Lucene search
+L

73 matches found

OSV
OSV
added 2025/07/11 3:15 p.m.7 views

CVE-2025-52963

An Improper Access Control vulnerability in the User Interface UI of Juniper Networks Junos OS allows a local, low-privileged attacker to bring down an interface, leading to a Denial-of-Service. Users with "view" permissions can run a specific request interface command which allows the user to sh...

6.8CVSS5.8AI score0.00136EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:8 p.m.7 views

CVE-2022-39291

ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with "View" system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request...

5.4CVSS6.2AI score0.05195EPSS
Exploits4References1
CNNVD
CNNVD
added 2024/12/18 12:0 a.m.4 views

IBM i 安全漏洞

IBM i is a suite of operating systems from International Business Machines IBM running in IBM Power Systems and IBM PureSystems. A security vulnerability exists in IBM i versions 7.4 and 7.5 that stems from vulnerability to an authenticated user who has gained elevated privileges to a physical...

6.8CVSS6.2AI score0.00329EPSS
Exploits0References2
CVE
CVE
added 2024/11/27 6:27 p.m.101 views

CVE-2024-53855

Centurion ERP prior to 1.3.1 allows an authenticated user with certain ticket-view permissions (view_ticket_change, view_ticket_incident, view_ticket_request, view_ticket_problem) to view tickets belonging to other organizations when using the API endpoints for tickets. The UI and Project Tasks a...

4.3CVSS6.8AI score0.00432EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/11/27 6:27 p.m.7 views

CVE-2024-53855 User can view tickets from organizations they're not apart of in centurion_erp

Centurion ERP Enterprise Rescource Planning is a simple application developed to provide open source IT management with a large emphasis on the IT Service Management ITSM modules. A user who is authenticated and has view permissions for a ticket, can view the tickets of another organization they...

1.9CVSS6.4AI score0.00432EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/03/25 12:0 a.m.12 views

PT-2024-22801

Name of the Vulnerable Software and Affected Versions Nautobot versions prior to 1.6.16 Nautobot versions prior to 2.1.9 Description A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated users. These endpoints include "/api/graphql/",...

5.3CVSS5.9AI score0.00628EPSS
Exploits0References19
Snyk
Snyk
added 2024/02/20 9:30 a.m.1 views

Incorrect Default Permissions

Overview com.liferay:com.liferay.journal.web is a Liferay Journal Web Affected versions of this package are vulnerable to Incorrect Default Permissions due to the default assignment of view permissions to guest users for web content templates via the UI or API. Remediation Upgrade...

6.9CVSS6.9AI score0.00481EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/01/23 1:8 p.m.23 views

CVE-2023-44401 Silverstripe GraqhQL's view permissions are bypassed for paginated lists of ORM data

The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQL representations. In versions 4.0.0 prior to 4.3.7 and 5.0.0 prior to 5.1.3, canView permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number o...

5.3CVSS5.4AI score0.00419EPSS
Exploits0References2
Friends Of PHP
Friends Of PHP
added 2024/01/22 11:19 p.m.23 views

CVE-2023-44401 View permissions are bypassed for paginated lists of ORM data in GraphQL queries

More info at https://www.silverstripe.org/download/security-releases/CVE-2023-44401...

5.3CVSS7.2AI score0.00419EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/13 4:31 p.m.23 views

Strapi may leak sensitive user information, user reset password, tokens via content-manager views

Summary I can get access to user reset password tokens if I have the configure view permissions Details /content-manager/relations route does not remove private fields or ensure that they can't be selected PoC Install fresh strapi instance start up strapi and create an account create a new...

5.8CVSS6.9AI score0.00565EPSS
Exploits1References4Affected Software3
Veracode
Veracode
added 2023/08/06 7:54 p.m.17 views

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability exists due to lack of view permissions of trigger tokens which allows an attacker to expose trigger tokens configured on that project...

6.5CVSS6.8AI score0.01227EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2023/08/06 7:54 p.m.21 views

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability exists due to lack of view permissions on members which allows an attacker to gain access to the members of private groups...

4.3CVSS7AI score0.00801EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/07/28 12:0 a.m.6 views

PT-2023-32999 · Umami · Umami

Name of the Vulnerable Software and Affected Versions: Umami affected versions not specified Description: The issue allows anyone with a share link to reset website data. When a user navigates to a /share/ URL, they receive a share token used for authentication, which is later verified by useAuth...

9.6CVSS6.8AI score
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:2 a.m.5 views

SUSE CVE-2016-5012

In Moodle 3.x, glossary search displays entries without checking user permissions to view them...

5.3CVSS6.9AI score0.01098EPSS
Exploits0References3
OSV
OSV
added 2022/10/07 9:15 p.m.2 views

DEBIAN-CVE-2022-39291

ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with "View" system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request...

5.4CVSS6.3AI score0.05195EPSS
Exploits4References1
Positive Technologies
Positive Technologies
added 2022/10/07 12:0 a.m.6 views

PT-2022-24874 · Unknown +2 · Zoneminder +2

Name of the Vulnerable Software and Affected Versions: ZoneMinder affected versions not specified Description: The issue allows users with "View" system permissions to inject new data into the logs stored by ZoneMinder through an HTTP POST request to the "/zm/index.php" endpoint. This could affec...

9.8CVSS7.1AI score0.80462EPSS
Exploits29References52
OSV
OSV
added 2022/10/07 12:0 a.m.27 views

CVE-2022-39291 Denial of service through logs in zoneminder

ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with "View" system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request...

5.4CVSS5.5AI score0.05195EPSS
Exploits4References8
Positive Technologies
Positive Technologies
added 2022/05/04 12:0 a.m.7 views

PT-2022-13917 · Octopus Deploy +1 · Octopus Server +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns improper verification of permissions in the API for projects using Git version control. This flaw allows users with only ProjectView...

4.3CVSS4.4AI score0.00502EPSS
Exploits0References4
OSV
OSV
added 2021/11/19 7:15 p.m.6 views

CVE-2021-22967

In Concrete CMS formerly concrete 5 below 8.5.7, IDOR Allows Unauthenticated User to Access Restricted Files If Allowed to Add Message to a Conversation.To remediate this, a check was added to verify a user has permissions to view files before attaching the files to a message in "add / edit...

7.5CVSS6.7AI score
Exploits0References2
OSV
OSV
added 2019/12/04 9:26 p.m.8 views

GHSA-HVMF-R92R-27HR Django allows unintended model editing

Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests,...

7.1CVSS6.9AI score0.01656EPSS
Exploits0References13
Rows per page
Query Builder