Lucene search
K

33 matches found

CNNVD
CNNVD
added 2026/04/18 12:0 a.m.10 views

Movary 安全漏洞

Movary is a film review program developed by Lee Peuker personally. Versions of Movary prior to 0.71.1 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the routing definitions for the user management endpoint/settings/users did not enforce the use of only...

8.8CVSS5.8AI score0.00441EPSS
Exploits1References2
Veracode
Veracode
added 2026/04/04 5:28 a.m.8 views

Privilege Escalation

LiteLLM is vulnerable to Privilege Escalation. The vulnerability is due to missing admin authorization checks on the /config/update endpoint, which allows an authenticated attacker to modify configurations, execute arbitrary code, and access sensitive data...

8.8CVSS6AI score0.26409EPSS
Exploits2References10Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/30 6:52 p.m.7 views

OpenClaw: Gateway operator.write Can Reach Admin-Class Channel Allowlist Persistence via chat.send

Fixed in OpenClaw 2026.3.24, the current shipping release. Summary The shared /allowlist command persists channel authorization config through writeConfigFile... but does not re-validate gateway client scopes for internal gateway callers. Because chat.send is intentionally reachable to...

7.1CVSS5.9AI score0.00264EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.4 views

PT-2026-27187

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 26.1 Description AVideo is an open source video platform. Versions up to and including 26.0 lack authentication and authorization checks on the plugin/AD Server/reports.json.php endpoint. This allows unauthenticated...

5.3CVSS5.8AI score0.00315EPSS
Exploits1References5
NVD
NVD
added 2026/03/11 9:16 p.m.4 views

CVE-2026-32126

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, an inverted boolean condition in ControllerRouter::route causes the admin/super ACL check to be enforced only for controllers that already have their own internal authorizati...

8.1CVSS0.00261EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/03/09 7:54 p.m.14 views

OpenClaw: `operator.write` chat.send could reach admin-only config writes

Summary A gateway client authenticated with operator.write could route /config set or /config unset through chat.send and reach persistent config mutation even though direct config RPC methods are admin-scoped. Affected Packages / Versions - Package: openclaw npm - Latest published vulnerable...

5.8AI score
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.17 views

WordPress plugin User Submitted Posts – Enable Users to Submit Posts from the Front End 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

5.3CVSS5.8AI score0.00345EPSS
Exploits0References4
CVE
CVE
added 2026/01/24 7:26 a.m.16 views

CVE-2026-1103

CVE-2026-1103 affects the WordPress AIKTP plugin up to version 5.0.04. The vulnerability arises from missing authorization checks on the /aiktp/getToken REST endpoint, which uses verify_user_logged_in (only confirming login) and does not verify administrative capabilities. As a result, authentica...

5.4CVSS5.5AI score0.00239EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.5 views

AVideo 安全漏洞

AVideo is an open source broadcast network creation tool from World Wide Broadcast Network. A security vulnerability exists in AVideo versions prior to 20.0 that stems from a lack of ownership or administrative privilege checks on endpoints, which could cause a user with upload privileges to modi...

8.1CVSS6.9AI score0.00238EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.5 views

lunary 访问控制错误漏洞

Lunary is Lunary open source a production toolkit for LLM . A security vulnerability exists in lunary that stems from a user-created endpoint that does not restrict administrators from inviting users with billing roles, which can be exploited by an attacker to cause unauthorized access...

7.3CVSS7.2AI score0.00525EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/01/27 9:15 p.m.4 views

CVE-2023-0555

The Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those...

7.6CVSS6.2AI score0.00602EPSS
Exploits1References4
CNVD
CNVD
added 2018/02/05 12:0 a.m.3 views

Override Access Vulnerability in Tianrongxin Network Management System

TIANRONGXIN Network Defender Network Management System is a comprehensive network management system that realizes comprehensive management of network devices, servers, links, security devices, power supply, server room environment, and terminal PCs. The Tianrongxin Network Defender Network...

6.7AI score
Exploits0
OSV
OSV
added 2015/12/29 10:59 p.m.2 views

DEBIAN-CVE-2015-8467

The samldbcheckuseraccountcontrolacl function in dsdb/samdb/ldbmodules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote authenticated users to bypass...

7.5CVSS7.4AI score0.03131EPSS
Exploits0References1
Rows per page
Query Builder