Lucene search
K

21 matches found

NVD
NVD
added 2026/01/22 5:15 p.m.6 views

CVE-2025-47555

Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through = 3.9.4...

3.8CVSS0.00295EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/18 12:0 a.m.10 views

Quick Heal Antivirus Pro 安全漏洞

Quick Heal Antivirus Pro is an antivirus software from Quick Heal India. A security vulnerability exists in Quick Heal Antivirus Pro version 24.1.0.182 and prior versions, which stems from the presence of faulty access control that allows an authenticated attacker with low-level privileges to...

6.5CVSS6.6AI score0.00304EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/08 12:0 a.m.2 views

Northern.tech Mender 安全漏洞

Northern.tech Mender is a secure and reliable remote update solution from Northern.tech, Inc. It is suitable for connected devices of any size. A security vulnerability exists in Northern.tech Mender versions prior to 3.6.5 and 3.7.x prior to 3.7.5 that stems from the presence of faulty access...

5.3CVSS6.8AI score0.00255EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/03 12:0 a.m.1 views

Bandisoft BandiView 安全漏洞

Bandisoft bandiview is an image viewer and editor software from the Korean company Bandisoft. A security vulnerability exists in Bandisoft BandiView version 7.05, which stems from the presence of faulty access control via sub0x232bd8, resulting in a denial of service DOS...

6.3CVSS6.7AI score0.00425EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/09/16 12:0 a.m.4 views

Kashipara Music Management System 安全漏洞

Kashipara Music Management System is a music management system from Kashipara. A security vulnerability exists in Kashipara Music Management System version v1.0, which stems from faulty access control in /music/ajax.php?action=deletegenre, which could allow an unauthenticated attacker to delete...

5.9CVSS6.8AI score0.00231EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.5 views

BookStack Security Breach

BookStack is a simple, self-hosted, easy-to-use platform from BookStack, Inc. for organizing and storing information. A security vulnerability exists in BookStack versions prior to v24.05.1 that stems from the presence of faulty access controls that allow an attacker to identify existing system...

7.5CVSS6.9AI score0.00646EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/06/20 12:0 a.m.7 views

Northern.tech Mender security breach

Northern.tech Mender is a secure and reliable remote update solution from Northern.tech, Inc. for connected devices of any size. A security vulnerability exists in Northern.tech Mender that stems from the presence of faulty access control, resulting in an attacker privilege that can be escalated...

8.8CVSS6.8AI score0.00384EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/06/07 12:0 a.m.4 views

The vulnerability of the kruise-daemon component in the Kubernetes Kruise automation application allows a malicious individual to gain unauthorized access to protected information and increase their privileges.

The vulnerability of the kruise-daemon component in the Kubernetes application automation tool involves deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information and increase their privileges...

8.5CVSS6.5AI score0.00489EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/03/07 12:0 a.m.4 views

Lustre Security Vulnerabilities

Lustre is a Lustre community effort to provide a globally consistent POSIX-compatible distributed parallel file system for large-scale computing systems. A security vulnerability exists in Lustre versions 2.13.x through prior to 2.15.4, which stems from a vulnerability that could allow an attacke...

9.1CVSS6.5AI score0.00504EPSS
Exploits0References3
OSV
OSV
added 2023/12/06 3:15 p.m.2 views

CVE-2023-48859

TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code...

8.8CVSS6AI score0.01201EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/09/26 12:0 a.m.3 views

ieGeek IG20 安全特征问题漏洞

The ieGeek IG20 is a webcam from ieGeek. A security vulnerability exists in the ieGeek IG20 hipcam RealServer version V1.0, which stems from a predictability flaw in the algorithm that generates the device id uid as a result of its faulty access control, allowing a remote attacker to directly...

6.5CVSS6.7AI score0.01008EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/06/24 12:0 a.m.3 views

IBM Cognos Analytics 安全漏洞

IBM Cognos Analytics is a suite of business intelligence software from IBM Corporation in the United States. IBM Cognos Analytics versions 11.2.1, 11.2.0 and 11.1.7 contain an information disclosure vulnerability that stems from faulty access controls that could be exploited by a low-level attack...

6.5CVSS5.6AI score0.00909EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/05/12 12:0 a.m.5 views

Sysaid Technologies SysAid 安全漏洞

Sysaid Technologies SysAid is a suite of IT service management solutions from Sysaid Technologies, Israel. Sysaid Technologies Sysaid suffers from a security vulnerability that stems from faulty access control. An attacker can exploit the vulnerability to receive sensitive data such as server...

9CVSS8AI score0.00556EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/09/08 12:0 a.m.4 views

Autumn 安全漏洞

Autumn is a collection of Web subsystems designed to provide general purpose Web system solutions. A security vulnerability exists in Autumn v1.0.4 and earlier versions that stems from incorrect access control. The vulnerability allows remote attackers to obtain plaintext login credentials via th...

7.5CVSS7.3AI score0.00942EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/04/09 12:0 a.m.4 views

Samsung SMR 安全漏洞

Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. A path traversal vulnerability exists in versions prior to SMR APR-2021 Release 1, which stems from faulty access control and can be exploited by an attacker to read or write...

8.8CVSS5.8AI score0.00167EPSS
Exploits0References3
CNVD
CNVD
added 2020/08/17 12:0 a.m.2 views

Intel PAC with Arria 10 GX FPGA Elevation of Privilege Vulnerability

Intel PAC with Arria 10 GX FPGA and Intel Acceleration Stack are both products of Intel Corporation, U.S.A. Intel PAC with Arria 10 GX FPGA is a programmable acceleration card that uses Intel Arria 10 GX FPGAs Field Programmable Gate Arrays. Intel Acceleration Stack is an acceleration stack that...

6.7CVSS6.6AI score0.00322EPSS
Exploits0References1
CNVD
CNVD
added 2020/06/04 12:0 a.m.2 views

Grafana Code Issues Vulnerabilities

Grafana is a set of open source monitoring tools from Grafana Labs that provide a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. A remote code execution vulnerability exists in the avatar feature in Grafana versions...

8.2CVSS8AI score0.99856EPSS
Exploits5References1
CNVD
CNVD
added 2020/03/19 12:0 a.m.3 views

ONAP Service Design and Creation Code Injection Vulnerability (CNVD-2020-24673)

ONAP Service Design and Creation SDC is a set of visual modeling and design tools for the ONAP project. A code injection vulnerability exists in ONAP SDC Dublin and prior versions that stems from faulty access control. A remote attacker can exploit this vulnerability by accessing port 7001 of the...

9.8CVSS8.2AI score0.02065EPSS
Exploits1
CNVD
CNVD
added 2020/03/19 12:0 a.m.3 views

ONAP Service Design and Creation Code Injection Vulnerability

ONAP Service Design and Creation SDC is a set of visual modeling and design tools for the ONAP project. A code injection vulnerability exists in ONAP SDC Dublin and prior versions that stems from faulty access control. A remote attacker can exploit this vulnerability by accessing port 7000 of the...

9.8CVSS8.2AI score0.02065EPSS
Exploits1
OSV
OSV
added 2018/02/08 11:29 p.m.1 views

DEBIAN-CVE-2017-15914

Incorrect implementation of access controls allows remote users to override repository restrictions in Borg servers 1.1.x before 1.1.3...

8.8CVSS8.6AI score0.01938EPSS
Exploits0References1
Rows per page
Query Builder