18 matches found
PocketBase 授权问题漏洞
PocketBase is an open-source real-time backend developed by PocketBase. Versions of PocketBase prior to 0.22.42 and 0.37.4 contained authorization-related vulnerabilities. These vulnerabilities occurred because, under certain circumstances, attackers could create and link unverified PocketBase...
CVE-2026-40349
Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can escalate their own account to administrator by sending isAdmin=true to PUT /settings/users/userId for their own user ID. The endpoint is intended to let a user ed...
EUVD-2019-6042
Malware in sbrugna...
EUVD-2022-28826
Malicious code in bioql PyPI...
EUVD-2021-8774
Malicious code in bioql PyPI...
CVE-2025-26521
When an Apache CloudStack user-account creates a CKS-based Kubernetes cluster in a project, the API key and the secret key of the 'kubeadmin' user of the caller account are used to create the secret config in the CKS-based Kubernetes cluster. A member of the project who can access the CKS-based...
CVE-2024-1666
In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar creation. The vulnerability stems from the lack of server-side checks to verify if a user is on a free account during the radar creation process, which is only enforced in the web UI. As a result,...
CVE-2024-1666
In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar creation. The vulnerability stems from the lack of server-side checks to verify if a user is on a free account during the radar creation process, which is only enforced in the web UI. As a result,...
CVE-2024-1666 Unauthorized Radar Creation in lunary-ai/lunary
In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar creation. The vulnerability stems from the lack of server-side checks to verify if a user is on a free account during the radar creation process, which is only enforced in the web UI. As a result,...
Lunary 安全漏洞
Lunary is a production toolkit for LLM that is open sourced by lunary. A security vulnerability exists in Lunary version 1.0.0 that stems from an authorization flaw in the application. An attacker exploiting the vulnerability could send a carefully crafted request directly to the server to bypass...
CVE-2024-1599
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2018-25044 uTorrent Guest Account privileges management
A vulnerability, which was classified as critical, has been found in uTorrent. This issue affects some unknown processing of the component Guest Account. The manipulation leads to privilege escalation. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...
CVE-2022-23904
The CVE-2022-23904 entry describes a CSRF vulnerability in Rainworx Auctionworx prior to 3.1R2. Affected product version(s) allow an authenticated user to upgrade their own account to admin, enabling access to the Auctionworx admin control panel (Enterprise and Events Edition). Root cause is CSRF...
SUSE: Security Advisory (SUSE-SU-2016:1024-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2019-14947
The ultimate-member plugin before 2.0.52 for WordPress has XSS during an account upgrade...
Design/Logic Flaw
The ultimate-member plugin before 2.0.52 for WordPress has XSS during an account upgrade...
CVE-2019-14947
The ultimate-member plugin before 2.0.52 for WordPress has XSS during an account upgrade...
CVE-2019-14947
The CVE-2019-14947 entry concerns the WordPress plugin Ultimate Member (pre-2.0.52). The vulnerability is an XSS weakness triggered during an account upgrade, affecting the plugin’s handling of user input. Public references in the connected documents confirm the affected software and the nature o...