Lucene search
K

300 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-54675

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00331EPSS
Exploits0References2
Veracode
Veracode
added 2025/09/02 5:1 a.m.4 views

Missing Authorization

Mattermost Confluence Plugin is vulnerable to Missing Authorization. The vulnerability is due to missing access validation due to failure to check user permissions when editing channel subscriptions via the API...

4CVSS6.7AI score0.00183EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2025/09/01 9:4 a.m.5 views

Server-Side Request Forgery (SSRF)

Liferay Portal is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper access validation due to crafted URLs in FreeMarker templates that allow template editors to bypass restrictions...

5.1CVSS7AI score0.00215EPSS
Exploits0References3Affected Software3
NVD
NVD
added 2025/08/09 5:15 a.m.6 views

CVE-2025-4655

SSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows template editor...

5.1CVSS0.00215EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/07/21 12:30 p.m.7 views

Apache Jena doesn't validate file access paths in configuration files uploaded by users with administrator access

File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload...

8.8CVSS7.2AI score0.00937EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/07/02 8:15 p.m.7 views

CVE-2025-34076

An authenticated local file inclusion vulnerability exists in Microweber CMS versions = 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and /api/BackupV2/download endpoints to read arbitrary files from the underlying filesystem. By...

7.2CVSS0.01315EPSS
Exploits2References6
NVD
NVD
added 2025/06/23 10:15 a.m.11 views

CVE-2024-45347

An unauthorized access vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to Unauthorized access to the victim’s device...

9.6CVSS0.00229EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 11:59 a.m.20 views

CVE-2025-22828

CloudStack users can add and read comments annotations on resources they are authorised to access. Due to an access validation issue that affects Apache CloudStack versions from 4.16.0, users who have access, prior access or knowledge of resource UUIDs can list and add comments annotations to suc...

4.3CVSS6.7AI score0.01912EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:6 a.m.7 views

CVE-2024-1526

The Hubbub Lite WordPress plugin before 1.33.1 does not ensure that user have access to password protected post before displaying its content in a meta tag...

5.3CVSS6.8AI score0.00516EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:28 p.m.10 views

CVE-2022-44565

An improper access validation vulnerability exists in airMAX AC 8.7.11, airFiber 60/LR 2.6.2, airFiber 60 XG/HD...

5.3CVSS5.7AI score0.00427EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:21 a.m.9 views

CVE-2019-15874

In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11.3-RELEASE-p8, incomplete packet data validation may result in memory access after it has been freed leading to a kernel panic or other unpredictable results...

9.8CVSS6.8AI score0.01321EPSS
Exploits0References1
OSV
OSV
added 2025/05/21 5:28 p.m.5 views

DRUPAL-CONTRIB-2025-065

This module provides a block to easily display a rendered node. Access to the rendered node isn't validated before rendering the block. Allowing access to node content for users that would normally not be allowed to access the node...

5.3CVSS6.7AI score0.00229EPSS
Exploits0References1
NVD
NVD
added 2025/04/16 3:15 p.m.8 views

CVE-2025-22038

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate zero numsubauth before subauth is accessed Access psid-subauthpsid-numsubauth - 1 without checking if numsubauth is non-zero leads to an out-of-bounds read. This patch adds a validation step to ensure numsubauth !...

7.1CVSS0.00238EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2025/04/16 2:12 p.m.11 views

CVE-2025-22079

In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate ltreedepth to avoid out-of-bounds access The ltreedepth field is 16-bit le16, but the actual maximum depth is limited to OCFS2MAXPATHDEPTH. Add a check to prevent out-of-bounds access if ltreedepth has an invalid...

7.1CVSS5.6AI score0.00189EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/04/16 2:11 p.m.3 views

CVE-2025-22038 ksmbd: validate zero num_subauth before sub_auth is accessed

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate zero numsubauth before subauth is accessed Access psid-subauthpsid-numsubauth - 1 without checking if numsubauth is non-zero leads to an out-of-bounds read. This patch adds a validation step to ensure numsubauth !...

6.2AI score0.00238EPSS
Exploits0References6
CNVD
CNVD
added 2025/03/13 12:0 a.m.5 views

Cisco Content Security Management Appliance Access Authentication Error Vulnerability

Cisco Content Security Management Appliance SMA is a set of content security management equipment from Cisco Cisco. The appliance is mainly used to manage all policies, reports, audit information, etc. for e-mail and Web security devices. The Cisco Content Security Management Appliance has an...

5.3CVSS6.9AI score0.00359EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2024-36893

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Check for port partner validity before consuming it typecregisterpartner...

5.5CVSS6.2AI score0.00227EPSS
Exploits0References3
OSV
OSV
added 2025/02/26 1:56 a.m.10 views

CVE-2022-49289 uaccess: fix integer overflow on access_ok()

In the Linux kernel, the following vulnerability has been resolved: uaccess: fix integer overflow on accessok Three architectures check the end of a user access against the address limit without taking a possible overflow into account. Passing a negative length or another overflow in here returns...

7.1CVSS5.2AI score0.00251EPSS
Exploits0References7
OSV
OSV
added 2025/02/19 4:42 p.m.25 views

CVE-2025-27089 Overlapping policies allow update to non-allowed fields in directus

Directus is a real-time API and App dashboard for managing SQL database content. In affected versions if there are two overlapping policies for the update action that allow access to different fields, instead of correctly checking access permissions against the item they apply for the user is...

5.4CVSS7.2AI score0.0022EPSS
Exploits0References4
OSV
OSV
added 2025/01/13 1:16 p.m.5 views

CVE-2025-22828

CloudStack users can add and read comments annotations on resources they are authorised to access. Due to an access validation issue that affects Apache CloudStack versions from 4.16.0, users who have access, prior access or knowledge of resource UUIDs can list and add comments annotations to suc...

4.3CVSS5.8AI score0.01912EPSS
Exploits0References2
Rows per page
Query Builder