Lucene search
+L

229 matches found

OSV
OSV
added 2022/11/30 3:28 p.m.3 views

DRUPAL-CONTRIB-2022-061

Social Flexible Group is an Open Social extension that allows users to create groups with many different configurations. In specific uncommon scenarios, where a platform doesn't have any flexible groups with the "Group members only secret" visibility, community groups are visible to anonymous use...

6.5AI score
Exploits0References1
Drupal
Drupal
added 2022/11/30 12:0 a.m.18 views

Open Social - Moderately critical - Access bypass - SA-CONTRIB-2022-061

Social Flexible Group is an Open Social extension that allows users to create groups with many different configurations. In specific uncommon scenarios, where a platform doesn't have any flexible groups with the "Group members only secret" visibility, community groups are visible to anonymous use...

6.3AI score
Exploits0References9
Cvelist
Cvelist
added 2022/10/27 4:53 p.m.29 views

CVE-2022-24669 Anonymous users can register / de-register for configuration change notifications

It may be possible to gain some details of the deployment through a well-crafted attack. This may allow that data to be used to probe internal network services...

6.5CVSS6.8AI score0.00361EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/10/27 4:53 p.m.5 views

CVE-2022-24669 Anonymous users can register / de-register for configuration change notifications

It may be possible to gain some details of the deployment through a well-crafted attack. This may allow that data to be used to probe internal network services...

6.5CVSS6.6AI score0.00361EPSS
Exploits0References2
0day.today
0day.today
added 2022/07/31 12:0 a.m.251 views

Transposh WordPress Translation 1.0.7 Incorrect Authorization Vulnerability

Transposh WordPress Translation versions 1.0.7 and below suffer from an incorrect authorization vulnerability. When installed, Transposh comes with a set of pre-configured options, one of these is the "Who can translate" setting under the "Settings" tab, which by default allows "Anonymous" users ...

5.3CVSS0.4AI score0.03644EPSS
Exploits6
CNNVD
CNNVD
added 2022/07/29 12:0 a.m.12 views

WordPress plugin Transposh WordPress Translation 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Transposh WordPress...

5.3CVSS6.8AI score0.03644EPSS
Exploits6References9
Wired Threat Level
Wired Threat Level
added 2022/07/14 11:0 a.m.16 views

A New Attack Can Unmask Anonymous Users on Any Major Browser

Researchers have found a way to use the web's basic functions to identify who visits a site—without the user detecting the hack...

3.6AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/07/08 12:0 a.m.37 views

Jenkins Google Login Plugin 1.0 and 1.1 allows anonymous users to authenticate through client-side request modification

The Google Login Plugin versions 1.0 and 1.1 allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification...

6.5CVSS6.2AI score0.00641EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/17 3:53 a.m.3 views

GHSA-3269-JQP5-V8C9 Jenkins allows for Privilege Escalation by Remote Authenticated Users

The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "forced API token change" involving anonymous users...

6.9CVSS7.3AI score0.02346EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/05/17 3:7 a.m.34 views

Django Reuses Cached CSRF Token

The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users...

5CVSS7AI score0.0199EPSS
Exploits0References12Affected Software1
OSV
OSV
added 2022/05/13 1:36 a.m.17 views

GHSA-58F3-CX8P-H8JG Drupal core access bypass vulnerability

In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not...

6.5CVSS6.5AI score0.01947EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2022/05/13 1:36 a.m.22 views

Drupal core access bypass vulnerability

In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not...

6.5CVSS6.4AI score0.01947EPSS
Exploits0References9Affected Software2
OSV
OSV
added 2022/05/01 7:16 a.m.5 views

GHSA-5HCH-V5PQ-X4QP Plone allows anonymous users to reset any users password through the web via Password Reset Tool

Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration."...

9.3CVSS6.4AI score0.01003EPSS
Exploits0References5
OSV
OSV
added 2022/04/30 6:19 p.m.15 views

GHSA-7944-H5RW-QMJX ZCatalog plug-in for Zope allows anonymous users to bypass access restrictions

ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes...

7.5CVSS6.6AI score0.01427EPSS
Exploits0References6
Prion
Prion
added 2022/04/14 10:15 p.m.23 views

Design/Logic Flaw

Discourse is an open source platform for community discussion. In affected versions an attacker can poison the cache for anonymous i.e. not logged in users, such that the users are shown the crawler view of the site instead of the HTML page. This can lead to a partial denial-of-service. This issu...

5CVSS4.9AI score0.00976EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/04/14 9:15 p.m.10 views

CVE-2022-24824 Anonymous user cache poisoning in discourse

Discourse is an open source platform for community discussion. In affected versions an attacker can poison the cache for anonymous i.e. not logged in users, such that the users are shown the crawler view of the site instead of the HTML page. This can lead to a partial denial-of-service. This issu...

5.3CVSS4.8AI score0.00976EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/04/14 12:0 a.m.6 views

PT-2022-16903 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest stable, beta and tests-passed versions Description: The issue affects Discourse, an open source platform for community discussion. An attacker can poison the cache for anonymous users, causing them to se...

5.3CVSS5AI score0.00976EPSS
Exploits0References7
Huntr
Huntr
added 2022/02/17 5:42 a.m.14 views

Improper Privilege Management in rhizome-conifer/conifer

Description In admincontroller.py file, all APIs will perform user permission checks using adminview function to avoid access from low-level users. However, this does not apply to API /api/v1/admin/defaults. Anonymous users can change maxsize configuration which prevents other users from creating...

1.3AI score
Exploits0
Cvelist
Cvelist
added 2021/12/01 7:40 p.m.26 views

CVE-2021-43794 Anonymous user cache poisoning via development-mode header in Discourse

Discourse is an open source discussion platform. In affected versions an attacker can poison the cache for anonymous i.e. not logged in users, such that the users are shown a JSON blob instead of the HTML page. This can lead to a partial denial-of-service. This issue is patched in the latest...

5.3CVSS5.1AI score0.01016EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/12/01 12:0 a.m.4 views

Discourse 安全漏洞

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.A security vulnerability exists in Discourse, which could be exploited by attackers to poison the cache of anonymous i.e., not logged in users, resulting in a partial denial o...

5.3CVSS5.6AI score0.01016EPSS
Exploits0References3
Rows per page
Query Builder