Lucene search
+L

29 matches found

OSV
OSV
added 2026/07/07 11:45 a.m.5 views

PYSEC-2026-1687 Unauthenticated views may expose information to anonymous users

Impact A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated anonymous users, including the following: - /api/graphql/ 1 - /api/users/users/session/ Nautobot 2.x only; the only information exposed to an anonymous user is which authentication backend classes...

3.7CVSS5.8AI score0.00628EPSS
Exploits0References11
NVD
NVD
added 2026/07/03 6:16 a.m.10 views

CVE-2026-12557

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.3.29. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to read all...

5.3CVSS0.00223EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/03 4:30 a.m.8 views

EUVD-2026-41484

The Ninja Forms - File Uploads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.3.29. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to read all...

5.3CVSS5.8AI score0.00223EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.16 views

PT-2026-55494

Name of the Vulnerable Software and Affected Versions Ninja Forms - File Uploads versions prior to 3.3.30 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. This allows unauthenticated attackers to read all...

5.3CVSS6AI score0.00223EPSS
Exploits0References6
NVD
NVD
added 2025/10/24 9:15 a.m.7 views

CVE-2025-10901

The Originality.ai AI Checker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'aigettable' function in all versions up to, and including, 1.0.16. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

4.3CVSS0.00195EPSS
Exploits0References2
CVE
CVE
added 2025/10/24 8:24 a.m.30 views

CVE-2025-10901

CVE-2025-10901 (Originality.ai AI Checker, WordPress) : Wordfence and Patchstack detail a vulnerability in Originality.ai AI Checker plugin for WordPress versions up to and including 1.0.12 where a missing capability check in the function ai_get_table allows authenticated attackers with Subscribe...

4.3CVSS5.9AI score0.00195EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/24 8:24 a.m.5 views

EUVD-2025-35809

The Originality.ai AI Checker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'aigettable' function in all versions up to, and including, 1.0.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

4.3CVSS4.6AI score0.00195EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/24 8:24 a.m.4 views

CVE-2025-10902 Originality.ai AI Checker <= 1.0.15 - Missing Authorization to Authenticated (Subscriber+) Scan Log Deletion via ' ai_scan_result_remove'

The Originality.ai AI Checker plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'aiscanresultremove' function in all versions up to, and including, 1.0.15. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5.8AI score0.0022EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/24 12:0 a.m.10 views

PT-2025-43590

Name of the Vulnerable Software and Affected Versions Originality.ai AI Checker plugin for WordPress versions through 1.0.12 Description The Originality.ai AI Checker plugin for WordPress is susceptible to unauthorized data loss. This is due to a missing capability check within the ai scan result...

4.3CVSS5.9AI score0.0022EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/10/24 12:0 a.m.8 views

PT-2025-43589

Name of the Vulnerable Software and Affected Versions Originality.ai AI Checker plugin for WordPress versions up to and including 1.0.12 Description The Originality.ai AI Checker plugin for WordPress is susceptible to unauthorized data access. This is due to a missing capability check within the ...

4.3CVSS5.7AI score0.00195EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/05/23 4:22 a.m.7 views

CVE-2023-48708

CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token which can then b...

6.5CVSS6.7AI score0.0063EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 8:36 p.m.5 views

CVE-2021-35210

Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tllog table that will be executed in the browser when the system log is called in the back end...

6.1CVSS6.4AI score0.0074EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/10/21 12:0 a.m.4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from improper memory usage of the event log table in the efistub/tpm driver, which could cause the kernel to cras...

5.5CVSS6.6AI score0.00213EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2024/10/09 6:30 p.m.60 views

net-snmp: A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference

A flaw was found in net-snmp. A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference issue...

6.5CVSS5.7AI score0.01131EPSS
Exploits0References4
NVD
NVD
added 2023/11/24 6:15 p.m.38 views

CVE-2023-48708

CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token which can then b...

6.5CVSS0.0063EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/11/24 5:16 p.m.41 views

CVE-2023-48708 Insertion of Sensitive Information into Log in codeigniter4/shield

CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token which can then b...

5CVSS6.7AI score0.0063EPSS
Exploits0References3
Veracode
Veracode
added 2023/11/23 10:43 a.m.19 views

Information Disclosure

codeigniter4/shield is vulnerable to Information Disclosure. The vulnerability is due to improper masking of sensitive information in to the log table. An attacker can gain access to sensitive tokens if they can access the application logs...

6.5CVSS6.8AI score0.0063EPSS
Exploits0References4Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 6:5 a.m.6 views

SUSE CVE-2009-0500

Cross-site scripting XSS vulnerability in course/lib.php in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via crafted log table information that is not properly handled when it is displayed in a log...

4.3CVSS5.8AI score0.0125EPSS
Exploits0References4
OSV
OSV
added 2022/07/08 11:42 a.m.5 views

UBUNTU-CVE-2022-24808

net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users shou...

6.5CVSS6.9AI score0.01131EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/03/22 10:15 p.m.3 views

CVE-2022-25518

In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who login to the application by querying the database table...

6.5CVSS5.4AI score0.00741EPSS
Exploits0References2
Rows per page
Query Builder