Lucene search
+L

389 matches found

cvelist
cvelist
added 2025/03/20 10:10 a.m.15 views

CVE-2024-6841 CSRF in vanna-ai/vanna

A Cross-Site Request Forgery CSRF vulnerability exists in the latest commit 56b782bcefd2e59b19cd7ba7878b95f54884f502 of the vanna-ai/vanna repository. Two endpoints in the built-in web app that provide SQL functionality are implemented as simple GET requests, making them susceptible to CSRF...

6.5CVSS0.00232EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/03/20 10:10 a.m.5 views

CVE-2024-6841 CSRF in vanna-ai/vanna

A Cross-Site Request Forgery CSRF vulnerability exists in the latest commit 56b782bcefd2e59b19cd7ba7878b95f54884f502 of the vanna-ai/vanna repository. Two endpoints in the built-in web app that provide SQL functionality are implemented as simple GET requests, making them susceptible to CSRF...

6.5CVSS6.9AI score0.00232EPSS
Exploits0References1
cve
cve
added 2025/03/20 10:10 a.m.39 views

CVE-2024-6841

The CVE-2024-6841 CSRF vulnerability affects the vanna-ai/vanna repository’s built‑in web app with two GET endpoints that execute SQL. Root cause: requests can trigger arbitrary SQL commands via CSRF without requiring authentication, enabling data alteration or deletion (read access not possible)...

6.5CVSS7.9AI score0.00232EPSS
Exploits0References1
osv
osv
added 2025/01/21 9:15 p.m.7 views

CVE-2025-21517

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are Prior to 9.2.9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseO...

4.3CVSS7.3AI score0.0039EPSS
Exploits0References1
cnnvd
cnnvd
added 2024/09/24 12:0 a.m.3 views

Stormshield Network Security 安全漏洞

Stormshield Network Security SNS is a next-generation UTM Unified Threat Management firewall from the French company Stormshield. A security vulnerability exists in Stormshield Network Security that stems from an attacker's ability to alter data by bypassing access restrictions through...

6.7AI score
Exploits0References1
osv
osv
added 2024/07/10 7:18 p.m.23 views

CVE-2024-37148 GLPI allows account takeover via SQL Injection in AJAX scripts

GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in some AJAX scripts to alter another user account data and take control of it. Upgrad...

8.1CVSS8.1AI score0.20229EPSS
Exploits0References3
cnvd
cnvd
added 2024/07/09 12:0 a.m.20 views

MediaWiki suffers from an unspecified vulnerability (CNVD-2024-31365)

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. MediaWiki has a security vulnerability that stems from the presence of cross-site request forgery CSRF,...

4.3CVSS6.8AI score0.002EPSS
Exploits0References1
cnnvd
cnnvd
added 2024/07/07 12:0 a.m.4 views

MediaWiki 安全漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. MediaWiki has a security vulnerability that stems from the presence of cross-site request forgery CSRF,...

4.3CVSS6.8AI score0.002EPSS
Exploits0References2
jvn
jvn
added 2024/06/18 12:0 a.m.27 views

JVN#00442488: Multiple vulnerabilities in Ricoh Streamline NX PC Client

Ricoh Streamline NX PC Client provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below. Improper restriction of communication channel to intended endpoints CWE-923 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Base Score 6.3 CVE-2024-36252 ricoh-2024-000004 Use of hard-coded...

9.8CVSS7.3AI score0.00507EPSS
Exploits0
cve
cve
added 2024/06/11 4:27 a.m.74 views

CVE-2024-31403

Cybozu Garoon 5.0.0–6.0.0 contains an incorrect authorization vulnerability that allows a remote authenticated attacker to alter and/or obtain Memo data due to improper restriction of memo access. Public sources (NVD, Red Hat, JVN, CNNVD, CNVD, CVE listings) confirm the impact and note the soluti...

5.4CVSS6.6AI score0.00288EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2024/06/11 4:27 a.m.22 views

CVE-2024-31403

Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo...

6.6AI score0.00288EPSS
Exploits0References2
cvelist
cvelist
added 2024/06/11 4:27 a.m.28 views

CVE-2024-31403

Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo...

0.00288EPSS
Exploits0References2
wpvulndb
wpvulndb
added 2024/05/29 12:0 a.m.18 views

BookingPress < 1.0.83 - Missing Authorization to Appointment Time Alteration

Description The BookingPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on a function in versions up to, and including, 1.0.82. This makes it possible for unauthenticated attackers to alter the duration of appointments...

6.5CVSS9.2AI score0.00368EPSS
Exploits0References1Affected Software1
jvn
jvn
added 2024/05/13 12:0 a.m.60 views

JVN#28869536: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Improper handling of data in Mail CWE-231 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Base Score 4.9 CVE-2024-31397 CyVDB-3167 Improper restriction on the output of some API CWE-201...

9CVSS5.5AI score0.00504EPSS
Exploits0
bdu_fstec
bdu_fstec
added 2024/04/30 12:0 a.m.9 views

The vulnerability of the Forminator plugin of the WordPress content management system allows a hacker to alter arbitrary data and trigger a service failure.

The vulnerability of the Forminator plugin of the WordPress content management system is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to alter arbitrary data and cause service failures...

9CVSS8AI score0.30361EPSS
Exploits0References5Affected Software1
github
github
added 2024/04/12 5:25 p.m.35 views

Mautic SQL Injection in dynamic Reports

Impact Prior to the patched version, logged in users of Mautic are vulnerable to an SQL injection vulnerability in the Reports bundle. The user could retrieve and alter data like sensitive data, login, and depending on database permission the attacker can manipulate file systems. Patches Update t...

7.2CVSS7.9AI score0.00593EPSS
Exploits0References5Affected Software1
bdu_fstec
bdu_fstec
added 2024/04/01 12:0 a.m.7 views

The vulnerability of the CRI-O Container Engine’s application programming interface allows a attacker to disclose confidential information or alter arbitrary data.

The vulnerability of the CRI-O Container Engine’s application programming interface, a software platform for managing clusters of virtual machines in Kubernetes, is related to improper access control. Exploiting this vulnerability can allow an attacker to disclose confidential information or alte...

7.1CVSS6.3AI score0.0037EPSS
Exploits1References4Affected Software2
osv
osv
added 2024/03/18 9:15 a.m.5 views

CVE-2024-28039

Improper restriction of XML external entity references vulnerability exists in FitNesse all releases, which allows a remote unauthenticated attacker to obtain sensitive information, alter data, or cause a denial-of-service DoS condition...

5.8CVSS5.8AI score0.00726EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2024/03/18 8:13 a.m.10 views

CVE-2024-28039

Improper restriction of XML external entity references vulnerability exists in FitNesse all releases, which allows a remote unauthenticated attacker to obtain sensitive information, alter data, or cause a denial-of-service DoS condition...

6.9AI score0.00726EPSS
Exploits0References4
osv
osv
added 2024/03/06 10:52 a.m.31 views

BIT-DRUPAL-2022-25278

Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules...

6.5CVSS6.4AI score0.0059EPSS
Exploits0References2
Rows per page
Query Builder