Lucene search
+L

14 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.15 views

EUVD-2020-24572

Malware in sbrugna...

8.1CVSS6.4AI score0.00772EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-31828

Malicious code in bioql PyPI...

9.8CVSS7.6AI score0.0075EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:40 a.m.12 views

CVE-2023-0814

The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to sensitive information disclosure via the usermeta shortcode in versions up to, and including 3.9.0. This is due to insufficient restriction on sensitive user meta values that can be called via that...

6.5CVSS5.7AI score0.00769EPSS
Exploits2References1
NVD
NVD
added 2024/04/16 12:15 a.m.9 views

CVE-2024-0404

A mass assignment vulnerability exists in the /api/invite/:code endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and modifying the HTTP request during the account creation process via an invitation link, an attacker...

9.1CVSS9.1AI score0.00783EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/04/16 12:0 a.m.16 views

CVE-2024-0404 Mass Assignment Vulnerability in mintplex-labs/anything-llm

A mass assignment vulnerability exists in the /api/invite/:code endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and modifying the HTTP request during the account creation process via an invitation link, an attacker...

9.1CVSS6.8AI score0.00783EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/04/16 12:0 a.m.15 views

CVE-2024-0404 Mass Assignment Vulnerability in mintplex-labs/anything-llm

A mass assignment vulnerability exists in the /api/invite/:code endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and modifying the HTTP request during the account creation process via an invitation link, an attacker...

9.1CVSS9.3AI score0.00783EPSS
Exploits1References2
OSV
OSV
added 2024/04/16 12:0 a.m.21 views

CVE-2024-0404 Mass Assignment Vulnerability in mintplex-labs/anything-llm

A mass assignment vulnerability exists in the /api/invite/:code endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and modifying the HTTP request during the account creation process via an invitation link, an attacker...

9.1CVSS7.2AI score0.00783EPSS
Exploits1References4
CVE
CVE
added 2024/04/16 12:0 a.m.110 views

CVE-2024-0404

CVE-2024-0404 describes a mass-assignment vulnerability in the mintplex-labs/anything-llm repository, specifically the "/api/invite/:code" endpoint. The issue allows an attacker to inject a privileged role (admin) during account creation via an invitation link by exploiting missing property allow...

9.1CVSS6.7AI score0.00783EPSS
Exploits1References2Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2022/08/19 12:0 a.m.9 views

VulnCheck KEV: CVE-2022-21662

WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users like author in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been...

8CVSS6.9AI score0.63712EPSS
Exploits0References1
NVD
NVD
added 2022/03/30 8:15 p.m.19 views

CVE-2021-45031

A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords...

9.8CVSS0.0075EPSS
Exploits0References2
Prion
Prion
added 2022/03/30 8:15 p.m.13 views

Design/Logic Flaw

A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords...

7.5CVSS7.2AI score0.0075EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/03/30 7:55 p.m.88 views

CVE-2021-45031

CVE-2021-45031 affects MEPSAN’s USC+ prior to version 3.0. The vulnerability is a weakness in the login function that lets attackers generate passwords for high-privilege accounts, enabling potential unauthorized access and elevation of privileges. Reports consistently identify versions before 3....

9.8CVSS7.3AI score0.0075EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/03/30 7:55 p.m.26 views

CVE-2021-45031 Weak Authentication in Login Function of USC+

A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords...

7.7CVSS7.5AI score0.0075EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/10/16 4:0 a.m.30 views

CVE-2017-15374

Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the...

6.3AI score0.04812EPSS
Exploits7References2
Rows per page
Query Builder