Lucene search
+L

50 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-54316

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00268EPSS
Exploits1References2
Wallarm Lab
Wallarm Lab
added 2025/10/02 11:0 a.m.5 views

API Attack Awareness: Broken Object Level Authorization (BOLA) – Why It Tops the OWASP API Top 10

For this Cybersecurity Awareness Month, we thought it important to draw attention to some of the most common and dangerous API vulnerabilities. This week, we’re starting with Broken Object Level Authorization BOLA. BOLA vulnerabilities top the OWASP API Top Ten. And for good reason: they’re...

6.7AI score
Exploits0
Wallarm Lab
Wallarm Lab
added 2025/03/31 12:25 p.m.9 views

Unsolved Challenge: Why API Access Control Vulnerabilities Remain a Major Security Risk

Despite advancements in API security, access control vulnerabilities, such as broken object-level authentication BOLA and broken function-level authentication BFLA, remain almost impossible to detect. This blog will explore why these vulnerabilities are so difficult to detect, the limitations of...

8.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/03/29 12:25 a.m.20 views

CVE-2024-55070

A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions...

3.1CVSS7.1AI score0.00237EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/29 12:24 a.m.19 views

CVE-2024-55073

A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...

7.6CVSS7.1AI score0.00289EPSS
Exploits1References1
NVD
NVD
added 2025/03/27 8:15 p.m.17 views

CVE-2024-55070

A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions...

3.1CVSS0.00237EPSS
Exploits1References2
NVD
NVD
added 2025/03/27 7:15 p.m.25 views

CVE-2024-55072

A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...

5.4CVSS0.00268EPSS
Exploits1References2
NVD
NVD
added 2025/03/27 7:15 p.m.14 views

CVE-2024-55073

A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...

7.6CVSS0.00289EPSS
Exploits1References2
CVE
CVE
added 2025/03/27 12:0 a.m.85 views

CVE-2024-55072

CVE-2024-55072 affects hay-kot Mealie v2.2.0. The issue is Broken Object Level Authorization in the /api/users/{user-id} endpoint, allowing a user to edit their own profile to grant themselves more permissions or alter their household. The root cause is improper access control on user objects, en...

5.4CVSS5.5AI score0.00268EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2025/03/27 12:0 a.m.90 views

CVE-2024-55073

Vulnerability overview (CVE-2024-55073): hay-kot mealie v2.2.0 has a Broken Object Level Authorization on the /api/users/{user-id} endpoint that lets a user edit their own profile to grant more permissions or change their household. Root cause: improper enforcement of access controls on user-id s...

7.6CVSS7.4AI score0.00289EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/27 12:0 a.m.7 views

CVE-2024-55070

A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions...

3.9AI score0.00237EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/03/27 12:0 a.m.10 views

CVE-2024-55073

A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...

7.4AI score0.00289EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/03/27 12:0 a.m.10 views

CVE-2024-55072

A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...

5.5AI score0.00268EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/03/27 12:0 a.m.13 views

CVE-2024-55070

A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions...

0.00237EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/03/27 12:0 a.m.22 views

CVE-2024-55072

A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...

0.00268EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/03/27 12:0 a.m.25 views

CVE-2024-55073

A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...

0.00289EPSS
Exploits1References2
CVE
CVE
added 2025/03/27 12:0 a.m.57 views

CVE-2024-55070

CVE-2024-55070 affects hay-kot mealie v2.2.0. The vulnerability is a Broken Object Level Authorization in the component at /households/permissions, enabling group managers to edit their own permissions. Documented impact is limited to this privilege escalation vector (group managers changing thei...

3.1CVSS6.5AI score0.00237EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/03/27 12:0 a.m.10 views

CVE-2024-55072

A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...

5.4CVSS6.7AI score0.00268EPSS
Exploits1References4
Veracode
Veracode
added 2025/01/23 1:58 p.m.13 views

Broken Object Level Authorization

Indico is vulnerable to a Broken Object Level Authorization BOLA vulnerability. The vulnerability is due to insufficient access control in the /api/principals component, which allows attackers to retrieve information about other user accounts by sending crafted POST requests...

7.5CVSS6.7AI score0.00603EPSS
Exploits2References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/01/16 6:31 p.m.15 views

Indico Insecure Access

A Broken Object Level Authorization BOLA vulnerability in Indico v3.2.9 allows attackers to access sensitive information via sending a crafted POST request to the component /api/principals...

7.5CVSS6.3AI score0.00603EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder