Lucene search
K

18 matches found

CNNVD
CNNVD
added 2026/05/12 12:0 a.m.7 views

PocketBase 授权问题漏洞

PocketBase is an open-source real-time backend developed by PocketBase. Versions of PocketBase prior to 0.22.42 and 0.37.4 contained authorization-related vulnerabilities. These vulnerabilities occurred because, under certain circumstances, attackers could create and link unverified PocketBase...

7.6CVSS5.8AI score0.00247EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/20 7:22 p.m.5 views

CVE-2026-40349

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can escalate their own account to administrator by sending isAdmin=true to PUT /settings/users/userId for their own user ID. The endpoint is intended to let a user ed...

8.8CVSS5.7AI score0.0053EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-6042

Malware in sbrugna...

5.4CVSS5.4AI score0.00886EPSS
Exploits2References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-28826

Malicious code in bioql PyPI...

8CVSS7.9AI score0.00432EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-8774

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.01412EPSS
Exploits0References1
OSV
OSV
added 2025/06/10 11:15 p.m.5 views

CVE-2025-26521

When an Apache CloudStack user-account creates a CKS-based Kubernetes cluster in a project, the API key and the secret key of the 'kubeadmin' user of the caller account are used to create the secret config in the CKS-based Kubernetes cluster. A member of the project who can access the CKS-based...

8.1CVSS9.3AI score
Exploits0References3
NVD
NVD
added 2024/04/16 12:15 a.m.20 views

CVE-2024-1666

In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar creation. The vulnerability stems from the lack of server-side checks to verify if a user is on a free account during the radar creation process, which is only enforced in the web UI. As a result,...

7.5CVSS7.5AI score0.00457EPSS
Exploits1References2
OSV
OSV
added 2024/04/16 12:15 a.m.22 views

CVE-2024-1666

In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar creation. The vulnerability stems from the lack of server-side checks to verify if a user is on a free account during the radar creation process, which is only enforced in the web UI. As a result,...

5.3CVSS6.7AI score0.00457EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/04/16 12:0 a.m.18 views

CVE-2024-1666 Unauthorized Radar Creation in lunary-ai/lunary

In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar creation. The vulnerability stems from the lack of server-side checks to verify if a user is on a free account during the radar creation process, which is only enforced in the web UI. As a result,...

7.5CVSS7.7AI score0.00457EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.4 views

Lunary 安全漏洞

Lunary is a production toolkit for LLM that is open sourced by lunary. A security vulnerability exists in Lunary version 1.0.0 that stems from an authorization flaw in the application. An attacker exploiting the vulnerability could send a carefully crafted request directly to the server to bypass...

7.5CVSS7.5AI score0.00457EPSS
Exploits1References2
OSV
OSV
added 2024/04/10 5:15 p.m.15 views

CVE-2024-1599

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

6.6AI score
Exploits0
Vulnrichment
Vulnrichment
added 2022/06/17 4:45 a.m.6 views

CVE-2018-25044 uTorrent Guest Account privileges management

A vulnerability, which was classified as critical, has been found in uTorrent. This issue affects some unknown processing of the component Guest Account. The manipulation leads to privilege escalation. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...

6.3CVSS9AI score0.0093EPSS
Exploits1References3
CVE
CVE
added 2022/05/02 10:30 a.m.69 views

CVE-2022-23904

The CVE-2022-23904 entry describes a CSRF vulnerability in Rainworx Auctionworx prior to 3.1R2. Affected product version(s) allow an authenticated user to upgrade their own account to admin, enabling access to the Auctionworx admin control panel (Enterprise and Events Edition). Root cause is CSRF...

8CVSS7.8AI score0.00432EPSS
Exploits1References2Affected Software1
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.23 views

SUSE: Security Advisory (SUSE-SU-2016:1024-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.2AI score0.3693EPSS
Exploits0References15
NVD
NVD
added 2019/08/12 4:15 p.m.18 views

CVE-2019-14947

The ultimate-member plugin before 2.0.52 for WordPress has XSS during an account upgrade...

5.4CVSS5.4AI score0.00886EPSS
Exploits2References2
Prion
Prion
added 2019/08/12 4:15 p.m.15 views

Design/Logic Flaw

The ultimate-member plugin before 2.0.52 for WordPress has XSS during an account upgrade...

3.5CVSS5.3AI score0.00886EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2019/08/12 3:27 p.m.15 views

CVE-2019-14947

The ultimate-member plugin before 2.0.52 for WordPress has XSS during an account upgrade...

5.4AI score0.00886EPSS
Exploits2References2
CVE
CVE
added 2019/08/12 3:27 p.m.55 views

CVE-2019-14947

The CVE-2019-14947 entry concerns the WordPress plugin Ultimate Member (pre-2.0.52). The vulnerability is an XSS weakness triggered during an account upgrade, affecting the plugin’s handling of user input. Public references in the connected documents confirm the affected software and the nature o...

5.4CVSS5.3AI score0.00886EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder