Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2001-1348

Malware in sbrugna...

10CVSS6.4AI score0.00933EPSS
Exploits0References4
NVD
NVDadded 2025/09/23 10:15 a.m.2 views

CVE-2025-7106

danny-avila/librechat is affected by an authorization bypass vulnerability due to improper access control checks. The checkAccess function in api/server/middleware/roles/access.js uses permissions.some to validate permissions, which incorrectly grants access if only one of multiple required...

5.3CVSS0.00036EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/09/23 12:0 a.m.3 views

PT-2025-39160

Name of the Vulnerable Software and Affected Versions librechat versions prior to the fix Description An authorization bypass exists due to incorrect access control checks. The checkAccess function within api/server/middleware/roles/access.js utilizes permissions.some for permission validation,...

5.3CVSS5.4AI score0.00036EPSS
Exploits0References7
CNNVD
CNNVDadded 2025/09/23 12:0 a.m.2 views

LibreChat 访问控制错误漏洞

LibreChat is an enhanced ChatGPT clone by Danny Avila Personal Developer. LibreChat suffers from an Access Control Error vulnerability that stems from the checkAccess function in api/server/middleware/roles/access.js that uses permissions.some for permission validation, resulting in improper acce...

5.3CVSS5.5AI score0.00036EPSS
Exploits0References3
Cvelist
Cvelistadded 2024/06/27 6:46 p.m.17 views

CVE-2024-6086 Improper Access Control in lunary-ai/lunary

In version 1.2.7 of lunary-ai/lunary, any authenticated user, regardless of their role, can change the name of an organization due to improper access control. The function checkAccess is not implemented, allowing users with the lowest privileges, such as the 'Prompt Editor' role, to modify...

5.3CVSS0.00106EPSS
Exploits1References2
CVE
CVEadded 2019/09/05 9:34 p.m.138 views

CVE-2019-2175

CVE-2019-2175 affects Android 9; in SliceManagerService.java, checkAccess has an incorrect argument order that can bypass permissions and enable local privilege escalation with user interaction required. Affected component is the Android Framework (SliceManagerService) on Android 9. The issue is ...

7.8CVSS7.7AI score0.00013EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2004/09/01 4:0 a.m.38 views

CVE-2001-1367

The CVE-2001-1367 entry concerns PHPSlice, specifically the checkAccess function. Affected versions 0.1.1 through 0.1.6 (including 0.1.4) do not properly verify administrative access level, enabling remote attackers to gain privileges. Documented impact is privilege escalation. A temporary mitiga...

10CVSS7.3AI score0.00933EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologiesadded 2001/07/19 12:0 a.m.1 views

PT-2001-2489 · Phpslice · Phpslice

Name of the Vulnerable Software and Affected Versions: PHPSlice versions 0.1.1 through 0.1.6 Description: The issue concerns the checkAccess function, which does not properly verify the administrative access level. This could allow remote attackers to gain privileges. Recommendations: For PHPSlic...

10CVSS7AI score0.00933EPSS
Exploits0References4
Rows per page
Query Builder