Lucene search
K

7 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-2571

Malicious code in bioql PyPI...

8.8CVSS6.5AI score0.00461EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/06 2:57 a.m.10 views

CVE-2025-21611

tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR'd instead of AND'ed with the role used to determine if a user was enabled. This allows enabled users access to most, but not all, authorized actions...

8.8CVSS6.7AI score0.00461EPSS
Exploits0References1
CVE
CVE
added 2025/01/06 3:38 p.m.106 views

CVE-2025-21611

CVE-2025-21611 affects tgstation-server (BYOND server management). Before version 6.12.3, the authorization check for API methods used OR between the user-enabled status and the role, instead of AND. This error allowed enabled users to access most authorized actions regardless of their permission...

8.8CVSS8.6AI score0.00461EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/01/06 3:38 p.m.11 views

CVE-2025-21611 tgstation-server's role authorization incorrectly OR'd with user's enabled status

tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR'd instead of AND'ed with the role used to determine if a user was enabled. This allows enabled users access to most, but not all, authorized actions...

8.8CVSS6.7AI score0.00461EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2019/05/02 12:0 a.m.39 views

Atlassian Confluence < 6.6.12 / 6.7.x < 6.12.3 / 6.13.x < 6.13.3 / 6.14.x < 6.14.2 Multiple Vulnerabilities

Binary data 700661.prm...

10CVSS9.8AI score0.99913EPSS
Exploits20References3
GithubExploit
GithubExploit
added 2019/04/20 8:7 a.m.137 views

Exploit for Path Traversal in Atlassian Confluence_Server

cve-2019-3398 Details A quick python proof of concept for C...

9CVSS8.8AI score0.97153EPSS
Exploits10
0day.today
0day.today
added 2019/04/18 12:0 a.m.775 views

Atlassian Confluence Widget Connector Macro Velocity Template Injection Exploit

Widget Connector Macro is part of Atlassian Confluence Server and Data Center that allows embed online videos, slideshows, photostreams and more directly into page. A template parameter can be used to inject remote Java code into a Velocity template, and gain code execution. Authentication is not...

10CVSS9.9AI score0.99913EPSS
Exploits20
Rows per page
Query Builder