Lucene search
+L

401 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 8:43 p.m.4 views

CVE-2021-39413

Multiple Cross Site Scripting XSS vulnerabilities exits in SEO Panel v4.8.0 via the 1 totime parameter in a backlinks.php, b analytics.php, c log.php, d overview.php, e pagespeed.php, f rank.php, g review.php, h saturationchecker.php, i socialmedia.php, and j reports.php; the 2 fromtime parameter...

6.1CVSS6.4AI score0.0081EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:32 a.m.11 views

CVE-2019-14969

Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\Netwrix Auditor\Logs\ActiveDirectory\ and sub-folders. In addition, the service Netwrix.ADA.StorageAuditService which writes to that directory does not perform proper impersonation, and thus the target file will have the same...

7.8CVSS7.4AI score0.00466EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:17 a.m.8 views

CVE-2019-7553

PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has Stored XSS in the Profile Update page via the My Name field...

5.4CVSS6AI score0.00653EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2025/04/17 2:38 p.m.13 views

org.wildfly.core:wildfly-server: Wildfly improper RBAC permission

A flaw was found in the Wildfly Server Role Based Access Control RBAC provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor ro...

6.5CVSS5.8AI score0.00648EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/04/17 2:32 p.m.18 views

org.wildfly.core:wildfly-server: Wildfly improper RBAC permission

A flaw was found in the Wildfly Server Role Based Access Control RBAC provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor ro...

6.5CVSS5.8AI score0.00648EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/04/01 1:6 p.m.7 views

org.wildfly.core:wildfly-server: Wildfly improper RBAC permission

A flaw was found in the Wildfly Server Role Based Access Control RBAC provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor ro...

6.5CVSS5.8AI score0.00648EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/02/05 3:36 a.m.6 views

CVE-2024-45592

auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Prior to version 5.2.6, there is an unescaped entity property enabling Javascript injection. This is possible because %sourcelabel% in twig macro is not escaped. Therefore script...

8.2CVSS6.9AI score0.00421EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/04 7:28 p.m.32 views

CVE-2025-24968 Business Logic And Unrestricted Project Deletion Lead To Take Over the System in reNgine

reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as penetrationtester or auditor to delete all projects in the system. This can lead to a complete system takeover by redirecting the...

8.8CVSS8.7AI score0.00604EPSS
Exploits1References1
CVE
CVE
added 2025/02/04 7:28 p.m.101 views

CVE-2025-24968

CVE-2025-24968 — reNgine is affected by an unrestricted project deletion vulnerability. According to PT Security and Red Hat entries, attackers with specific roles (e.g., penetration tester , auditor ) can delete all projects, potentially enabling a complete system takeover via redirection to the...

8.8CVSS6.8AI score0.00604EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/02/04 7:28 p.m.14 views

CVE-2025-24968 Business Logic And Unrestricted Project Deletion Lead To Take Over the System in reNgine

reNgine is an automated reconnaissance framework for web applications. An unrestricted project deletion vulnerability allows attackers with specific roles, such as penetrationtester or auditor to delete all projects in the system. This can lead to a complete system takeover by redirecting the...

8.8CVSS6.7AI score0.00604EPSS
Exploits1References3
Snyk
Snyk
added 2025/01/30 3:31 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the execute functions in ServerSuspendHandler.java and ServerResumeHandler.java, which do not perform sufficient checks for the authorization of the running user. This allows a user with the Monitor or Auditor...

7.1CVSS6.9AI score0.00648EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/01/30 3:15 p.m.4 views

CVE-2025-23367

A flaw was found in the Wildfly Server Role Based Access Control RBAC provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor ro...

6.5CVSS5.4AI score0.00648EPSS
Exploits0References13Affected Software14
OSV
OSV
added 2025/01/09 8:15 p.m.6 views

CVE-2024-56114

Canlineapp Online 1.1 is vulnerable to Broken Access Control and allows users with the Auditor role to create an audit template as a result of improper authorization checks. This feature is designated for supervisor role, but auditors have been able to successfully create audit templates from the...

6.5CVSS5.8AI score0.00325EPSS
Exploits1References2
NVD
NVD
added 2025/01/09 8:15 p.m.23 views

CVE-2024-56114

Canlineapp Online 1.1 is vulnerable to Broken Access Control and allows users with the Auditor role to create an audit template as a result of improper authorization checks. This feature is designated for supervisor role, but auditors have been able to successfully create audit templates from the...

6.5CVSS0.00325EPSS
Exploits1References2
CVE
CVE
added 2025/01/09 12:0 a.m.69 views

CVE-2024-56114

CVE-2024-56114 affects Canlineapp Online 1.1 and is due to Broken Access Control in the create-audit-template feature. The underlying issue is improper authorization checks that allow users with the Auditor role to perform a task intended for the Supervisor role. Documented impact: auditors can c...

6.5CVSS7.2AI score0.00325EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/09 12:0 a.m.9 views

CVE-2024-56114

Canlineapp Online 1.1 is vulnerable to Broken Access Control and allows users with the Auditor role to create an audit template as a result of improper authorization checks. This feature is designated for supervisor role, but auditors have been able to successfully create audit templates from the...

6.6AI score0.00325EPSS
Exploits1References2
FreeBSD
FreeBSD
added 2024/11/11 12:0 a.m.4 views

Vaultwarden -- Multiple vulnerabilities

The Vaultwarden project reports: This release further fixed some CVE Reports reported by a third party security auditor and we recommend everybody to update to the latest version as soon as possible...

7.3AI score
Exploits0References1
FreeBSD
FreeBSD
added 2024/11/10 12:0 a.m.5 views

Vaultwarden -- Multiple vulnerabilities

The Vaultwarden project reports: This release has fixed some CVE Reports reported by a third party security auditor and we recommend everybody to update to the latest version as soon as possible...

7.4AI score
Exploits0References1
NVD
NVD
added 2024/09/10 4:15 p.m.33 views

CVE-2024-45592

auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Prior to version 5.2.6, there is an unescaped entity property enabling Javascript injection. This is possible because %sourcelabel% in twig macro is not escaped. Therefore script...

8.2CVSS0.00421EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/09/10 4:0 p.m.12 views

CVE-2024-45592 auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped

auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Prior to version 5.2.6, there is an unescaped entity property enabling Javascript injection. This is possible because %sourcelabel% in twig macro is not escaped. Therefore script...

8.2CVSS8.2AI score0.00421EPSS
Exploits0References3
Rows per page
Query Builder