CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-0086

Malware in sbrugna...

8.8CVSS8.6AI score0.00134EPSS

Exploits1References6

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2001-0128

Malware in sbrugna...

7.2CVSS6.4AI score0.00055EPSS

Exploits0References9

Github Security Blog•added 2018/07/12 8:30 p.m.•26 views

Kotti CSRF in the local roles implementation

Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request...

8.8CVSS8.1AI score0.00134EPSS

Exploits1References5Affected Software1

OSV•added 2018/07/12 8:30 p.m.•13 views

GHSA-3HQ4-F2V6-Q338 Kotti CSRF in the local roles implementation

Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request...

8.8CVSS8.4AI score0.00134EPSS

Exploits1References6

Veracode•added 2018/04/10 5:24 a.m.•14 views

Cross-site Request Forgery (CSRF)

kotti is vulnerable to cross-site request forgery CSRF attacks. The vulnerability exists when assigning local roles where a change in permission can occur in the /admin-document/@@share view request...

8.8CVSS8.3AI score0.00134EPSS

Exploits1References3Affected Software1

OSV•added 2018/04/09 7:29 a.m.•18 views

PYSEC-2018-10

Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request...

8.8CVSS4AI score0.00134EPSS

Exploits1References2

OSV•added 2018/04/09 7:29 a.m.•12 views

CVE-2018-9856

Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request...

8.8CVSS7AI score

Exploits0References1

NVD•added 2018/04/09 7:29 a.m.•7 views

CVE-2018-9856

Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request...

8.8CVSS8.5AI score0.00134EPSS

Exploits1References1

Prion•added 2018/04/09 7:29 a.m.•12 views

Cross site request forgery (csrf)

Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request...

6.8CVSS8.4AI score0.00134EPSS

Exploits1References1Affected Software1

PyPA•added 2018/04/09 7:29 a.m.•3 views

PYSEC-2018-10

Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request...

8.8CVSS6.7AI score0.00134EPSS

Exploits1References2Affected Software1

CVE•added 2018/04/09 7:0 a.m.•58 views

CVE-2018-9856

Kotti vulnerability CVE-2018-9856 affects Kotti before 1.3.2 and 2.x before 2.0.0b2. The issue is CSRF in the local roles implementation, demonstrated by triggering a permission change via the /admin-document/@@share request. The connected sources explicitly identify the vulnerable component as t...

8.8CVSS8.3AI score0.00134EPSS

Exploits1References1Affected Software1

CVE•added 2001/05/07 4:0 a.m.•60 views

CVE-2001-0128

Zope before 2.2.4 contains a bug in how local roles are computed, enabling bypass of access restrictions and privilege escalation. The issue is documented across multiple sources (NVD/CVE entry and Mandrake MDKSA-2000:086) and affects Zope 2.2.4 and earlier. Remediation is to apply the update to ...

7.2CVSS6.6AI score0.00055EPSS

Exploits0References7Affected Software3