Lucene search
K

10 matches found

Vulnrichment
Vulnrichment
added 2026/03/26 4:23 p.m.3 views

CVE-2026-3115 Guest users can view group member IDs without respecting view restrictions

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to apply view restrictions when retrieving group member IDs, which allows authenticated guest users to enumerate user IDs outside their allowed visibility scope via the group retrieval endpoint...

4.3CVSS5.8AI score0.00231EPSS
Exploits0References1
CVE
CVE
added 2026/01/15 3:52 p.m.14 views

CVE-2021-47819

CVE-2021-47819 affects ProjeQtOr Project Management 9.1.4. A file upload vulnerability in the profile attachment feature allows guest users to upload PHP files, enabling arbitrary code execution by accessing the uploaded file with a crafted request parameter. Metrics indicate critical impact on c...

9.8CVSS7.9AI score0.00381EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/07 9:27 a.m.5 views

CVE-2019-12942

TTLock devices do not properly block guest access in certain situations where the network connection to the cloud is unavailable...

6.5CVSS7AI score0.00756EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-44262

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00489EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-25314

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.0064EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:39 a.m.10 views

CVE-2013-0143

cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string...

6.5CVSS7.7AI score0.06965EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/02/20 8:16 p.m.34 views

XWiki Platform allows remote code execution as guest via SolrSearchMacros request

Impact Any guest can perform arbitrary remote code execution through a request to SolrSearch. This impacts the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on an instance, without being logged in, go to...

9.8CVSS9.8AI score0.99898EPSS
Exploits50References8Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/16 12:0 a.m.3 views

PT-2024-7078 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE/CE versions 11.4 through 17.2.8 GitLab EE/CE versions 17.3 through 17.3.4 GitLab EE/CE versions 17.4 through 17.4.1 Description: The issue is related to errors in the representation of given functions in the GitLab platform, allowin...

4.3CVSS7AI score0.00373EPSS
Exploits1References15
CVE
CVE
added 2024/02/07 12:0 a.m.75 views

CVE-2024-24304

The CVE-2024-24304 affects the Mailjet module for PrestaShop prior to version 3.5.1. A guest can download technical information without restriction due to the underlying design in this module, enabling exposure of internal details. The issue is documented across multiple sources (NVD/Red Hat/CVE ...

7.5CVSS7.4AI score0.00528EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/12 8:53 p.m.5 views

CVE-2023-49099 Discourse secure uploads accessible to guests even when login is required

Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4...

3.1CVSS7.2AI score0.00321EPSS
Exploits0References2
Rows per page
Query Builder