Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:30 p.m.21 views

CVE-2025-48070

Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer that allows users to change fields that are meant to be read-only, such as email. This can lead to account takeover when chained with another vulnerability such as cross-site...

4.3CVSS6.1AI score0.00227EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/21 10:11 p.m.9 views

CVE-2025-48070 Plane has insecure permissions in UserSerializer

Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer that allows users to change fields that are meant to be read-only, such as email. This can lead to account takeover when chained with another vulnerability such as cross-site...

3.5CVSS3.7AI score0.00227EPSS
Exploits1References2
OSV
OSV
added 2025/05/21 10:11 p.m.7 views

CVE-2025-48070 Plane has insecure permissions in UserSerializer

Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer that allows users to change fields that are meant to be read-only, such as email. This can lead to account takeover when chained with another vulnerability such as cross-site...

3.5CVSS6.2AI score0.00227EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/05/21 10:11 p.m.17 views

CVE-2025-48070 Plane has insecure permissions in UserSerializer

Plane is open-source project management software. Versions prior to 0.23 have insecure permissions in UserSerializer that allows users to change fields that are meant to be read-only, such as email. This can lead to account takeover when chained with another vulnerability such as cross-site...

3.5CVSS0.00227EPSS
Exploits1References2
Rows per page
Query Builder