Lucene search
K

59 matches found

CVE
CVE
added 2025/07/29 4:53 p.m.14 views

CVE-2025-31965

CVE-2025-31965 concerns HCL BigFix Remote Control Server WebUI, affected on version 10.1.0.0248 and earlier. The root issue is improper access restrictions that allow non-admin users to view unauthorized information on certain pages (authorization bypass). The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:R...

8.2CVSS6.3AI score0.00191EPSS
Exploits0References1
Redos
Redos
added 2025/04/02 12:0 a.m.16 views

ROS-20250402-04

Vulnerability of the GLPI system of requests, incidents and inventory of computer equipment is related to improperly restricting access to the "install/update.php" file. Exploitation of the vulnerability could allow An attacker acting remotely could gain access to confidential information A...

7.5CVSS6.7AI score0.00598EPSS
Exploits0
Redos
Redos
added 2024/11/14 12:0 a.m.18 views

ROS-20241114-02

The vulnerability of the micrel component of the Linux operating system kernel is related to the NULL pointer dereferencing in lan8814txtstamp, lan8814getsigrx, lan8814matchrxts, lan8814ptpciadjfine functions, lan8814getsigtx, lan8814dequeuetxskb, and lan8814matchskb in drivers/net/phy/micrel.c...

7.8CVSS7AI score0.00632EPSS
Exploits0
Veracode
Veracode
added 2024/09/20 10:52 a.m.18 views

Local File Inclusion (LFI)

vite is vulnerable to arbitrary file exposure. The vulnerability is due to improper enforcement of file access restrictions in the @fs mechanism, allowing attackers to bypass the allow list by adding ?import to the URL and retrieving the contents of arbitrary files...

4.8CVSS5.1AI score0.0103EPSS
Exploits0References6Affected Software1
CNVD
CNVD
added 2022/07/28 12:0 a.m.16 views

IBM Robotic Process Automation Access Control Error Vulnerability

IBM Robotic Process Automation is a robotic process automation product from IBM USA. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. An Access Control Error vulnerability exists in IBM Robotic Process Automation version 21.0.0, 21.0.1, and...

4.6CVSS4.5AI score0.00315EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/08 12:0 a.m.30 views

Apache Superset Access Control Error Vulnerability

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from an Access Control Error vulnerability that stems from improper access restrictions. A remote attacker could exploit the vulnerability to bypass implemented security...

4.3CVSS4.3AI score0.0126EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/23 12:0 a.m.20 views

Moodle Access Control Error Vulnerability (CNVD-2022-54955)

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. an access control error vulnerability exists in Moodle, which stems from improper access restrictions. A remote attacker could use the...

4.3CVSS3.8AI score0.0052EPSS
Exploits0References1
CNVD
CNVD
added 2022/03/03 12:0 a.m.29 views

Fortinet fortimanager access control error vulnerability (CNVD-2022-18532)

Fortinet FortiGate is a network security platform from Fortinet, Inc. The platform provides firewall, anti-virus and intrusion prevention IPS, application control, anti-spam, wireless controller, and WAN acceleration.Fortinet fortimanager has an access control error vulnerability that is caused b...

5.5CVSS2AI score0.0021EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/21 12:0 a.m.18 views

F5 BIG-IQ Access Control Error Vulnerability (CNVD-2022-26842)

F5 BIG-IQ is a software-based cloud management solution from F5 USA. The solution supports the deployment of application delivery and web services across public and private clouds, traditional data centers, and hybrid environments.An access control error vulnerability exists in the F5 BIG-IQ...

9CVSS2.7AI score0.01112EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/08/10 12:0 a.m.7 views

Magento Commerce 和 Magento Open Source 访问控制错误漏洞

Magento Open Source is to provide basic e-commerce functionality that allows you to build unique online stores from scratch.Magento Commerce is to provide a best-in-class shopping experience without the need for developer support.Magento Open Source is to provide basic e-commerce functionality th...

7.2CVSS7.7AI score0.0205EPSS
Exploits0References5
CNVD
CNVD
added 2021/06/07 12:0 a.m.15 views

Nextcloud Access Control Error Vulnerability (CNVD-2021-102889)

An access control error vulnerability exists in Nextcloud End-to-End Encryption, an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany, which stems from improper access restrictions. The vulnerability allows remote attackers to gain...

