Lucene search
K

72 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:54 a.m.16 views

CVE-2024-42411

Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0, 9.8.x = 9.8.2 fail to restrict the input in POST /api/v4/users which allows a user to manipulate the creation date in POST /api/v4/users tricking the admin into believing their account is much older...

5.3CVSS5.2AI score0.00291EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 5:39 a.m.13 views

CVE-2023-0575

External Control of Critical State Data, Improper Control of Generation of Code 'Code Injection' vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS DevopsBase.Java:execCommand, TableManager.Java:runCommand modules allows API Manipulation, Privilege Abuse. This vulnerability...

9.8CVSS8.6AI score0.00776EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:7 a.m.11 views

CVE-2023-6835

Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated...

5.3CVSS6.9AI score0.0052EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/04/07 12:20 a.m.21 views

CVE-2025-32360

In Zammad 6.4.x before 6.4.2, there is information exposure. Only agents should be able to see and work on shared article drafts. However, a logged in customer was able to see details about shared drafts for their customer tickets in the browser console, which may contain confidential information...

8.1CVSS6.5AI score0.00232EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/05 12:0 a.m.10 views

CVE-2025-32360

In Zammad 6.4.x before 6.4.2, there is information exposure. Only agents should be able to see and work on shared article drafts. However, a logged in customer was able to see details about shared drafts for their customer tickets in the browser console, which may contain confidential information...

4.2CVSS6.5AI score0.00232EPSS
Exploits0References1
CVE
CVE
added 2025/04/05 12:0 a.m.112 views

CVE-2025-32360

CVE-2025-32360 affects Zammad 6.4.x before 6.4.2, with information exposure allowing a logged-in customer to view details of shared article drafts for their tickets in the browser console and to manipulate them via the API. Root cause: exposure of draft details intended only for agents. Impact: p...

8.1CVSS6.5AI score0.00232EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/04/05 12:0 a.m.9 views

CVE-2025-32360

In Zammad 6.4.x before 6.4.2, there is information exposure. Only agents should be able to see and work on shared article drafts. However, a logged in customer was able to see details about shared drafts for their customer tickets in the browser console, which may contain confidential information...

4.2CVSS6.4AI score0.00232EPSS
Exploits0References3
CVE
CVE
added 2025/04/03 4:31 p.m.64 views

CVE-2025-3167

CVE-2025-3167 affects Tenda AC23 (firmware 16.03.07.52) in the API Interface component, specifically the /goform/VerAPIMant path. The vulnerability stems from improper handling of the getuid parameter, and its manipulation can cause a denial of service. The issue can be triggered remotely, and pu...

7.5CVSS7.1AI score0.00783EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2025/03/17 5:1 p.m.14 views

Incorrect Authorization

Umbraco.Cms.Web.Backoffice is vulnerable to Incorrect Authorization. The vulnerability is due to improper access control due to manipulation of backoffice API URLs, allowing authenticated users to retrieve or delete restricted content...

6.4CVSS6.6AI score0.0028EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/03/15 7:11 a.m.13 views

BIT-GITLAB-2025-1257 Allocation of Resources Without Limits or Throttling in GitLab

An issue was discovered in GitLab EE affecting all versions starting with 12.3 before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. A vulnerability in certain GitLab instances could allow an attacker to cause a denial of service condition by manipulating specific API inputs...

7.5CVSS6.2AI score0.0043EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/03/14 9:8 a.m.15 views

CVE-2025-27602

Umbraco is a free and open source .NET content management system. In versions of Umbraco's web backoffice program prior to versions 10.8.9 and 13.7.1, via manipulation of backoffice API URLs, it's possible for authenticated backoffice users to retrieve or delete content or media held within folde...

6.4CVSS6.5AI score0.0028EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/13 6:0 a.m.12 views

CVE-2025-1257 Allocation of Resources Without Limits or Throttling in GitLab

An issue was discovered in GitLab EE affecting all versions starting with 12.3 before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. A vulnerability in certain GitLab instances could allow an attacker to cause a denial of service condition by manipulating specific API inputs...

6.5CVSS6.2AI score0.0043EPSS
Exploits0References2
CVE
CVE
added 2025/03/13 6:0 a.m.137 views

CVE-2025-1257

Summary: CVE-2025-1257 affects GitLab Enterprise Edition (GitLab EE) and could allow a denial-of-service by manipulating certain API inputs. Affected ranges: all 12.3+ releases prior to 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. Impact: Availability impact (A) is explicitly high in C...

7.5CVSS6.2AI score0.0043EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/03/13 6:0 a.m.18 views

CVE-2025-1257 Allocation of Resources Without Limits or Throttling in GitLab

An issue was discovered in GitLab EE affecting all versions starting with 12.3 before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. A vulnerability in certain GitLab instances could allow an attacker to cause a denial of service condition by manipulating specific API inputs...

6.5CVSS0.0043EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/03/12 12:0 a.m.2 views

PT-2025-11153 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 12.3 through 17.7.6 GitLab EE versions 17.8 through 17.8.4 GitLab EE versions 17.9 through 17.9.1 Description: An issue exists in GitLab EE that may allow a remote attacker to cause a denial of service condition by...

7.8CVSS6.2AI score0.0043EPSS
Exploits0References12
OSV
OSV
added 2025/03/11 3:32 p.m.10 views

CVE-2025-27602 Umbraco Allows a Restricted Editor User to Delete Media Item or Access Unauthorized Content

Umbraco is a free and open source .NET content management system. In versions of Umbraco's web backoffice program prior to versions 10.8.9 and 13.7.1, via manipulation of backoffice API URLs, it's possible for authenticated backoffice users to retrieve or delete content or media held within folde...

4.9CVSS6.2AI score0.0028EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/07/11 4:0 p.m.40 views

CVE-2024-6680 witmy my-springsecurity-plus build sql injection

A vulnerability classified as critical was found in witmy my-springsecurity-plus up to 2024-07-04. Affected by this vulnerability is an unknown functionality of the file /api/dept/build. The manipulation of the argument params.dataScope leads to sql injection. The attack can be launched remotely...

6.5CVSS0.00473EPSS
Exploits0References3
NVD
NVD
added 2024/01/29 5:15 p.m.29 views

CVE-2024-0788

SUPERAntiSpyware Pro X v10.0.1260 is vulnerable to kernel-level API parameters manipulation and Denial of Service vulnerabilities by triggering the 0x9C402140 IOCTL code of the saskutil64.sys driver...

6.6CVSS6AI score0.00236EPSS
Exploits0References2
Prion
Prion
added 2024/01/29 5:15 p.m.22 views

Code injection

SUPERAntiSpyware Pro X v10.0.1260 is vulnerable to kernel-level API parameters manipulation and Denial of Service vulnerabilities by triggering the 0x9C402140 IOCTL code of the saskutil64.sys driver...

1.7CVSS7.5AI score0.00236EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/01/29 4:20 p.m.35 views

CVE-2024-0788 SUPERAntiSpyware Pro X v10.0.1260 - Kernel-level API parameters manipulation

SUPERAntiSpyware Pro X v10.0.1260 is vulnerable to kernel-level API parameters manipulation and Denial of Service vulnerabilities by triggering the 0x9C402140 IOCTL code of the saskutil64.sys driver...

6.6CVSS6.2AI score0.00236EPSS
Exploits0References2
Rows per page
Query Builder