Lucene search
K

32 matches found

Snyk
Snyk
added 2026/05/14 2:57 p.m.14 views

Incomplete List of Disallowed Inputs

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs inadequate input validation in the validateCommandFlags and validateArgsForLocalFileAccess functions. An attacker can execute arbitrary commands on the server by bypassi...

8.8CVSS6.1AI score
Exploits0References2
Veeam
Veeam
added 2026/02/24 12:0 a.m.30 views

Veeam ONE Upgrade Fails with "Win32 exception occurred while executing SQL script."

Challenge When upgrading Veeam ONE from version 12.3 to version 13, the following error occurs: Win32 exception occurred while executing SQL script. Error code: 0x80004004. Error details: The SELECT permission was denied on the object 'sysjobs', database 'msdb', schema 'dbo'. Cause This error...

5.8AI score
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 11:41 a.m.8 views

CVE-2001-1514

ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to 1 child processes created with and 2 child processes that call the CreateProcess function and are executed with or end with the CFX extension...

10CVSS7.4AI score0.01422EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:0 a.m.13 views

CVE-2023-29057

A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then LDAP”...

8.8CVSS6.8AI score0.005EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:31 a.m.8 views

CVE-2019-16919

Harbor API has a Broken Access Control vulnerability. The vulnerability allows project administrators to use the Harbor API to create a robot account with unauthorized push and/or pull access permissions to a project they don't have access or control for. The Harbor API did not enforce the proper...

7.5CVSS6.7AI score0.01711EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/26 12:0 a.m.5 views

PT-2025-53445

Name of the Vulnerable Software and Affected Versions Nozomi Networks affected versions not specified Description Inadequate permission management exists for the camera guest account. The issue affects Industrial Control Systems ICS and OT/IoT security. The manufacturer has released a patch...

6.3CVSS6.6AI score0.00212EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2001-1491

Malware in sbrugna...

10CVSS6.4AI score0.01422EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2020-5499

Malware in sbrugna...

4.3CVSS6.9AI score0.00991EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2017-5930

Malware in sbrugna...

7.8CVSS7.6AI score0.0034EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-38203

Malicious code in bioql PyPI...

8.1CVSS8.1AI score0.00829EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-32660

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.005EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/04/15 9:45 p.m.23 views

NATS Server may fail to authorize certain Jetstream admin APIs

Advisory The management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially exposed into regular accounts to allow account holders to manage their assets. Some of the JS API requests were missing access controls, allowing any user with ...

9.6CVSS7AI score0.00561EPSS
Exploits0References7Affected Software1
CNNVD
CNNVD
added 2024/11/14 12:0 a.m.6 views

Harbor 授权问题漏洞

Harbor is an open source registry from Harbor Open Source. Artifacts are protected through policy and role-based access control, ensuring that images are scanned and free of vulnerabilities, and signing images as trusted. An authorization issue vulnerability exists in Harbor 2.4.2 and prior...

6.4CVSS6.4AI score0.00499EPSS
Exploits0References1
NVD
NVD
added 2024/09/07 5:15 p.m.31 views

CVE-2024-39718

An improper input validation vulnerability that allows a low-privileged user to remotely remove files on the system with permissions equivalent to those of the service account...

8.1CVSS0.00829EPSS
Exploits0References1
CVE
CVE
added 2024/09/07 4:11 p.m.81 views

CVE-2024-39718

CVE-2024-39718 is a vulnerability in Veeam Backup & Replication 12.x (notably affected builds include 12.1.2.172 and earlier) where a low-privileged user can remotely remove files with the service account’s permissions due to improper input validation. Connected sources confirm this CVE affects m...

8.1CVSS6.8AI score0.00829EPSS
Exploits0References1Affected Software1
0day.today
0day.today
added 2023/12/18 12:0 a.m.563 views

PKP-WAL 3.4.0-3 Remote Code Execution Exploit

PKP Web Application Library PKP-WAL versions 3.4.0-3 and below, as used in Open Journal Systems OJS, Open Monograph Press OMP, and Open Preprint Systems OPS before versions 3.4.0-4 or 3.3.0-16, suffer from a NativeImportExportPlugin related remote code execution vulnerability...

5.3CVSS8.2AI score0.00618EPSS
Exploits2
Huntr
Huntr
added 2023/09/20 6:14 p.m.7 views

Deleted account still has the right to create, delete other accounts (delete surveys)

Description An account that has been deleted still has the right to create, delete surveys other accounts Proof of Concept Video Poc https://drive.google.com/file/d/1kvNqK8tYvWDabLigI6dZsp4kpKKkrfIx/view?usp=sharing...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2023/09/14 8:24 a.m.32 views

CVE-2023-4958

In Red Hat Advanced Cluster Security RHACS, it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptivel...

6.1CVSS6.8AI score0.00533EPSS
Exploits0References3
OSV
OSV
added 2023/04/28 9:15 p.m.3 views

CVE-2023-29057

A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then LDAP”...

8.8CVSS5.8AI score0.005EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/04/28 8:53 p.m.24 views

CVE-2023-29057

A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then LDAP”...

7.3CVSS8.7AI score0.005EPSS
Exploits0References1
Rows per page
Query Builder