Lucene search
K

61 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-24958

Malware in sbrugna...

5.5CVSS5.6AI score0.00203EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-54612

Malicious code in bioql PyPI...

4.2CVSS6.3AI score0.00594EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-29107

Malicious code in bioql PyPI...

5.5CVSS5.7AI score0.00357EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/09/16 4:32 a.m.18 views

CVE-2025-10389

A security flaw has been discovered in CRMEB up to 5.6.1. Impacted is the function Save of the file app/services/system/admin/SystemAdminServices.php of the component Administrator Password Handler. Performing manipulation of the argument ID results in improper authorization. The attack may be...

5.5CVSS6.6AI score0.00357EPSS
Exploits0References1
OSV
OSV
added 2025/09/14 4:15 a.m.4 views

CVE-2025-10389

A security flaw has been discovered in CRMEB up to 5.6.1. Impacted is the function Save of the file app/services/system/admin/SystemAdminServices.php of the component Administrator Password Handler. Performing manipulation of the argument ID results in improper authorization. The attack may be...

8.8CVSS6.8AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/14 4:2 a.m.5 views

CVE-2025-10389 CRMEB Administrator Password SystemAdminServices.php save improper authorization

A security flaw has been discovered in CRMEB up to 5.6.1. Impacted is the function Save of the file app/services/system/admin/SystemAdminServices.php of the component Administrator Password Handler. Performing manipulation of the argument ID results in improper authorization. The attack may be...

5.5CVSS6.4AI score0.00357EPSS
Exploits0References4
CVE
CVE
added 2025/09/14 4:2 a.m.23 views

CVE-2025-10389

CVE-2025-10389 affects CRMEB up to version 5.6.1. The vulnerability is in the Save function of app/services/system/admin/SystemAdminServices.php (Administrator Password Handler). Manipulating the ID argument can lead to improper authorization, with remote exploitation possible. Multiple sources c...

8.8CVSS6.4AI score0.00357EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/14 12:0 a.m.5 views

PT-2025-37399

Name of the Vulnerable Software and Affected Versions: CRMEB versions up to 5.6.1 Description: A security flaw exists in CRMEB due to improper authorization when manipulating the ID argument within the Save function of the app/services/system/admin/SystemAdminServices.php file, specifically in th...

5.5CVSS4.9AI score0.00357EPSS
Exploits0References8
OSV
OSV
added 2025/06/29 7:15 p.m.11 views

CVE-2025-6867

A vulnerability was found in SourceCodester Simple Company Website 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/services/manage.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has...

7.2CVSS5.8AI score0.00333EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/06/29 12:0 a.m.4 views

SourceCodester Simple Company Website 安全漏洞

SourceCodester Simple Company Website is a simple company website from SourceCodester, Inc. A security vulnerability exists in SourceCodester Simple Company Website version 1.0, which originates from SQL injection due to incorrect manipulation of the parameter ID in the file...

7.2CVSS5.5AI score0.00333EPSS
Exploits1References2
Veracode
Veracode
added 2025/06/05 6:7 a.m.11 views

Privilege Escalation

org.wso2.am, am-parent, org.wso2.is, identity-server-parent are vulnerable to privilege escalation. The vulnerability is due to improper validation and access control in the SOAP admin services, which allows attackers to assign elevated privileges to self-registered users under specific deploymen...

5.4CVSS6.7AI score0.00594EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2025/06/02 5:15 p.m.23 views

CVE-2024-7074

An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin services. A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location on the server. By leveraging this vulnerability, an...

6.8CVSS0.09756EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/02 4:42 p.m.15 views

CVE-2024-7074 Authenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Service Leading to Remote Code Execution

An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin services. A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location on the server. By leveraging this vulnerability, an...

6.8CVSS7.1AI score0.09756EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/02 4:38 p.m.42 views

CVE-2024-7073 Unauthenticated Server-Side Request Forgery (SSRF) in Multiple WSO2 Products via SOAP Admin Services

A server-side request forgery SSRF vulnerability exists in multiple WSO2 products due to improper input validation in SOAP admin services. This flaw allows unauthenticated attackers to manipulate server-side requests, enabling access to internal and external resources available through the networ...

6.5CVSS0.00187EPSS
Exploits0References1
Snyk
Snyk
added 2025/05/30 3:30 p.m.4 views

Incorrect Authorization

Overview org.wso2.is:identity-server-parent is an open source Identity and Access Management solution federating and managing identities across both enterprise and cloud service environments. Affected versions of this package are vulnerable to Incorrect Authorization due to a business logic flaw ...

5.4CVSS6.8AI score0.00594EPSS
Exploits0References2
Snyk
Snyk
added 2025/05/30 3:30 p.m.2 views

Incorrect Authorization

Overview org.wso2.am:am-parent is a WSO2 API Manager - Aggregator Module Affected versions of this package are vulnerable to Incorrect Authorization due to a business logic flaw in SOAP admin services. An attacker can create a new user with elevated permissions by exploiting accessible SOAP admin...

5.4CVSS6.9AI score0.00594EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/05/30 3:30 p.m.24 views

WSO2 products vulnerable to privilege escalation due to business logic flaw in SOAP admin services

A privilege escalation vulnerability exists in multiple WSO2 products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met: SOAP admin services are accessible to the attacker. The...

5.4CVSS6.9AI score0.00594EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2025/05/30 3:30 p.m.9 views

GHSA-J63J-7R7R-5V4J WSO2 products vulnerable to privilege escalation due to business logic flaw in SOAP admin services

A privilege escalation vulnerability exists in multiple WSO2 products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met: SOAP admin services are accessible to the attacker. The...

4.2CVSS7.2AI score0.00594EPSS
Exploits0References3
NVD
NVD
added 2025/05/30 3:15 p.m.64 views

CVE-2024-7096

A privilege escalation vulnerability exists in multiple WSO2 products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met: SOAP admin services are accessible to the attacker. The...

5.4CVSS0.00594EPSS
Exploits0References1
OSV
OSV
added 2025/05/30 3:15 p.m.4 views

CVE-2024-7096

A privilege escalation vulnerability exists in multiple WSO2 products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met: SOAP admin services are accessible to the attacker. The...

5.4CVSS6.7AI score
Exploits0References1
Rows per page
Query Builder