Lucene search
K

7 matches found

Cvelist
Cvelist
added 2026/04/27 12:47 p.m.33 views

CVE-2025-15626 Authenticated user can bypass authorization in Ribblr - Crochet & Knitting iOS application

Authenticated user can bypass authorization in Ribblr - Crochet & Knitting iOS application...

5.3CVSS0.0022EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:57 p.m.5 views

CVE-2026-22729

A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is concatenated into JSONPath queries without proper...

8.6CVSS5.9AI score0.00521EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-8673

Malware in sbrugna...

8.8CVSS8.8AI score0.01578EPSS
Exploits0References4
OSV
OSV
added 2025/08/13 5:28 p.m.11 views

CVE-2024-10219 Incorrect Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users to bypass access controls and download private artifacts by accessing specific API endpoints...

6.5CVSS6.3AI score0.00398EPSS
Exploits0References5
OSV
OSV
added 2022/12/22 9:15 p.m.3 views

CVE-2022-43858

IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to access the file system and download files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks by modifying a parameter thereby gaining access to their...

4.3CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2017/04/28 4:59 p.m.2 views

CVE-2017-2095

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors...

4.3CVSS5.8AI score0.01206EPSS
Exploits0References3
OSV
OSV
added 2016/02/03 6:59 p.m.3 views

DEBIAN-CVE-2015-7546

The identity service in OpenStack Identity Keystone before 2015.1.3 Kilo and 8.0.x before 8.0.2 Liberty and keystonemiddleware formerly python-keystoneclient before 1.5.4 Kilo and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers,...

7.5CVSS6.9AI score0.01708EPSS
Exploits0References1
Rows per page
Query Builder