Lucene search
K

13 matches found

RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.15 views

CVE-2026-20182

May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this advisory includes Show...

10CVSS6.1AI score0.87693EPSS
Exploits4References1
Tenable Nessus
Tenable Nessus
added 2025/08/07 12:0 a.m.6 views

Azure Linux 3.0 Security Update: polkit (CVE-2025-7519)

The version of polkit installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-7519 advisory. - A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an...

6.7CVSS6.3AI score0.00184EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/07 12:0 a.m.5 views

CBL Mariner 2.0 Security Update: polkit (CVE-2025-7519)

The version of polkit installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-7519 advisory. - A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an...

6.7CVSS6.3AI score0.00184EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/14 1:35 p.m.19 views

CVE-2025-7519 Polkit: xml policy file with a large number of nested elements may lead to out-of-bounds write

A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This issue can lead to a crash or other unexpected behavior, and arbitrary code execution is not discarded. To exploit this flaw, a high-privilege account i...

6.7CVSS0.00184EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/07/14 12:0 a.m.2 views

PT-2025-29465

Name of the Vulnerable Software and Affected Versions: polkit affected versions not specified Description: A flaw exists in polkit where processing an XML policy with 32 or more nested elements in depth can trigger an out-of-bounds write. This can lead to a crash or unexpected behavior, with the...

6.7CVSS6.8AI score0.00184EPSS
Exploits0References54
CVE
CVE
added 2025/01/16 7:30 p.m.75 views

CVE-2024-55954

OpenObserve CVE-2024-55954 affects the DELETE /api/{org_id}/users/{email_id} endpoint, where insufficient role checks in remove_user_from_org allow an Admin to remove a Root user. The root cause is improper authorization within the user management endpoint, enabling a non-root to delete a highest...

8.7CVSS8.4AI score0.00487EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/06 12:0 a.m.4 views

PT-2024-8001 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions 9.1.0 through 10.0.16 Description: The issue is related to incorrect access control in the GLPI system, which can allow a remote attacker to exploit the vulnerability and potentially disclose confidential information. A technici...

10CVSS7.4AI score0.86182EPSS
Exploits9References78
NVD
NVD
added 2021/12/22 7:15 p.m.15 views

CVE-2021-21918

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘namefilter’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery...

7.7CVSS0.01134EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/12/22 6:6 p.m.18 views

CVE-2021-21919

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ord’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack...

7.7CVSS5.7AI score0.01134EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2021/04/11 12:0 a.m.15 views

Business Directory Plugin < 5.11.1 - Arbitrary Add/Edit/Delete Form Field to Stored XSS

The plugin suffered from Cross-Site Request Forgery issues, allowing an attacker to make a logged in administrator add, edit or delete form fields, which could also lead to Stored Cross-Site Scripting issues. Note WPScanTeam: The CSRF has ben fixed and proper capability checks have also been adde...

6.8CVSS1AI score0.00672EPSS
Exploits2Affected Software1
OSV
OSV
added 2021/01/26 6:15 p.m.2 views

CVE-2020-28999

An issue was discovered in Apexis Streaming Video Web Application on Geeni GNC-CW013 doorbell 1.8.1 devices. A remote attacker can take full control of the camera with a high-privileged account. The vulnerability exists because a static username and password are compiled into a shared library...

7.2CVSS5.8AI score0.01713EPSS
Exploits0References2
CVE
CVE
added 2020/04/20 10:41 p.m.64 views

CVE-2020-9279

CVE-2020-9279 affects D-Link DSL-2640B B2 EU_4.01B devices. A hard-coded management-interface account allows login with high privileges, enabling the attacker to perform critical tasks and take full control of the device. The issue is exploitable remotely over the management interface (network ac...

10CVSS9.4AI score0.02187EPSS
Exploits1References3Affected Software1
myhack58
myhack58
added 2010/05/04 12:0 a.m.27 views

The multi-mode Server-bug warning-the black bar safety net

Find the configuration file, read the web site directory under the config. asp config.php conn. asp inc directory find a high-privilege account and password For example: the root password SA password. // CH the following variables, according to the space provided of the account parameters to...

0.3AI score
Exploits0
Rows per page
Query Builder