Lucene search
K

9 matches found

OSV
OSV
added 2025/05/30 3:30 p.m.9 views

GHSA-J63J-7R7R-5V4J WSO2 products vulnerable to privilege escalation due to business logic flaw in SOAP admin services

A privilege escalation vulnerability exists in multiple WSO2 products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met: SOAP admin services are accessible to the attacker. The...

4.2CVSS7.2AI score0.00594EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/05/30 2:54 p.m.17 views

CVE-2024-7096 Privilege Escalation in Multiple WSO2 Products via SOAP Admin Service Due to Business Logic Flaw

A privilege escalation vulnerability exists in multiple WSO2 products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met: SOAP admin services are accessible to the attacker. The...

4.2CVSS6.4AI score0.00594EPSS
Exploits0References1
OSV
OSV
added 2024/07/18 3:22 p.m.56 views

GHSA-XMVG-335G-X44Q The OpenSearch reporting plugin improperly controls tenancy access to reporting resources

Summary An issue in the OpenSearch reporting plugin allows unintended access to private tenant resources like notebooks. The system did not properly check if the user was the resource author when accessing resources in a private tenant, leading to potential data being revealed. Impact The lack of...

5.4CVSS5.4AI score0.00305EPSS
Exploits0References5
Veracode
Veracode
added 2024/07/18 9:43 a.m.13 views

Authorization Bypass

silverstripe/reports is vulnerable to Authorization Bypass. The vulnerability is due to a flaw in the implementation of access control mechanisms within the ReportAdmin.php. It allows direct URL access to reports by any user who has access to the reports admin section, irrespective of whether the...

4.3CVSS6.6AI score0.00404EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/06/20 12:36 p.m.29 views

CVE-2023-49112 Insecure Direct Object Reference in Kiuwan SAST

Kiuwan provides an API endpoint /saas/rest/v1/info/application to get information about any application, providing only its name via the "application" parameter. This endpoint lacks proper access control mechanisms, allowing other authenticated users to read information about applications, even...

0.00517EPSS
Exploits1References2
NVD
NVD
added 2024/06/04 8:15 p.m.23 views

CVE-2024-4520

An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically in version 20240410. This vulnerability allows any user on the server to access the chat history of any other user without requiring any form of interaction between the users. Exploitation ...

7.5CVSS7.3AI score0.00523EPSS
Exploits1References2
Veracode
Veracode
added 2024/03/29 9:25 a.m.16 views

Improper Access Control

nautobot is vulnerable to Improper Access Control. The vulnerability is due to inadequate access control mechanisms where several Nautobot URL endpoints will not disclose any Nautobot data unless the configuration variable EXEMPTVIEWPERMISSIONS is modified from its default value, allowing...

3.7CVSS6.9AI score0.00628EPSS
Exploits0References7Affected Software1
The Hacker News
The Hacker News
added 2023/07/05 10:46 a.m.49 views

Secrets, Secrets Are No Fun. Secrets, Secrets (Stored in Plain Text Files) Hurt Someone

Secrets are meant to be hidden or, at the very least, only known to a specific and limited set of individuals or systems. Otherwise, they aren't really secrets. In personal life, a secret revealed can damage relationships, lead to social stigma, or, at the very least, be embarrassing. In a...

9.8CVSS7.2AI score0.85689EPSS
Exploits10
Cvelist
Cvelist
added 2016/11/07 11:0 a.m.22 views

CVE-2016-9111

Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection of a LAN cable. NOTE: as of 20161208, the vendor could not reproduce the issue, stating "the...

6.5AI score0.01783EPSS
Exploits5References5
Rows per page
Query Builder