Lucene search
K

65 matches found

CNVD
CNVD
added 2024/05/09 12:0 a.m.2 views

Command Execution Vulnerability in Yisetong Electronic Document Security Management System of Beijing Yisetong Technology Development Co., Ltd (CNVD-2024-24396)

Yisetong electronic document security management system is a controllable authorization of electronic document security sharing management system, using real-time dynamic encryption and decryption protection technology and real-time rights recovery mechanism, to provide all kinds of electronic...

8AI score
Exploits0
Cvelist
Cvelist
added 2024/03/14 3:4 a.m.36 views

CVE-2024-1223 Improper authorization controls in PaperCut NG/MF

This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, device names and an internal system key. For such an attack to be successful the system must be in ...

4.8CVSS5.2AI score0.00445EPSS
Exploits0References1
Prion
Prion
added 2024/03/13 4:15 p.m.25 views

Authorization

The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssiexportlogcheck function in all versions up to, and including, 4.22.0. This makes it possible for unauthenticated attackers to export the query log...

5CVSS7.2AI score0.50192EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 11:22 a.m.19 views

BIT-GITLAB-2020-13313

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to the lack of authorization control...

4.3CVSS4.4AI score0.00981EPSS
Exploits0References4
WPVulnDB
WPVulnDB
added 2024/02/26 12:0 a.m.17 views

Relevanssi < 4.22.1 - Unauthenticated Query Log Export

Description The plugin is vulnerable to unauthorized access of data due to a missing capability check on the relevanssiexportlogcheck function, allowing unauthenticated attackers to export the query log data. The vendor has indicated that they may look into adding a capability check for proper...

5.3CVSS7.1AI score0.50192EPSS
Exploits0References1Affected Software1
Code423n4
Code423n4
added 2023/10/26 12:0 a.m.12 views

Lender can cause unintended behavior for the borrower's transaction

Lines of code Vulnerability details This vulnerability comes in the form of when a borrower wants to remove a lender as a both deposit and withdraw and set them as a withdraw only, to avoid paying more interest on their funds in the market, this plan may not go as planned, based on the nature of...

6.8AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:11 a.m.3 views

SUSE CVE-2019-13057

An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN database admin privileges for certain databases but wants to maintain isolation e.g., for multi-tenant deployments, slapd does not properly stop a rootDN from requesting authorization a...

5.3CVSS6.9AI score0.0321EPSS
Exploits0References49
NVD
NVD
added 2022/12/28 2:15 p.m.24 views

CVE-2022-4803

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1...

8.8CVSS0.00811EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2022/11/18 12:0 a.m.16 views

Debian: Security Advisory (DLA-3197-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.01055EPSS
Exploits0References4
Debian
Debian
added 2022/11/17 4:49 p.m.48 views

[SECURITY] [DLA 3198-1] php-phpseclib security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3198-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler November 17, 2022 https://wiki.debian.org/LTS -...

7.5CVSS7.4AI score0.01055EPSS
Exploits0
Cvelist
Cvelist
added 2022/09/08 2:45 p.m.35 views

CVE-2022-36090 org.xwiki.platform:xwiki-platform-oldcore Improper Authorization check for inactive users

XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 13.1.0.5 and 14.3-rc-1, some resources are missing a check for inactive not yet activated or disabled users in XWiki, including the REST service. This means a disabled user can enable themselv...

8.1CVSS8.2AI score0.00916EPSS
Exploits1References3
NVD
NVD
added 2021/12/07 2:15 p.m.15 views

CVE-2021-42126

An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation...

8.8CVSS0.03872EPSS
Exploits0References1
Prion
Prion
added 2021/12/07 2:15 p.m.15 views

Authorization

An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation...

6.5CVSS8.6AI score0.03872EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/12/07 1:12 p.m.21 views

CVE-2021-42126

An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation...

8.8AI score0.03872EPSS
Exploits0References1
NVD
NVD
added 2021/05/19 8:15 p.m.18 views

CVE-2020-4646

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5, 6.0.0.0 through 6.0.3.3, and 6.1.0.0 through 6.1.0.2 could allow an authenticated user to view pages they shoiuld not have access to due to improper authorization control...

4.3CVSS0.00727EPSS
Exploits0References2
CVE
CVE
added 2021/05/19 7:40 p.m.63 views

CVE-2020-4646

CVE-2020-4646 affects IBM Sterling B2B Integrator Standard Edition: 5.2.0.0–5.2.6.5, 6.0.0.0–6.0.3.3, and 6.1.0.0–6.1.0.2. An authenticated user could view pages they should not access due to improper authorization controls. IBM confirms remediation: upgrade to 5.2.6.5_4 (5.2.x), 6.0.3.4 (6.0.x),...

4.3CVSS4.4AI score0.00727EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/09/16 4:15 p.m.13 views

Authorization

A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect V3.6.3.574 and prior which allows improper access to executable code folders...

6.5CVSS8.7AI score0.01183EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/09/14 8:15 p.m.24 views

CVE-2020-13313

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to the lack of authorization control...

4.3CVSS0.00981EPSS
Exploits0References3
CVE
CVE
added 2020/09/14 7:40 p.m.65 views

CVE-2020-13313

GitLab CVE-2020-13313 affects GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The root cause is an Authorization flaw that allows an unauthorized project maintainer to edit subgroup badges due to missing access controls. Impact is limited to modification of subgroup badges by unauthorized user...

4.3CVSS4.4AI score0.00981EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/09/14 7:40 p.m.27 views

CVE-2020-13313

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to the lack of authorization control...

4.3CVSS4.6AI score0.00981EPSS
Exploits0References3
Rows per page
Query Builder