Lucene search
K

269 matches found

CVE
CVE
added 2025/06/23 8:47 a.m.22 views

CVE-2024-3511

CVE-2024-3511 concerns an incorrect authorization flaw affecting multiple WSO2 products that allows unauthorized access to versioned files stored in the registry. The root cause is flawed authorization logic that enables bypass via the management console to retrieve versioned files without proper...

4.3CVSS4.5AI score0.00174EPSS
Exploits0References1Affected Software6
Positive Technologies
Positive Technologies
added 2025/06/23 12:0 a.m.5 views

PT-2025-26582

Name of the Vulnerable Software and Affected Versions: WSO2 products affected versions not specified Description: An incorrect authorization issue exists, allowing unauthorized access to versioned files stored in the registry. This is due to flawed authorization logic, which can be exploited by a...

4.3CVSS5.8AI score0.00174EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 12:32 a.m.7 views

CVE-2022-4888

The Checkout Fields Manager WordPress plugin before 1.0.2, Abandoned Cart Recovery WordPress plugin before 1.2.5, Custom Fields for WooCommerce WordPress plugin before 1.0.4, Custom Order Number WordPress plugin through 1.0.1, Custom Registration Forms Builder WordPress plugin before 1.0.2,...

6.5CVSS6.8AI score0.00269EPSS
Exploits2References1
Veracode
Veracode
added 2025/03/04 2:29 a.m.10 views

Authentication Bypass

github.com/navidrome/navidrome is vulnerable to Authentication Bypass. The vulnerability is due to flawed authentication logic, which allows an attacker to authenticate using any non-existent username and a salted hash of an empty password...

6.9CVSS6.8AI score0.00936EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2019-14809

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is relat...

9.8CVSS7.8AI score0.08359EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/02/11 6:28 p.m.19 views

CVE-2025-25202 Ash Authentication has flawed token revocation checking logic in actions generated by `mix ash_authentication.install`

Ash Authentication is an authentication framework for Elixir applications. Applications which have been bootstrapped by the igniter installer present since AshAuthentication v4.1.0 and who have used the magic link strategy or are manually revoking tokens are affected by revoked tokens being allow...

6.3CVSS0.00288EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/02/06 4:28 a.m.6 views

CVE-2021-31434

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.931. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

7.8CVSS6.8AI score0.02761EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 1:30 a.m.4 views

CVE-2024-11721

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. This makes it possible for unauthenticated...

8.1CVSS6.3AI score0.00529EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/23 12:0 a.m.5 views

PT-2025-3155 · Xerox · Xerox Workplace Suite

Name of the Vulnerable Software and Affected Versions: Xerox Workplace Suite versions prior to 5.6.701.9 Description: A vulnerability in Xerox Workplace Suite arises from flawed token generation and the use of hard-coded keys. These weaknesses allow attackers to predict or forge tokens, leading t...

7.6CVSS9.3AI score0.00259EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/01/09 12:0 a.m.3 views

Infoblox BloxOne 安全漏洞

Infoblox BloxOne is a lightweight mobile agent from Infoblox USA. redirects DNS traffic from remote devices to the BloxOne Threat Defense Cloud. A security vulnerability exists in Infoblox BloxOne version v2.4 that stems from flawed business logic...

9.1CVSS6.8AI score0.00283EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/24 3:31 a.m.18 views

CVE-2024-12582 Skupper: skupper-cli: flawed authentication method may lead to arbitrary file read or denial of service

A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the...

7.1CVSS0.00484EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/12 10:20 a.m.35 views

Security Bulletin: Due to use of cURL libcurl, IBM Event Streams is vunerable to bypass security restrictions.

Summary cURL libcurl is used in IBM Event Streams CVE-2023-28322 Vulnerability Details CVEID:CVE-2023-28322 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw in the logic for a reused handle when it is expected to be changed from a PUT to a...

5.3CVSS6.7AI score0.02211EPSS
Exploits1Affected Software1
CNNVD
CNNVD
added 2024/11/04 12:0 a.m.2 views

MediaTek Chipsets 安全漏洞

MediaTek Chipsets are a variety of chips from China's MediaTek Corporation MediaTek. A security vulnerability exists in MediaTek Chipsets, which stems from an improperly designed architecture, where out-of-bounds reads may occur. An attacker exploiting the vulnerability could gain access to...

4.4CVSS6.7AI score0.00078EPSS
Exploits0References1
NVD
NVD
added 2024/10/07 8:15 p.m.24 views

CVE-2024-45293

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The security scanner responsible for preventing XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure, utilizing white-spaces. On servers that allow users to upload their own Excel XLS...

7.5CVSS0.02859EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/10/03 12:0 a.m.5 views

Optigo ONS-S8 安全漏洞

The Optigo ONS-S8 is an intelligent industrial switch from Optigo. A security vulnerability exists in Optigo ONS-S 81.3.7 and earlier versions, which stems from a web server containing an incomplete authentication process that could lead to an attacker completing authentication without a password...

9.3CVSS6.9AI score0.0052EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/09/24 12:0 a.m.16 views

GLSA-202409-22 : GCC: Flawed Code Generation

The remote host is affected by the vulnerability described in GLSA-202409-22 GCC: Flawed Code Generation A vulnerability has been discovered in GCC. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from the Gentoo Linux...

7.5CVSS6.9AI score0.03207EPSS
Exploits0References3
Gentoo Linux
Gentoo Linux
added 2024/09/24 12:0 a.m.21 views

GCC: Flawed Code Generation

Background The GNU Compiler Collection includes front ends for C, C++, Objective-C, Fortran, Ada, Go, D and Modula-2 as well as libraries for these languages libstdc++,.... Description A vulnerability has been discovered in GCC. Please review the CVE identifier referenced below for details. Impac...

7.5CVSS6.8AI score0.03207EPSS
Exploits0
CNNVD
CNNVD
added 2024/08/22 12:0 a.m.3 views

Kashipara Hotel Management System 安全漏洞

Kashipara Hotel Management System is a hotel management system from Kashipara. A security vulnerability exists in Kashipara Hotel Management System version v1.0, which originates from a flawed access control vulnerability in the file /admin/editroomcontroller.php that allows an unauthenticated...

9.1CVSS6.8AI score0.00488EPSS
Exploits1References3
NVD
NVD
added 2024/07/31 6:15 a.m.25 views

CVE-2024-6695

it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This is due to improper logic flow on the user registration process...

9.8CVSS0.00796EPSS
Exploits1References1
Wallarm Lab
Wallarm Lab
added 2024/07/24 2:3 p.m.21 views

How Can Deliberately Flawed APIs Help In Mastering API Security?

In our recent webinar recent webinar title 'A CISO’s Checklist for Securing APIs and Applications', we delved into the concept of creating an API security playground tailored for both developer and security teams. The core idea revolves around utilizing intentionally vulnerable APIs as training...

8.1AI score
Exploits0
Rows per page
Query Builder