Lucene search
K

541 matches found

WPVulnDB
WPVulnDB
added 2025/10/01 12:0 a.m.13 views

WP < 6.8.3 - Contributor+ Sensitive Data Disclosure

Description WordPress is affected by a data exposure issue which could allow contributor and above roles to access some restricted content...

4.3CVSS6.6AI score0.0025EPSS
Exploits0References2
NVD
NVD
added 2025/09/29 3:16 p.m.6 views

CVE-2025-55795

The openml/openml.org web application version v2.0.20241110 uses incremental user IDs and insufficient email ownership verification during email update workflows. An authenticated attacker controlling a user account with a lower user ID can update their email address to that of another user with ...

3.5CVSS0.00281EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/09/27 9:42 a.m.8 views

CVE-2025-10871

An issue has been discovered in GitLab EE affecting all versions from 16.6 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1. Project Maintainers can exploit a vulnerability where they can assign custom roles to users with permissions exceeding their own, effectively granting themselves...

7.2CVSS6.8AI score0.00352EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/26 3:55 p.m.4 views

CVE-2025-40837

Ericsson Indoor Connect 8855 contains a missing authorization vulnerability which if exploited can allow access to the system as a user with higher privileges than intended...

8.8CVSS6.8AI score0.00276EPSS
Exploits0References1
NVD
NVD
added 2025/09/26 9:15 a.m.3 views

CVE-2025-10871

An issue has been discovered in GitLab EE affecting all versions from 16.6 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1. Project Maintainers can exploit a vulnerability where they can assign custom roles to users with permissions exceeding their own, effectively granting themselves...

7.2CVSS0.00352EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/26 9:4 a.m.1 views

CVE-2025-10871 Missing Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions from 16.6 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1. Project Maintainers can exploit a vulnerability where they can assign custom roles to users with permissions exceeding their own, effectively granting themselves...

3.8CVSS6.5AI score0.00352EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/26 9:4 a.m.6 views

CVE-2025-10871 Missing Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions from 16.6 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1. Project Maintainers can exploit a vulnerability where they can assign custom roles to users with permissions exceeding their own, effectively granting themselves...

3.8CVSS0.00352EPSS
Exploits0References1
OSV
OSV
added 2025/09/26 9:4 a.m.5 views

CVE-2025-10871 Missing Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions from 16.6 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1. Project Maintainers can exploit a vulnerability where they can assign custom roles to users with permissions exceeding their own, effectively granting themselves...

3.8CVSS6.5AI score0.00352EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2025/09/26 9:4 a.m.4 views

CVE-2025-10871

Removed by vendor...

7.2CVSS5.8AI score0.00352EPSS
Exploits0
CNNVD
CNNVD
added 2025/09/26 12:0 a.m.3 views

GitLab Enterprise Edition 安全漏洞

GitLab Enterprise Edition EE is a content management system from the American company GitLab. A security vulnerability exists in GitLab Enterprise Edition versions 16.6 through 18.2.7 prior, 18.3 through 18.3.3 prior, and 18.4 through 18.4.1 prior, which stems from the ability of a project...

7.2CVSS6.4AI score0.00352EPSS
Exploits0References3
OSV
OSV
added 2025/09/25 3:16 p.m.2 views

CVE-2025-40837

Ericsson Indoor Connect 8855 contains a missing authorization vulnerability which if exploited can allow access to the system as a user with higher privileges than intended...

8.8CVSS5.8AI score0.00276EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/25 2:52 p.m.4 views

CVE-2025-40837 Ericsson Indoor Connect 8855 - Missing Authorization Vulnerability

Ericsson Indoor Connect 8855 contains a missing authorization vulnerability which if exploited can allow access to the system as a user with higher privileges than intended...

8.7CVSS6.3AI score0.00276EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/25 2:52 p.m.8 views

CVE-2025-40837 Ericsson Indoor Connect 8855 - Missing Authorization Vulnerability

Ericsson Indoor Connect 8855 contains a missing authorization vulnerability which if exploited can allow access to the system as a user with higher privileges than intended...

8.7CVSS0.00276EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/08 12:0 a.m.8 views

Google Android elevation of privilege vulnerability (CNVD-2025-23035)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain higher privileges on the system...

3.2CVSS7.4AI score0.00101EPSS
Exploits0References1
OSV
OSV
added 2025/09/05 5:10 p.m.1 views

MAL-2025-44192 Malicious code in exchange-liquid-higher (npm)

The package exchange-liquid-higher was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/05 5:10 p.m.2 views

Malicious code in exchange-liquid-higher (npm)

The package exchange-liquid-higher was found to contain malicious code...

7AI score
Exploits0
CNNVD
CNNVD
added 2025/09/04 12:0 a.m.5 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain higher privileges on the system...

7.8CVSS7.2AI score0.00089EPSS
Exploits0References3
CNVD
CNVD
added 2025/08/28 12:0 a.m.2 views

Google Android elevation of privilege vulnerability (CNVD-2025-19993)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain higher privileges on the system...

8CVSS7.4AI score0.00186EPSS
Exploits0References1
Snyk
Snyk
added 2025/08/26 5:20 p.m.5 views

Use of Externally-Controlled Format String

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.8CVSS7.7AI score0.04065EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/08/26 12:0 a.m.4 views

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain higher privileges on the system...

8CVSS7.2AI score0.00186EPSS
Exploits0References4
Rows per page
Query Builder