Lucene search
K

39 matches found

Positive Technologies
Positive Technologies
added 2025/05/12 12:0 a.m.3 views

PT-2025-26717

Name of the Vulnerable Software and Affected Versions Safari versions prior to 18.5 macOS Sequoia versions prior to 15.5 Description A flaw allows a website to potentially spoof the domain name displayed in a pop-up window's title bar. This occurs due to improved truncation when displaying the...

4.3CVSS6.3AI score0.00192EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/05/03 7:15 p.m.17 views

CVE-2025-3517

Incorrect privilege assignment in PAM JIT elevation feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM user to elevate a previously configured user configured in a PAM JIT account via failure to update the internal account’s SID when updating the username...

6.3CVSS7.2AI score0.00267EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/02 1:17 p.m.15 views

CVE-2025-3395

Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0...

8.4CVSS7AI score0.00084EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/03/22 1:5 p.m.6 views

CVE-2024-10359

In danny-avila/librechat version v0.7.5-rc2, a vulnerability exists in the preset creation functionality where a user can manipulate the user ID field through mass assignment. This allows an attacker to inject a different user ID into the preset object, causing the preset to appear in the UI of...

4.6CVSS6.8AI score0.00348EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/03/21 12:0 a.m.7 views

The vulnerability of the dmirror_device_evict_chunk() function in the lib/test_hmm.c module of the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the dmirrordeviceevictchunk function in the lib/testhmm.c module of the Linux operating system is related to the assignment of pointers. Exploiting this vulnerability could allow an attacker to cause a service failure...

7.5CVSS6.4AI score0.00241EPSS
Exploits0References15Affected Software5
NVD
NVD
added 2025/03/20 10:15 a.m.4 views

CVE-2024-10359

In danny-avila/librechat version v0.7.5-rc2, a vulnerability exists in the preset creation functionality where a user can manipulate the user ID field through mass assignment. This allows an attacker to inject a different user ID into the preset object, causing the preset to appear in the UI of...

4.6CVSS0.00348EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/02/04 8:40 p.m.12 views

CVE-2024-45657 IBM Security Verify Access incorrect privilege assignment

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment...

5CVSS4.9AI score0.0014EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/02 4:7 p.m.16 views

CVE-2024-11716

While assignment of a user to a team bracket in CTFd should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it's bracket and then pick a new one, joining another team while a competition is already ongoing. This issue impacts releas...

5.3CVSS0.11659EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/11/23 12:0 a.m.4 views

CBL Mariner 2.0 Security Update: postgresql (CVE-2024-10978)

The version of postgresql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10978 advisory. - Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change...

4.2CVSS6.4AI score0.00705EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/04/10 12:0 a.m.5 views

AnythingLLM 安全漏洞

AnythingLLM is a document chatbot that meets business requirements. A security vulnerability exists in AnythingLLM that stems from allowing users with the Manager role to escalate their privileges to the Administrator role via a bulk assignment issue...

7.2CVSS7AI score0.0095EPSS
Exploits1References3
OSV
OSV
added 2024/03/04 10:15 p.m.4 views

CVE-2024-1936

The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third-party. Whil...

7.5CVSS7.5AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/04/03 12:0 a.m.6 views

PT-2023-2236 · Hitachi Vantara · Hitachi Vantara Pentaho Business Analytics Server

Name of the Vulnerable Software and Affected Versions: Hitachi Vantara Pentaho Business Analytics Server versions prior to 9.4.0.1 and 9.3.0.2, including 8.3.x Description: The issue is related to errors in permission assignment for files, which can allow a remote attacker to execute arbitrary...

9CVSS8.7AI score0.22179EPSS
Exploits0References5
Prion
Prion
added 2023/03/22 2:15 p.m.8 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none...

7AI score
Exploits0
OSV
OSV
added 2022/05/24 5:27 p.m.4 views

GHSA-C7RM-W2HJ-X8G3 Guard bypass in Eloquent models affecting Laravel illuminate database component

An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database component in some situations in which table names are stripped during a mass assignment...

7.5CVSS7.4AI score0.01203EPSS
Exploits0References4
Prion
Prion
added 2022/01/14 5:15 p.m.8 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none...

7AI score
Exploits0
NVD
NVD
added 2021/08/27 7:15 p.m.24 views

CVE-2021-28696

IOMMU page mapping issues on x86 This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresse...

6.8CVSS0.00361EPSS
Exploits0References9
Prion
Prion
added 2019/08/30 4:15 p.m.4 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none...

7AI score
Exploits0
CNVD
CNVD
added 2016/08/02 12:0 a.m.5 views

IBM QRadar SIEM Incorrect Privilege Assignment Local Elevation of Privilege Vulnerability

IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. IBM QRadar SIEM...

3.3CVSS6.3AI score0.00271EPSS
Exploits0References1
Debian
Debian
added 2002/10/09 2:35 p.m.14 views

[SECURITY] [DSA 173-1] New bugzilla packages fix privilege escalation

-------------------------------------------------------------------------- Debian Security Advisory DSA 173-1 [email protected] http://www.debian.org/security/ Martin Schulze October 9th, 2002 http://www.debian.org/security/faq -...

7.2AI score
Exploits0
Rows per page
Query Builder