Lucene search
K

5 matches found

OSV
OSV
added 2026/06/04 7:27 p.m.9 views

GHSA-8V9P-G828-V98F Shopware: Admin Account Takeover via User Recovery Hash Exposure

Summary A low-privilege admin user with userrecovery:read ACL can take over any admin account. The attacker triggers password recovery for the victim unauthenticated endpoint, reads the recovery hash from the Admin API search endpoint, then uses the hash to reset the victim's password another...

6.8CVSS5.8AI score0.00034EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.11 views

Tautulli 安全漏洞

Tautulli is an open-source application developed by Tautulli for monitoring Plex Media Server. Versions of Tautulli prior to 2.17.1 contained security vulnerabilities. These vulnerabilities stemmed from the exposure of the /image/ route, allowing attackers to control the entries and trigger...

9.9CVSS5.4AI score0.00262EPSS
Exploits0References2
CVE
CVE
added 2025/10/10 12:0 a.m.14 views

CVE-2025-60305

SourceCodester Online Student Clearance System 1.0 is affected by an Incorrect Access Control vulnerability. The issue allows low-privilege users to forge high-privilege sessions and perform sensitive operations, with CVSS 3.1 base score 8.8 (HIGH) and impacts to confidentiality, integrity, and a...

8.8CVSS6.3AI score0.0038EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2023/01/23 3:15 p.m.6 views

CVE-2022-4673

The Rate my Post WordPress plugin before 3.3.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

5.4CVSS5.8AI score0.00471EPSS
Exploits2References1
OSV
OSV
added 2018/11/09 1:29 a.m.7 views

CVE-2018-1802

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 149640...

7.8CVSS5.8AI score0.00445EPSS
Exploits0References4
Rows per page
Query Builder