Lucene search
K

10 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/05/22 9:56 a.m.21 views

Security Bulletin: MANTA Automated Data Lineage is vulnerable to an authorization check bypass

Summary Next.js is used by MANTA Automated Data Lineage as part of the UI. CVE-2025-29927. Vulnerability Details CVEID:CVE-2025-29927 DESCRIPTION: Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and...

9.1CVSS6.6AI score0.99621EPSS
Exploits58Affected Software1
CNVD
CNVD
added 2025/04/18 12:0 a.m.3 views

SAP Netweaver Unauthorized Access Vulnerability

SAP NetWeaver is SAP's integrated technology platform. An unauthorized access vulnerability exists in SAP Netweaver that stems from an authorization check bypass and can be exploited by an attacker to gain unauthorized access to ABAP code...

4.3CVSS6.3AI score0.00323EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/28 6:0 a.m.11 views

CVE-2024-5570 Simple Photoswipe <= 0.1 - Subscriber+ Arbitrary Settings Update

The Simple Photoswipe WordPress plugin through 0.1 does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update them...

6.6AI score0.00547EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/12/15 12:0 a.m.3 views

JetBrains YouTrack Security Vulnerability

JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. A security vulnerability exists in versions prior to JetBrains YouTrack 2023.3.22268, which...

4.3CVSS6.7AI score0.00448EPSS
Exploits0References2
Huntr
Huntr
added 2023/06/28 5:28 p.m.11 views

Incorrect Authorization to Stored XSS in Import User Role function

Description The application incorrectly checks user permissions, enabling the attacker to use the 'import file user roles' functionality, which contains a payload for executing JavaScript code, without requiring any specific privileges. Proof of Concept Step1: Even without the privilege to manage...

6.9AI score
Exploits0
NVD
NVD
added 2022/05/02 4:15 p.m.12 views

CVE-2021-25002

The Tipsacarrier WordPress plugin before 1.5.0.5 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL...

7.5CVSS0.0147EPSS
Exploits2References1
CVE
CVE
added 2022/01/27 12:27 p.m.55 views

CVE-2021-44792

CVE-2021-44792 affects Single Connect via the log-monitor module, where an missing authorization check allows a remote attacker to access the logging interface and potentially obtain sensitive information. The NVD entry lists CVSS v3.1 base score 5.3 (Network, Low attack complexity, no privileges...

5.3CVSS5.2AI score0.00993EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/20 12:0 a.m.14 views

Responsive Image Slider, Photo Gallery And Carousel < 1.3.6 - Subscriber+ Arbitrary Post Access

The plugin does not have proper authorisation check in the sfimageid AJAX action, which could allow any authenticated, such as subscriber, to view the content and title of arbitrary posts, for example private, draft and password protected ones. PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: /...

1.1AI score
Exploits0Affected Software1
Cvelist
Cvelist
added 2021/05/26 6:3 p.m.27 views

CVE-2018-10865

It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to call a "restart" RPC method on any host accessible by the system, even if not belonging to him...

7.6AI score0.01034EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/05/10 2:35 p.m.23 views

CVE-2021-23014

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, and 14.1.x before 14.1.4, BIG-IP Advanced WAF and ASM are missing authorization checks for file uploads to a specific directory within the REST API which might allow Authenticated users with guest privileges to upload files. Note: Software...

8.9AI score0.00804EPSS
Exploits0References1
Rows per page
Query Builder