Lucene search
K

10 matches found

Cvelist
Cvelist
added 2026/04/22 7:45 a.m.26 views

CVE-2026-4117 CalJ <= 1.5 - Authenticated (Subscriber+) Arbitrary Settings Modification via 'save-obtained-key' Action

The CalJ plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5. This is due to a missing capability check in the CalJSettingsPage class constructor, which processes the 'save-obtained-key' operation directly from POST data without verifying that the...

5.3CVSS0.00364EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2016-3595

Malware in sbrugna...

5.3CVSS6.4AI score0.08823EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-18873

Malware in sbrugna...

8.1CVSS7.2AI score0.02386EPSS
Exploits0References13
Amazon
Amazon
added 2025/02/04 12:0 a.m.25 views

Important: nerdctl

Issue Overview: Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to...

9.1CVSS8.1AI score0.03092EPSS
Exploits2
CNNVD
CNNVD
added 2024/01/18 12:0 a.m.2 views

QSIGE Security Vulnerabilities

QSIGE is an intelligent waiting management system from QSIGE, Inc. A security vulnerability exists in QSIGE that stems from omitting key control authorization, allowing an attacker to extract sensitive information from the API...

7.5CVSS6.5AI score0.00492EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/12/28 12:0 a.m.2 views

PT-2022-28100 · Unknown · Usememos/Memos

Name of the Vulnerable Software and Affected Versions: usememos/memos versions prior to 0.9.1 Description: The issue is related to an Authorization Bypass Through User-Controlled Key, which can lead to Improper Authentication. This allows unauthorized access, potentially compromising the security...

8.6CVSS8.5AI score0.00762EPSS
Exploits1References11
RedHat Linux
RedHat Linux
added 2018/04/10 3:23 p.m.4 views

kernel: dereferencing NULL payload with nonzero length

A flaw was found in the implementation of associative arrays where the addkey systemcall and KEYCTLUPDATE operations allowed for a NULL payload with a nonzero length. When accessing the payload within this length parameters value, an unprivileged user could trivially cause a NULL pointer...

5.5CVSS6.6AI score0.00452EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2017/09/15 12:0 a.m.5 views

The vulnerability of the skb_flow_dissect function in the flow_dissector.c file of the kernel’s Linux operating system allows a attacker to cause a service failure or execute arbitrary code.

The vulnerability of the skbflowdissect function in the flowdissector.c file of the Linux kernel’s network subsystem is related to insufficient input validation. The function returns a value of true for the keycontrol protocol without setting values for nproto, ipproto, and thoff. Exploiting this...

10CVSS7.3AI score0.09652EPSS
Exploits0References7Affected Software1
The Hacker News
The Hacker News
added 2016/01/24 9:58 p.m.8 views

Apple Can Still Read Your End-to-End Encrypted iMessages

If you are backing up your data using iCloud Backup, then you need you watch your steps NOW! In government fight against encryption, Apple has positioned itself as a staunch defender of its user privacy by refusing the federal officials to provide encryption backdoors into its products. When it...

6.5AI score
Exploits0
OSV
OSV
added 2015/01/09 9:59 p.m.1 views

DEBIAN-CVE-2014-9529

Race condition in the keygcunusedkeys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service memory corruption or panic or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during...

6.9CVSS8.1AI score0.00339EPSS
Exploits0References1
Rows per page
Query Builder