Lucene search
K

41 matches found

Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.13 views

PT-2026-41825

The /api/v1/autotranslate.translateMessage endpoint in versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12 allows any authenticated user to retrieve the full content of any message from any room private groups, direct messages, channels by simply providing the target message ID...

5.3CVSS6.1AI score0.00252EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/20 9:37 p.m.9 views

CVE-2025-65020

Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.4, an Insecure Direct Object Reference IDOR vulnerability in the poll duplication endpoint /api/trpc/polls.duplicate allows any authenticated user to duplicate polls they do not own by modifying the pollId parameter...

6.5CVSS6.7AI score0.00213EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/11/07 12:0 a.m.7 views

PT-2025-45466

Name of the Vulnerable Software and Affected Versions Onlook web application version 0.2.32 Description A Broken Object Level Authorization BOLA issue exists in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application. The API does not properly validate if the...

7.6CVSS5.5AI score0.0026EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-11832

Malware in sbrugna...

8.5CVSS8.6AI score0.00648EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2011-2708

Malware in sbrugna...

7.5CVSS6.4AI score0.01289EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-11791

Malware in sbrugna...

8.8CVSS8.5AI score0.00612EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2025-24544

Malicious code in bioql PyPI...

7.2CVSS6.7AI score0.00168EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-52748

Malicious code in bioql PyPI...

5.7CVSS5.8AI score0.00481EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-51188

Malicious code in bioql PyPI...

9.8CVSS8.7AI score0.00539EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-20247

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromise...

7.4CVSS7AI score0.0188EPSS
Exploits1References2
CNVD
CNVD
added 2025/07/25 12:0 a.m.6 views

WeGIA SQL Injection Vulnerability (CNVD-2025-17268)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the /html/funcionario/profiledependente.php endpoint iddependente parameter. An attacker could exploit this...

9.4CVSS8.2AI score0.00458EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/07/17 12:0 a.m.5 views

The vulnerability of the Unified Audit component of the Oracle Database Server system allows a perpetrator to gain access to read, modify, and delete information.

The vulnerability of the Unified Audit component of the Oracle Database Server management system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain access to read, modify, and delete data...

4CVSS7.2AI score0.00232EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/03/11 10:15 p.m.7 views

AZL-62432 CVE-2025-27101 affecting package opal 3.10.11-13

Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, when copying any parent directory to a folder in the /temp/ directory, all files in that parent directory are copied, including files which the user should not have access to. All users of t...

8.6CVSS5.8AI score0.00523EPSS
Exploits0References1
NVD
NVD
added 2025/03/03 4:15 p.m.19 views

CVE-2025-25185

GPT Academic provides interactive interfaces for large language models. In 3.91 and earlier, GPT Academic does not properly account for soft links. An attacker can create a malicious file as a soft link pointing to a target file, then package this soft link file into a tar.gz file and upload it...

7.5CVSS0.00587EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/02/04 10:17 a.m.23 views

CVE-2025-24860 Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions

Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control...

0.0099EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/04 10:17 a.m.16 views

CVE-2025-24860 Apache Cassandra: CassandraNetworkAuthorizer and CassandraCIDRAuthorizer can be bypassed allowing access to different network regions

Incorrect Authorization vulnerability in Apache Cassandra allowing users to access a datacenter or IP/CIDR groups they should not be able to when using CassandraNetworkAuthorizer or CassandraCIDRAuthorizer. Users with restricted data center access can update their own permissions via data control...

5.5AI score0.0099EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/04 9:37 a.m.24 views

CVE-2025-23015 Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. Operators granting data MODIFY permission on all keyspaces on...

0.00877EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/27 12:0 a.m.5 views

PT-2025-5589 · Apache · Apache Cassandra

Name of the Vulnerable Software and Affected Versions: Apache Cassandra versions 4.0.0 through 4.0.15 Apache Cassandra versions 4.1.0 through 4.1.7 Apache Cassandra versions 5.0.0 through 5.0.2 Description: The issue allows users to access a datacenter or IP/CIDR groups they should not be able to...

9CVSS5.4AI score0.0099EPSS
Exploits0References16
CNNVD
CNNVD
added 2025/01/21 12:0 a.m.5 views

Oracle JD Edwards Products 安全漏洞

Oracle JD Edwards Products is a fully integrated suite of Enterprise Resource Planning ERP applications from Oracle Corporation USA. The products provide application modules for financial management, project management, and asset lifecycle management. A security vulnerability exists in Oracle JD...

5.4CVSS8AI score0.00187EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/10/15 12:0 a.m.3 views

Oracle PeopleSoft Enterprise PeopleTools 安全漏洞

Oracle PeopleSoft Enterprise PeopleTools is Oracle's technology for providing PeopleSoft applications with the ability to stay in sync with users' needs and expectations. A security vulnerability exists in Oracle PeopleSoft Enterprise PeopleTools. An attacker could exploit the vulnerability to...

8.1CVSS8.1AI score0.00511EPSS
Exploits0References2
Rows per page
Query Builder