6.5CVSS4.9AI score0.00722EPSS
Exploits1References1
exploitpack
exploitpack
added 2019/05/22 12:0 a.m.64 views

Zoho ManageEngine ServiceDesk Plus 10.5 - Improper Access Restrictions

Zoho ManageEngine ServiceDesk Plus 10.5 - Improper Access Restrictions Exploit Title: Zoho ManageEngine ServiceDesk Plus 10.5 Incorrect Access Control Date: 2019-05-21 Exploit Author: Enter of VinCSS Vingroup Vendor Homepage: https://www.manageengine.com/products/service-desk Version: Zoho...

4CVSS1.1AI score0.08359EPSS
Exploits4
exploitpack
exploitpack
added 2018/10/10 12:0 a.m.64 views

Ektron CMS 9.20 SP2 - Improper Access Restrictions

Ektron CMS 9.20 SP2 - Improper Access Restrictions Details ================ Software: Ektron Content Management System CMS Version: 9.20 SP2 Homepage: https://www.episerver.com Advisory report: https://github.com/alt3kx/CVE-2018-12596 CVE: CVE-2018-12596 CVSS: 7.5 HIGH:...

7.5CVSS1AI score0.22379EPSS
Exploits5
Packet Storm
Packet Storm
added 2018/10/10 12:0 a.m.45 views

Ektron CMS 9.20 SP2 Improper Access Restrictions

Details ================ Software: Ektron Content Management System CMS Version: 9.20 SP2 Homepage: https://www.episerver.com Advisory report: https://github.com/alt3kx/CVE-2018-12596 CVE: CVE-2018-12596 CVSS: 7.5 HIGH: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CWE-284 Description ================ Ektr...

1AI score0.22379EPSS
Exploits5
0day.today
0day.today
added 2018/10/10 12:0 a.m.58 views

Ektron CMS 9.20 SP2 - Improper Access Restrictions Vulnerability

Exploit for asp platform in category web applications Details ================ Software: Ektron Content Management System CMS Version: 9.20 SP2 Homepage: https://www.episerver.com Advisory report: https://github.com/alt3kx/CVE-2018-12596 CVE: CVE-2018-12596 CVSS: 7.5 HIGH:...

0.4AI score0.22379EPSS
Exploits5
Packet Storm
Packet Storm
added 2018/09/27 12:0 a.m.102 views

Citrix StorageZones Controller Improper Access Restrictions / Traversal

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Citrix StorageZones Controller vulnerable version: all versions before 5.4.2 fixed version: 5.4.2 CVE number: CVE-2018-16968,...

0.7AI score0.01105EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2018/09/11 12:0 a.m.36 views

Apache Struts 2.x < 2.3.18 Multiple Critical Vulnerabilities (S2-008)

The version of Apache Struts running on the remote host is 2.x prior to 2.3.18. It, therefore, is affected by multiple critical vulnerabilities: - A remote code execution vulnerability exists in ExceptionDelegator due to improper validation of user-supplied input. An unauthenticated, remote...

7AI score
Exploits0References1
0day.today
0day.today
added 2017/11/28 12:0 a.m.66 views

ZTE ZXDSL 831CII - Improper Access Restrictions Vulnerability

Exploit for hardware platform in category web applications Exploit Title: ZTE ZXDSL 831 Unauthorized Configuration Access Exploit Author: Ibad Shah Vendor Homepage: zte.com.cn Software Link: - Version: - ZXDSL - 831CII Tested on: Windows 10 CVE :- 2017-16953 ======================================...

5CVSS7.6AI score0.11261EPSS
Exploits3
exploitpack
exploitpack
added 2017/11/27 12:0 a.m.16 views

ZTE ZXDSL 831CII - Improper Access Restrictions

ZTE ZXDSL 831CII - Improper Access Restrictions Exploit Title: ZTE ZXDSL 831 Unauthorized Configuration Access Date: 27/11/2017 Exploit Author: Ibad Shah Vendor Homepage: zte.com.cn Software Link: - Version: - ZXDSL - 831CII Tested on: Windows 10 CVE :- 2017-16953...

0.7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/11/27 12:0 a.m.36 views

ZTE ZXDSL 831CII - Improper Access Restrictions

Exploit Title: ZTE ZXDSL 831 Unauthorized Configuration Access Date: 27/11/2017 Exploit Author: Ibad Shah Vendor Homepage: zte.com.cn Software Link: - Version: - ZXDSL - 831CII Tested on: Windows 10 CVE :- 2017-16953 ======================================= The Router usually servers html files &...

7.4AI score
Exploits0
Rows per page
Query Builder