Lucene search
K

88 matches found

NVD
NVD
added 2026/04/16 1:16 a.m.4 views

CVE-2026-40502

OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting insufficient distinction between local-only and remote-safe commands in the gateway handler. Attackers can...

8.8CVSS0.01687EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/16 12:8 a.m.4 views

EUVD-2026-23141

OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting insufficient distinction between local-only and remote-safe commands in the gateway handler. Attackers can...

8.8CVSS6AI score0.01687EPSS
Exploits1References3
CVE
CVE
added 2026/04/16 12:8 a.m.10 views

CVE-2026-40502

OpenHarness (before commit dd1d235) contains a remote command-injection in the gateway handler that lets remote gateway users with chat access execute administrative commands (e.g., /permissions full_auto) to alter a running instance without operator authorization. The CVSS metrics indicate a net...

8.8CVSS6AI score0.01687EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/01/13 11:16 p.m.4 views

CVE-2023-54340

WorkOrder CMS 0.1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login by manipulating username and password parameters. Attackers can inject malicious SQL queries using techniques like OR '1'='1' and stacked queries to access database information or...

8.2CVSS5.9AI score0.00296EPSS
Exploits0References3
NVD
NVD
added 2025/10/07 1:15 p.m.4 views

CVE-2025-3719

An access control vulnerability was discovered in the CLI functionality due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can issue administrative CLI commands, altering the device configuration, and/o...

8.1CVSS0.00244EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/07 12:34 p.m.1 views

CVE-2025-3719 Incorrect authorization for CLI in Guardian/CMC before 25.2.0

An access control vulnerability was discovered in the CLI functionality due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can issue administrative CLI commands, altering the device configuration, and/o...

8.1CVSS6.3AI score0.00244EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-10303

Malware in sbrugna...

8.8CVSS8.8AI score0.02214EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-32591

Malicious code in bioql PyPI...

7.1CVSS7AI score0.00146EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-8688

Malicious code in bioql PyPI...

9.6CVSS7.1AI score0.01469EPSS
Exploits4References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-48187

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.01183EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.17 views

EUVD-2025-21715

Malicious code in bioql PyPI...

8.7CVSS6.6AI score0.00325EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-37606

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.03501EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/07/18 5:58 p.m.17 views

CVE-2025-53943

VoidBot Open-Source is a customizable Discord bot. VoidBot Open-Source versions 0.0.1 through 0.8.1 contain a vulnerability in the command handler where permission checks are not properly enforced for certain administrative commands. This allows users without the required roles or privileges to...

8.7CVSS7AI score0.00325EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/16 4:7 p.m.5 views

CVE-2025-53943 VoidBot Open-Source Has Improper Permission Check That Allows Unauthorized Command Execution

VoidBot Open-Source is a customizable Discord bot. VoidBot Open-Source versions 0.0.1 through 0.8.1 contain a vulnerability in the command handler where permission checks are not properly enforced for certain administrative commands. This allows users without the required roles or privileges to...

8.7CVSS7.6AI score0.00325EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/16 4:7 p.m.12 views

CVE-2025-53943 VoidBot Open-Source Has Improper Permission Check That Allows Unauthorized Command Execution

VoidBot Open-Source is a customizable Discord bot. VoidBot Open-Source versions 0.0.1 through 0.8.1 contain a vulnerability in the command handler where permission checks are not properly enforced for certain administrative commands. This allows users without the required roles or privileges to...

8.7CVSS0.00325EPSS
Exploits0References2
CVE
CVE
added 2025/07/16 4:7 p.m.16 views

CVE-2025-53943

VoidBot Open-Source (Discord bot) versions 0.0.1–0.8.1 have a vulnerability in the command handler where permission checks are not properly enforced, allowing users without required roles/privileges to execute sensitive admin commands (ban, kick, shutdown). The root cause is insufficient access c...

8.7CVSS7AI score0.00325EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 10:0 p.m.7 views

CVE-2022-45287

An access control issue in Registration.aspx of Temenos CWX 8.5.6 allows authenticated attackers to escalate privileges and perform arbitrary Administrative commands...

8.8CVSS7.1AI score0.01183EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:31 p.m.5 views

CVE-2021-21382

Restund is an open source NAT traversal server. The restund TURN server can be instructed to open a relay to the loopback address range. This allows you to reach any other service running on localhost which you might consider private. In the configuration that we ship...

9.6CVSS6.8AI score0.01469EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/09/25 12:0 a.m.5 views

WatchGuard Authentication Gateway 安全漏洞

WatchGuard Authentication Gateway WatchGuard Single Sign-On Agent is an authentication gateway from WatchGuard USA. A security vulnerability exists in WatchGuard Authentication Gateway version 12.10.2 and earlier, which stems from improper authorization checking and allows an attacker with networ...

9.1CVSS7.2AI score0.00518EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/07/25 12:0 a.m.3 views

PT-2023-26176 · Unknown · Cryptomator

Name of the Vulnerable Software and Affected Versions: Cryptomator versions prior to 1.9.2 Description: The issue affects data encryption software for cloud storage, allowing local privilege escalation for low-privileged users if the software is already installed. This occurs because the repair...

7.8CVSS7.7AI score0.00194EPSS
Exploits1References6
Rows per page
Query Builder