CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-6762

Malicious code in bioql PyPI...

4.3CVSS6.3AI score0.00181EPSS

Exploits1References5

OSV•added 2024/05/27 11:15 p.m.•1 views

CVE-2024-36428

OrangeHRM 3.3.3 allows admin/viewProjects sortOrder SQL injection...

8.1CVSS8.2AI score

Exploits0References2

Veracode•added 2022/09/30 2:57 a.m.•22 views

Privilege Escalation

github.com/bytebase/bytebase is vulnerable to privilege escalation. The vulnerability exists due to a lack of verification and validation of users allowing an attacker to access admin 'projects' at endpoint “/api/project?user=$userId”...

5AI score0.00181EPSS

Exploits1References3Affected Software1

OSV•added 2022/09/29 12:0 a.m.•15 views

GHSA-9MMC-27GW-W6MQ Bytebase allows low-privilege users to view admin projects

Overview The "Bytebase" application does not restrict low privilege user from accessing admin projects Details The "Bytebase" application does not restrict low privilege user from accessing admin projects for which an unauthorized user can view the "projects" created by "Admin". The affected...

4.3CVSS6.2AI score0.00181EPSS

Exploits1References4

Github Security Blog•added 2022/09/29 12:0 a.m.•18 views

Bytebase allows low-privilege users to view admin projects

4.3CVSS7AI score0.00181EPSS

Exploits1References4Affected Software1

OSV•added 2022/09/28 10:15 a.m.•17 views

CVE-2022-32170

The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=$userId”...

4.3CVSS6.8AI score0.00181EPSS

Exploits1References2

NVD•added 2022/09/28 10:15 a.m.•13 views

CVE-2022-32170

4.3CVSS0.00181EPSS

Exploits1References2

Vulnrichment•added 2022/09/28 9:30 a.m.•5 views

CVE-2022-32170 bytebase - Improper Authorization

6.8AI score0.00181EPSS

Exploits1References2

CVE•added 2022/09/28 9:30 a.m.•328 views

CVE-2022-32170

The CVE-2022-32170 entry concerns Bytebase. A low-privilege user can access admin-level projects via the endpoint /api/project?user=${userId} due to improper authorization. The description and connected sources confirm the affected software (Bytebase) and the vulnerability type (restricting acces...

4.3CVSS4.5AI score0.00181EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2022/09/28 12:0 a.m.•3 views

PT-2022-21133 · Bytebase · Bytebase

Name of the Vulnerable Software and Affected Versions: Bytebase affected versions not specified Description: The Bytebase application does not restrict low privilege users from accessing admin projects, allowing unauthorized users to view projects created by Admin. The affected endpoint is...

4.3CVSS6.2AI score0.00181EPSS

Exploits1References8

CNNVD•added 2022/09/28 12:0 a.m.•2 views

Bytebase 授权问题漏洞

Bytebase is Bytebase's open source web-based, zero-configuration, dependency-free database schema change and version control management tool for DevOps teams. projects", which can be exploited by an attacker to view "projects" created by "Admin"...

4.3CVSS6.8AI score0.00181EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by