Lucene search
K

6 matches found

Snyk
Snyk
added 2026/02/06 11:7 p.m.2 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the orderscontroller parameter. An attacker can access sensitive personal information of guest users, such as names, addresses, and phone numbers, by supplying a valid order ID for a...

8.7CVSS5.6AI score0.00441EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/06 10:37 p.m.5 views

CVE-2026-25757

Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 5.0.8, 5.1.10, 5.2.7, and 5.3.2, unauthenticated users can view completed guest orders by Order ID. This issue may lead to disclosure of PII of guest users including names, addresses and phone numbers. This...

8.7CVSS5.3AI score0.00441EPSS
Exploits1References9Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2020-11740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users without active profiling to obtain sensitive information about other guests...

5.5CVSS7AI score0.00434EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/06/04 1:12 p.m.4 views

SUSE CVE-2020-12966

AMD EPYCtm Processors contain an information disclosure vulnerability in the Secure Encrypted Virtualization with Encrypted State SEV-ES and Secure Encrypted Virtualization with Secure Nested Paging SEV-SNP. A local authenticated attacker could potentially exploit this vulnerability leading to...

5.5CVSS4.9AI score0.00313EPSS
Exploits0References3
OSV
OSV
added 2017/10/18 8:29 a.m.5 views

DEBIAN-CVE-2017-15589

An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to obtain sensitive information from the host OS or an arbitrary guest OS because intercepted I/O operations can cause a write of data from uninitialized hypervisor stack memory...

6.5CVSS6.6AI score0.00407EPSS
Exploits0References1
OSV
OSV
added 2016/04/13 3:59 p.m.2 views

DEBIAN-CVE-2015-8555

Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors...

8.6CVSS8.1AI score0.02254EPSS
Exploits0References1
Rows per page
Query Builder