Lucene search
K

107903 matches found

IBM Security Bulletins
IBM Security Bulletins
added 1 hour ago5 views

Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in DataView

Summary IBM SPSS Modeler is affected by multiple vulnerabilities in DataView. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2023-44981 DESCRIPTION: Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer...

9.1CVSS7.5AI score0.02667EPSS
Exploits2Affected Software1
Cvelist
Cvelist
added 13 hours ago10 views

CVE-2026-6851 Improper link resolution before file access in Bitdefender Total Security via Link Following (VA-13681)

An Improper link resolution before file access 'link following' vulnerability in the File Shredder module as used in Bitdefender Total Security and Internet Security on Windows allows a less-privileged local user to elevate rights by leveraging a race conditions via Symbolic Links. This issue...

7CVSS
Exploits0References1
EUVD
EUVD
added 13 hours ago5 views

EUVD-2026-43632

An Improper link resolution before file access 'link following' vulnerability in the File Shredder module as used in Bitdefender Total Security and Internet Security on Windows allows a less-privileged local user to elevate rights by leveraging a race conditions via Symbolic Links. This issue...

7CVSS6.1AI score
Exploits0References1
Nuclei
Nuclei
added 13 hours ago159 views

Adobe Connect < 12.1.5 - Local File Disclosure

Adobe Connect versions 11.4.5 and earlier, 12.1.5 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not...

5.3CVSS6.2AI score0.81875EPSS
Exploits4References4
Nuclei
Nuclei
added 13 hours ago113 views

WordPress WPQA <5.5 - Improper Access Control

WordPress WPQA plugin before 5.5 is susceptible to improper access control. The plugin lacks authentication in a REST API endpoint. An attacker can potentially discover private questions sent between users on the site. id: CVE-2022-1598 info: name: WordPress WPQA 5.5 - Improper Access Control...

5.3CVSS6.2AI score0.05076EPSS
Exploits2References5
Nuclei
Nuclei
added 13 hours ago52 views

Gradio - Open Redirect

An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting XSS, Server-Side Request Forgery SSRF, amongst others. This...

6.1CVSS6.3AI score0.01021EPSS
Exploits1References1
Nuclei
Nuclei
added 13 hours ago27 views

WordPress Easy Student Results <=2.2.8 - Improper Authorization

WordPress Easy Student Results plugin through 2.2.8 is susceptible to information disclosure. The plugin lacks authorization in its REST API, which can allow an attacker to retrieve sensitive information related to courses, exams, and departments, as well as student grades and information such as...

7.5CVSS7AI score0.02801EPSS
Exploits2References5
Nuclei
Nuclei
added 13 hours ago42 views

CirCarLife <4.3 - Improper Authentication

CirCarLife before 4.3 is susceptible to improper authentication. A system software information disclosure exists due to lack of authentication for /html/device-id. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2018-16671 info: name:...

5.3CVSS6.5AI score0.08851EPSS
Exploits5References5
Nuclei
Nuclei
added 13 hours ago34 views

CirCarLife <4.3 - Improper Authentication

CirCarLife before 4.3 is susceptible to improper authentication. An internal installation path disclosure exists due to the lack of authentication for /html/repository.System. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2018-16668 inf...

5.3CVSS6.8AI score0.09512EPSS
Exploits5References5
Nuclei
Nuclei
added 13 hours ago43 views

QNAP HBS 3 - Broken Access Control

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 Hybrid Backup Sync. If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to...

10CVSS7.1AI score0.78395EPSS
Exploits0References4
Nuclei
Nuclei
added 13 hours ago65 views

kkFileView 4.0 - Server-Side Request Forgery

kkFileView 4.0 contains a server-side request forgery caused by improper validation in OnlinePreviewController.java, letting attackers induce the server to make arbitrary requests, exploit requires sending crafted requests. id: CVE-2022-42149 info: name: kkFileView 4.0 - Server-Side Request Forge...

9.8CVSS7.1AI score0.0219EPSS
Exploits0References2
Nuclei
Nuclei
added 13 hours ago16 views

Profile Builder < 3.4.9 - Improper Authentication

The Profile Builder plugin before 3.4.9 for WordPress allows unauthenticated attackers to gain administrative access by exploiting an improper authentication vulnerability in the password reset functionality. An attacker can reset the password of any user, including administrators, without proper...

10CVSS7AI score0.07696EPSS
Exploits2References2
Nuclei
Nuclei
added 13 hours ago23 views

ProjectSend <= r1605 - Improper Authorization

An improper authorization check was identified within ProjectSend version r1605 that allows an attacker to perform sensitive actions such as enabling user registration and auto validation, or adding new entries in the whitelist of allowed extensions for uploaded files. Ultimately, this allows to...

9.8CVSS7.4AI score0.91559EPSS
Exploits4References3
Nuclei
Nuclei
added 13 hours ago15 views

vCenter Server - Improper Access Control

Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed. id: CVE-2021-22017 info: name:...

5.3CVSS6.8AI score0.47642EPSS
Exploits0References3
Nuclei
Nuclei
added 13 hours ago11 views

Zimbra Collaboration Suite < 8.8.15 - Improper Encoding

An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 update 1, as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing...

6.1CVSS6.8AI score0.3106EPSS
Exploits2References2
Nuclei
Nuclei
added 13 hours ago162 views

Tenda AC1200 V-W15Ev2 - Authentication Bypass

The Tenda AC1200 V-W15Ev2 router is affected by improper authorization/improper session management. The software does not perform or incorrectly perform an authorization check when a user attempts to access a resource or perform an action. This allows the router's login page to be bypassed. The...

4.9CVSS6.2AI score0.28802EPSS
Exploits1References2
Nuclei
Nuclei
added 13 hours ago76 views

Dapr Dashboard 0.1.0-0.10.0 - Improper Access Control

Dapr Dashboard 0.1.0 through 0.10.0 is susceptible to improper access control. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-38817 info: name: Dapr Dashboard 0.1.0-0.10.0 - Improper Access Control author: For3stCo1d...

7.5CVSS7AI score0.02941EPSS
Exploits1References5
Nuclei
Nuclei
added 13 hours ago57 views

Citrix ADC/Gateway - Cross-Site Scripting

Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 contain a cross-site scripting vulnerability due to improper input validation. id: CVE-2020-8191 info: name: Citrix...

6.1CVSS6.6AI score0.22941EPSS
Exploits0References5
Nuclei
Nuclei
added 13 hours ago67 views

OpenCATS - Open Redirect

OpenCATS contains an open redirect vulnerability due to improper validation of user-supplied GET parameters. This, in turn, exposes OpenCATS to possible template injection and obtaining sensitive information, modifying data, and/or executing unauthorized operations. id: CVE-2023-27292 info: name:...

5.4CVSS6.2AI score0.01027EPSS
Exploits1References3
Nuclei
Nuclei
added 13 hours ago48 views

WAVLINK WN535 G3 - Improper Access Control

WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to improper access control. A vulnerability in /cgi-bin/ExportAllSettings.sh allows an attacker to execute arbitrary code via a crafted POST request and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized...

7.5CVSS7.2AI score0.02995EPSS
Exploits1References5
Rows per page
Query Builder