Lucene search
+L

6 matches found

Cvelist
Cvelist
added 2026/06/29 5:19 p.m.35 views

CVE-2026-57949 ruoyi-vue-pro - Missing Authorization in CRM Follow-up Record GET Endpoint

ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization vulnerability in the CRM module's GET /admin-api/crm/follow-up-record/get endpoint that allows authenticated users to read any follow-up record by iterating sequential numeric IDs. Attackers can exploit this ...

7.1CVSS0.00231EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/19 11:13 p.m.20 views

CVE-2026-32697 SuiteCRM: RecordHandler::getRecord() missing ACLAccess('view') check allows any authenticated user to read any record (IDOR)

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 8.9.3, the RecordHandler::getRecord method retrieves any record by module and ID without checking the current user's ACL view permission. The companion saveRecord method...

6.5CVSS0.00274EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.4 views

MiracleLinux 3 : bind-9.3.4-10.P1.3.1AXS3 (AXSA:2009-360:03)

"The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2009-360:03 advisory. BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names ...

4.3CVSS6.2AI score0.12649EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2009/07/29 6:14 p.m.6 views

bind: DoS (assertion failure) via nsupdate packets

The dnsdbfindrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service assertion failure and daemon exit via an ANY record in the prerequisite section o...

4.3CVSS6.7AI score0.12649EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2009/07/29 5:59 p.m.6 views

bind: DoS (assertion failure) via nsupdate packets

The dnsdbfindrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service assertion failure and daemon exit via an ANY record in the prerequisite section o...

4.3CVSS6.7AI score0.12649EPSS
Exploits1References4
VulnCheck KEV
VulnCheck KEV
added 2009/07/29 12:0 a.m.6 views

VulnCheck KEV: CVE-2009-0696

The dnsdbfindrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service assertion failure and daemon exit via an ANY record in the prerequisite...

4.3CVSS6.7AI score0.12649EPSS
Exploits1References1
Rows per page
Query Builder