Lucene search
K

33 matches found

NVD
NVD
added 5 days ago5 views

CVE-2026-54262

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, a low-level user with the "Can submit translation" permission can create translations for any page, including those they do not have permissions for. This issue has been fixed in...

4.3CVSS0.00162EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago4 views

CVE-2026-54262

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, a low-level user with the "Can submit translation" permission can create translations for any page, including those they do not have permissions for. This issue has been fixed in...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/26 12:0 a.m.12 views

CVE-2026-38587

An Insecure Direct Object Reference IDOR vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions User or Guest to retrieve sensitive information, such as the Owner's unique...

5.8AI score0.00221EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 12:0 a.m.9 views

CVE-2026-38587

An Insecure Direct Object Reference IDOR vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions User or Guest to retrieve sensitive information, such as the Owner's unique...

5.8AI score0.00221EPSS
Exploits0References2
CVE
CVE
added 2026/05/26 12:0 a.m.18 views

CVE-2026-38587

CVE-2026-38587 is an Insecure Direct Object Reference (IDOR) impacting ONLYOFFICE DocSpace prior to 3.2.1. The flaw exists across multiple REST API endpoints and allows authenticated users with low-level permissions (User or Guest) to retrieve sensitive information such as the Owner’s ID and prof...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/02/24 4:0 p.m.6 views

OneUptime:: node:vm sandbox escape in probe allows any project member to achieve RCE

Summary OneUptime lets project members write custom JavaScript that runs inside monitors. The problem is it executes that code using Node.js's built-in vm module, which Node.js itself documents as "not a security mechanism — do not use it to run untrusted code." The classic one-liner escape gives...

9.9CVSS6.2AI score0.00504EPSS
Exploits2References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/26 7:33 p.m.6 views

OneUptime Unauthorized User Creation via API

Summary A low-permission user can create new accounts through a direct API request instead of being restricted to the intended interface. PoC A low-permission user sends a crafted API request to the user-creation endpoint and the system creates the account successfully. Impact This allows attacke...

8.8CVSS6.8AI score0.00269EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/11/26 7:33 p.m.3 views

GHSA-M449-VH5F-574G OneUptime Unauthorized User Creation via API

Summary A low-permission user can create new accounts through a direct API request instead of being restricted to the intended interface. PoC A low-permission user sends a crafted API request to the user-creation endpoint and the system creates the account successfully. Impact This allows attacke...

8.8CVSS6.7AI score0.00269EPSS
Exploits1References4
NVD
NVD
added 2025/11/26 7:15 p.m.6 views

CVE-2025-65966

OneUptime is a solution for monitoring and managing online services. In version 9.0.5598, a low-permission user can create new accounts through a direct API request instead of being restricted to the intended interface. This issue has been patched in version 9.1.0...

8.8CVSS0.00269EPSS
Exploits1References1
OSV
OSV
added 2025/11/26 6:10 p.m.8 views

CVE-2025-65966 OneUptime Unauthorized User Creation via API

OneUptime is a solution for monitoring and managing online services. In version 9.0.5598, a low-permission user can create new accounts through a direct API request instead of being restricted to the intended interface. This issue has been patched in version 9.1.0...

8.8CVSS6.5AI score0.00269EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/11/26 6:10 p.m.10 views

CVE-2025-65966 OneUptime Unauthorized User Creation via API

OneUptime is a solution for monitoring and managing online services. In version 9.0.5598, a low-permission user can create new accounts through a direct API request instead of being restricted to the intended interface. This issue has been patched in version 9.1.0...

8.8CVSS0.00269EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/26 6:10 p.m.6 views

EUVD-2025-199748

OneUptime is a solution for monitoring and managing online services. In version 9.0.5598, a low-permission user can create new accounts through a direct API request instead of being restricted to the intended interface. This issue has been patched in version 9.1.0...

8.8CVSS6.3AI score0.00269EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.5 views

PT-2025-48171

Name of the Vulnerable Software and Affected Versions OneUptime versions prior to 9.1.0 Description OneUptime, a service monitoring solution, allows a low-permission user to create new accounts by directly accessing an API, bypassing the intended user interface restrictions. The vulnerable API...

8.8CVSS6.4AI score0.00269EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-33604

Malicious code in bioql PyPI...

7.3CVSS5.9AI score0.0045EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-34631

Malicious code in bioql PyPI...

6.3CVSS6.6AI score0.00252EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-2316

Malicious code in bioql PyPI...

9.9CVSS6.3AI score0.0121EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/22 10:30 a.m.8 views

CVE-2019-5259

There is an information leakage vulnerability on some Huawei productsAR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600. An attacker with low permissions can view some high-privilege information by running specific commands.Successful exploit could cause an...

6.5CVSS6.5AI score0.00563EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/15 12:0 a.m.5 views

PT-2024-10843 · WordPress · Indeed Membership Pro

Name of the Vulnerable Software and Affected Versions: Indeed Membership Pro plugin for WordPress versions 7.3 through 8.6 Description: The Indeed Membership Pro plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various AJAX actions. This makes it...

6.3CVSS7AI score0.00339EPSS
Exploits0References8
Veracode
Veracode
added 2024/07/30 7:21 a.m.13 views

Path Traversal

tgstation-server is vulnerable to Path Traversal. The vulnerability is due to low permission users with the "Set .dme Path" privilege potentially setting malicious .dme files to be compiled and executed, which can escalate into remote code execution via BYOND's shell proc...

8.4CVSS7.9AI score0.0121EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/06/27 4:15 a.m.6 views

CVE-2023-3412

The Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0. This is due to a missing capability check on the ajaxstoresave function. This makes it possible for authenticated...

5.4CVSS7.3AI score0.00352EPSS
Exploits0References2
Rows per page
Query Builder