Lucene search
+L

229 matches found

Github Security Blog
Github Security Blog
added 2024/11/04 11:23 p.m.25 views

Access control vulnerable to user data deletion by anonynmous users

Impact Anonymous users can delete the user data maintained by an AccessControl.userfolder.UserFolder which may prevent any privileged access. Patches The problem is fixed in version 7.2. Workarounds The problem can be fixed by adding dataroles = to AccessControl.userfolder.UserFolder. References...

8.7CVSS6.6AI score0.00413EPSS
Exploits0References4Affected Software2
Vulnrichment
Vulnrichment
added 2024/11/04 10:25 p.m.13 views

CVE-2024-51734 User data deletion by anoynmous users in Zope

Zope AccessControl provides a general security framework for use in Zope. In affected versions anonymous users can delete the user data maintained by an AccessControl.userfolder.UserFolder which may prevent any privileged access. This problem has been fixed in version 7.2. Users are advised to...

8.7CVSS6.3AI score0.00413EPSS
Exploits0References2
GitLab Advisory Database
GitLab Advisory Database
added 2024/11/04 12:0 a.m.54 views

Access control vulnerable to user data deletion by anonynmous users

Anonymous users can delete the user data maintained by an AccessControl.userfolder.UserFolder which may prevent any privileged access...

8.7CVSS7AI score0.00413EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/10/30 5:11 p.m.8 views

DRUPAL-CONTRIB-2024-056

Integrates your Drupal website with the Oh Dear monitoring app. Cached data of monitoring results is accessible to non-logged in users when caching is enabled on the module. This vulnerability is mitigated by the fact that it only affects sites where caching is enabled for OhDear report healthche...

5.3CVSS6.8AI score0.00297EPSS
Exploits0References1
OSV
OSV
added 2024/03/25 7:15 a.m.4 views

CVE-2024-2862

This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant...

9.8CVSS5.8AI score0.51001EPSS
Exploits0References1
CVE
CVE
added 2024/03/25 6:31 a.m.82 views

CVE-2024-2862

LG LED Assistant exposes an unauthenticated password-reset vulnerability (CVE-2024-2862). The Nuclei template details an endpoint: /api/changePw that accepts requests from localhost and can be triggered by spoofing X-Forwarded-For: 127.0.0.1 to obtain a success response, enabling password resets ...

9.8CVSS9.4AI score0.51001EPSS
In wildExploits0References1Affected Software1
NVD
NVD
added 2024/03/18 10:15 p.m.30 views

CVE-2024-28865

django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close off access to crea...

7.5CVSS7.5AI score0.00605EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/03/18 9:53 p.m.40 views

CVE-2024-28865 django-wiki denial of service via regular expression

django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close off access to crea...

7.5CVSS7.7AI score0.00605EPSS
Exploits0References2
OSV
OSV
added 2024/03/18 8:37 p.m.20 views

GHSA-WJ85-W4F4-XH8H Denial of service via regular expression

Impact All historical installations of django-wiki are vulnerable to maliciously crafted article content, that can cause severe use of server CPU through a regular expression loop. Patches Workarounds Close off access to create and edit articles by anonymous users. References Are there any links...

7.5CVSS7.4AI score0.00605EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/03/18 8:37 p.m.31 views

Denial of service via regular expression

Impact All historical installations of django-wiki are vulnerable to maliciously crafted article content, that can cause severe use of server CPU through a regular expression loop. Patches Workarounds Close off access to create and edit articles by anonymous users. References Are there any links...

7.5CVSS6.6AI score0.00605EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/18 12:0 a.m.8 views

PT-2024-22614

Name of the Vulnerable Software and Affected Versions django-wiki versions prior to 0.10.1 Description The issue allows maliciously crafted article content to cause severe use of server CPU through a regular expression loop. This can be exploited by anonymous users creating or editing articles. T...

7.5CVSS7AI score0.00605EPSS
Exploits0References11
WPVulnDB
WPVulnDB
added 2024/03/08 12:0 a.m.14 views

EventPrime – Events Calendar, Bookings and Tickets < 3.4.3 - Missing Authorization to Arbitrary Post Overwrite

Description The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savefrontendeventsubmission function in all versions up to, and including, 3.4.2. This makes it possible for...

6.5CVSS6.7AI score0.0041EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/03/06 10:53 a.m.19 views

BIT-DISCOURSE-2023-44391 Prevent unauthorized access to summary details in Discourse

Discourse is an open source platform for community discussion. User summaries are accessible for anonymous users even when hideuserprofilesfrompublic is enabled. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 version of Discourse. Users are advised to upgrade. There are no know...

5.3CVSS5.4AI score0.0041EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 10:51 a.m.33 views

BIT-DRUPAL-2023-5256 Drupal core - Critical - Cache poisoning - SA-CORE-2023-006

In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled,...

7.5CVSS7.2AI score0.00694EPSS
Exploits2References2
OSV
OSV
added 2024/02/29 1:43 a.m.8 views

CVE-2024-1472

The WP Maintenance plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.1.6 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's maintenance mode obtain post and page content via REST API...

5.3CVSS7.3AI score0.00461EPSS
Exploits0References2
OSV
OSV
added 2024/02/23 9:15 a.m.5 views

CVE-2024-0563

Denial of service condition in M-Files Server in versions before 24.2 excluding 23.2 SR7 and 23.8 SR5 allows anonymous user to cause denial of service against other anonymous users...

6.5CVSS5.8AI score0.00706EPSS
Exploits0References3
Prion
Prion
added 2024/02/23 9:15 a.m.18 views

Denial of service

Denial of service condition in M-Files Server in versions before 24.2 excluding 23.2 SR7 and 23.8 SR5 allows anonymous user to cause denial of service against other anonymous users...

4CVSS7AI score0.00706EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/23 8:52 a.m.27 views

CVE-2024-0563 Denial of service condition in M-Files Server

Denial of service condition in M-Files Server in versions before 24.2 excluding 23.2 SR7 and 23.8 SR5 allows anonymous user to cause denial of service against other anonymous users...

4.3CVSS5AI score0.00706EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/01/16 3:56 p.m.11 views

CVE-2023-1405 Formidable Forms < 6.2 - Unauthenticated PHP Object Injection

The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present...

7.4AI score0.00702EPSS
Exploits2References1
NVD
NVD
added 2023/09/28 7:15 p.m.19 views

CVE-2023-5256

In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled,...

7.5CVSS7.4AI score0.00694EPSS
Exploits2References1
Rows per page
Query Builder