Lucene search
K

8 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-25766

Malicious code in bioql PyPI...

7.8CVSS7.6AI score0.0016EPSS
Exploits0References1
OSV
OSV
added 2025/06/20 3:30 p.m.4 views

GHSA-4578-6GJH-F2JM Mattermost allows an unauthorized Guest user access to Playbook

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly retrieve requestorInfo from playbooks handler for guest users which allows an attacker access to the playbook run...

4.3CVSS7.1AI score0.00245EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/06/20 2:31 p.m.11 views

CVE-2025-3228 Unauthorized Guest user access to Playbook

Mattermost versions 10.5.x = 10.5.5, 9.11.x = 9.11.15, 10.8.x = 10.8.0, 10.7.x = 10.7.2, 10.6.x = 10.6.5 fail to properly retrieve requestorInfo from playbooks handler for guest users which allows an attacker access to the playbook run...

4.3CVSS0.00245EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:31 a.m.11 views

CVE-2024-48245

Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include "Booking ID", "Action Name", and "Payment Confirmation ID", which...

7.2CVSS7.5AI score0.00998EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:58 a.m.9 views

CVE-2023-6202

Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user to get their information e.g. name, surname, nickname via Mattermost Boards...

4.3CVSS4.4AI score0.00443EPSS
Exploits0References1
NVD
NVD
added 2025/01/07 4:15 p.m.10 views

CVE-2024-48245

Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include "Booking ID", "Action Name", and "Payment Confirmation ID", which...

7.2CVSS0.00998EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/12/16 12:0 a.m.1 views

CVE-2022-20522

In getSlice of ProviderModelSlice.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...

7.7AI score0.00156EPSS
Exploits0References1
OSV
OSV
added 2022/12/01 12:0 a.m.6 views

PUB-A-227470877

In getSlice of ProviderModelSlice.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7AI score0.00156EPSS
Exploits0References2
Rows per page
Query Builder