Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

ATTACKERKB
ATTACKERKBadded 2024/10/25 5:15 p.m.1 views

CVE-2022-30356

OvalEdge 5.2.8.0 and earlier is affected by a Privilege Escalation vulnerability via a POST request to /user/assignuserrole via the userid and role parameters . Authentication is required with OEADMIN role privilege...

8.8CVSS5.8AI score0.00072EPSS
Exploits1References2
OSV
OSVadded 2024/10/25 5:15 p.m.4 views

CVE-2022-30356

OvalEdge 5.2.8.0 and earlier is affected by a Privilege Escalation vulnerability via a POST request to /user/assignuserrole via the userid and role parameters . Authentication is required with OEADMIN role privilege...

4.7CVSS5.8AI score0.00072EPSS
Exploits1References1
CNNVD
CNNVDadded 2024/10/25 12:0 a.m.2 views

OvalEdge 安全漏洞

OvalEdge is a solution from US-based OvalEdge that helps users create, manage and use data from a variety of sources through AI and human intelligence. A security vulnerability exists in OvalEdge version 5.2.8.0 and earlier, which stems from a POST request to /user/assignuserrole via the userid a...

8.8CVSS7AI score0.00072EPSS
Exploits1References1
CVE
CVEadded 2023/02/20 3:12 p.m.50 views

CVE-2023-25569

CVE-2023-25569 (Apollo portal) : Prior to version 2.1.0, a low-privileged user can trigger creation of a special web page that an authenticated portal admin might visit, allowing the page to silently issue a request to assign new roles to that user without admin confirmation. This is effectively ...

5.7CVSS5.5AI score0.00107EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blogadded 2022/11/10 11:56 p.m.16 views

eZ Platform users with the Company admin role can assign any role to any user

Critical severity. Users with the Company admin role introduced by the company account feature in v4 can assign any role to any user. This also applies to any other user that has the role / assign policy. Any subtree limitation in place does not have any effect. The role / assign policy is...

1.8AI score
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2020/03/16 5:4 p.m.10 views

CVE-2020-7916

beteacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 and earlier for WordPress allows any registered user to assign itself the teacher role via the wp-admin/admin-ajax.php?action=learnpressbeteacher URI without any additional permission checks. Therefore, any user can change its...

6.5AI score0.00382EPSS
Exploits0References1
FreeBSD
FreeBSDadded 2016/02/24 12:0 a.m.13 views

drupal -- multiple vulnerabilities

Drupal Security Team reports: File upload access bypass and denial of service File module - Drupal 7 and 8 - Moderately Critical Brute force amplification attacks via XML-RPC XML-RPC server - Drupal 6 and 7 - Moderately Critical Open redirect via path manipulation Base system - Drupal 6, 7 and 8 ...

0.2AI score
Exploits0References1
Rows per page
Query Builder