 12:0 a.m.5 views

PT-2025-14264 · WordPress · Wp Multi Store Locator

Name of the Vulnerable Software and Affected Versions: WP Multistore Locator versions n/a through 2.5.2 Description: A Cross-Site Request Forgery CSRF issue allows unauthorized actions to be performed on behalf of a user. This can lead to various security problems, including data modification or...

4.3CVSS6.4AI score0.00145EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/03/08 2:24 a.m.12 views

CVE-2025-1504 Post Lockdown <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Post Disclosure

The Post Lockdown plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.0.2 via the 'plautocomplete' AJAX action due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS0.00304EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/06 8:31 a.m.12 views

CVE-2025-1540 Incorrect Authorization in GitLab

An issue has been discovered in GitLab CE/EE for Self-Managed and Dedicated instances affecting all versions from 17.5 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. It was possible for a user added as an External to read and clone internal projects under certain circumstances."...

3.1CVSS6.7AI score0.0022EPSS
Exploits1References2
CVE
CVE
added 2025/02/17 2:1 p.m.124 views

CVE-2025-1391

CVE-2025-1391 : The issue is an improper authorization in the Keycloak organization mapper, where a user can be misrepresented as belonging to an organization in tokens if their username or email matches the organization’s domain pattern. The flaw is confined to token claims and does not imply tr...

5.4CVSS6.7AI score0.00378EPSS
Exploits0References6
Huntr
Huntr
added 2024/11/12 2:33 p.m.6 views

Improper Access Control Allows deleting other users' reminders

Description Because the report I reported before was exploited on the public, I created a new report to exploit on the local machine The vulnerability allows users to delete other users' prompts on the system via the groupid parameter Proof of Concept const deletePromptController = async req, res...

9.4CVSS9.2AI score0.00516EPSS
Exploits1
Cvelist
Cvelist
added 2024/11/09 12:43 a.m.17 views

CVE-2024-52313 data.all authenticated users can obtain incorrect object level authorizations

An authenticated data.all user is able to manipulate a getDataset query to fetch additional information regarding the parent Environment resource that the user otherwise would not able to fetch by directly querying the object via getEnvironment in data.all...

5.3CVSS0.00304EPSS
Exploits0References3
NVD
NVD
added 2024/10/02 5:15 p.m.50 views

CVE-2024-20432

A vulnerability in the REST API and web UI of Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. This vulnerability is due to improper user authorization and insufficient...

9.9CVSS0.0115EPSS
Exploits0References1
Rows per page
Query Builder