Lucene search
K

22 matches found

Snyk
Snyk
added 2026/02/13 11:2 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the admin/login process. An attacker can gain unauthorized access to administrative backend functionality by leveraging insufficient role-based access control checks during authentication. This is only...

8.8CVSS5.6AI score0.00446EPSS
Exploits1References2
Snyk
Snyk
added 2025/12/08 4:41 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the IdentityProvider service. An attacker can gain unauthorized access to modify or delete registered identity providers by leveraging low-level privileges, potentially resulting in account takeover or service...

7.1CVSS7AI score0.00282EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-2329

Malware in sbrugna...

8.8CVSS8.7AI score0.0719EPSS
Exploits4References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-31481

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00456EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/09/04 12:28 a.m.4 views

CVE-2025-55373

Incorrect access control in Beakon Application before v5.4.3 allows authenticated attackers with low-level privileges to escalate privileges and execute commands with Administrator rights...

5.3CVSS7.4AI score0.00419EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:33 a.m.13 views

CVE-2023-27745

An issue in South River Technologies TitanFTP Before v2.0.1.2102 allows attackers with low-level privileges to perform Administrative actions by sending requests to the user server...

8.8CVSS6.9AI score0.00456EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/08 4:37 a.m.9 views

CVE-2024-56902

Information disclosure vulnerability in Geovision GV-ASManager web application with the version v6.1.0.0 or less, which discloses account information, including cleartext password...

7.5CVSS7.4AI score0.22168EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/02/08 4:37 a.m.8 views

CVE-2024-56898

Broken access control vulnerability in Geovision GV-ASWeb with version v6.1.0.0 or less. This vulnerability allows low privilege users perform actions that they aren't authorized to, which can be leveraged to escalate privileges, create, modify or delete accounts...

8.8CVSS6.6AI score0.02467EPSS
Exploits1References1
CVE
CVE
added 2025/02/03 12:0 a.m.83 views

CVE-2024-56902

Geovision GV-ASManager GV-ASWeb (versions 6.1.0.0 and earlier) have an information-disclosure flaw that can expose account information, including cleartext passwords. CVSS v3.1 base score 7.5 (HIGH): network exploit, no user interaction, no privileges required, with confidentiality impact. Public...

7.5CVSS6.5AI score0.22168EPSS
Exploits4References1
NVD
NVD
added 2024/08/12 1:38 p.m.31 views

CVE-2024-41332

Incorrect access control in the deletecategory function of Sourcecodester Computer Laboratory Management System v1.0 allows authenticated attackers with low-level privileges to arbitrarily delete categories...

6.5CVSS0.00599EPSS
Exploits3References2
Vulnrichment
Vulnrichment
added 2024/08/09 12:0 a.m.16 views

CVE-2024-41332

Incorrect access control in the deletecategory function of Sourcecodester Computer Laboratory Management System v1.0 allows authenticated attackers with low-level privileges to arbitrarily delete categories...

7AI score0.00599EPSS
Exploits3References2
Cvelist
Cvelist
added 2024/08/09 12:0 a.m.29 views

CVE-2024-41332

Incorrect access control in the deletecategory function of Sourcecodester Computer Laboratory Management System v1.0 allows authenticated attackers with low-level privileges to arbitrarily delete categories...

0.00599EPSS
Exploits3References2
CVE
CVE
added 2024/08/09 12:0 a.m.45 views

CVE-2024-41332

CVE-2024-41332 affects Sourcecodester Computer Laboratory Management System v1.0. The issue is an incorrect access control in the delete_category function that lets authenticated users with low privileges arbitrarily delete categories. Public references indicate a privilege-escalation path via a ...

6.5CVSS6.4AI score0.00599EPSS
Exploits3References2Affected Software1
NVD
NVD
added 2023/06/02 4:15 a.m.38 views

CVE-2023-27745

An issue in South River Technologies TitanFTP Before v2.0.1.2102 allows attackers with low-level privileges to perform Administrative actions by sending requests to the user server...

8.8CVSS8.7AI score0.00456EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/06/02 12:0 a.m.29 views

CVE-2023-27745

An issue in South River Technologies TitanFTP Before v2.0.1.2102 allows attackers with low-level privileges to perform Administrative actions by sending requests to the user server...

8.8AI score0.00456EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/10/17 12:0 a.m.6 views

PT-2022-25878 · 74Cmsse · 74Cmsse

Name of the Vulnerable Software and Affected Versions: 74cmsSE version 3.12.0 Description: The issue allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account. Recommendations: For 74cmsSE version 3.12.0, at the...

6.5CVSS6.3AI score0.0055EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2022/10/17 12:0 a.m.8 views

CVE-2022-41471

74cmsSE v3.12.0 allows authenticated attackers with low-level privileges to arbitrarily change the rights and credentials of the Super Administrator account...

6.8AI score0.0055EPSS
Exploits1References1
Prion
Prion
added 2022/04/12 12:15 p.m.15 views

Input validation

The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to CSV injection allowing a user with low level or no privileges to inject a command that will be included in the exported CSV file, leading to possible code execution...

7.5CVSS9.6AI score0.0269EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2022/04/09 12:15 a.m.21 views

CVE-2022-27883

A link following vulnerability in Trend Micro Antivirus for Mac 11.5 could allow an attacker to create a specially-crafted file as a symlink that can lead to privilege escalation. Please note that an attacker must at least have low-level privileges on the system to attempt to exploit this...

8.5CVSS0.01187EPSS
Exploits0References2
NVD
NVD
added 2018/05/01 7:29 p.m.18 views

CVE-2018-10258

A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution...

8.8CVSS9AI score0.07553EPSS
Exploits5References2
Rows per page
Query Builder