Lucene search
K

30 matches found

Cvelist
Cvelist
added 2026/06/22 1:41 p.m.32 views

CVE-2026-8823 User Manager can demote bot accounts to guest without bot-management permission

Mattermost versions 11.7.x = 11.7.0, 10.11.x = 10.11.17 fail to validate bot targets when demoting users to guests which allows a lower-privileged administrator to degrade arbitrary bot accounts via the standard demote-user API.. Mattermost Advisory ID: MMSA-2026-00669...

3.8CVSS0.00231EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/20 4:35 a.m.11 views

CVE-2026-9056 Security fix for Qlik Talend Administration Center cross-site scripting vulnerability

A stored cross-site scripting vulnerability has been found in the Talend Administration Center. An attacker with permission to manage servers can store a XSS payload that can be triggered by a different user...

5.4CVSS5.5AI score0.00178EPSS
Exploits0References1
NVD
NVD
added 2026/05/15 5:16 p.m.26 views

CVE-2026-23695

Cockpit CMS through version 2.14.0, patched in commit 72a83fc, contains a stored cross-site scripting vulnerability in the Set field type's Display template option, where the template string is processed by the $interpolate function using new Function and rendered via Vue's v-html directive witho...

5.4CVSS0.00138EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/15 4:33 p.m.6 views

CVE-2026-23695

Cockpit CMS through version 2.14.0, patched in commit 72a83fc, contains a stored cross-site scripting vulnerability in the Set field type's Display template option, where the template string is processed by the $interpolate function using new Function and rendered via Vue's v-html directive witho...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/15 4:33 p.m.12 views

EUVD-2026-30556

Cockpit CMS through version 2.14.0, patched in commit 72a83fc, contains a stored cross-site scripting vulnerability in the Set field type's Display template option, where the template string is processed by the $interpolate function using new Function and rendered via Vue's v-html directive witho...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/15 4:33 p.m.68 views

CVE-2026-23695 Cockpit CMS 2.14.0 Stored XSS via Set Field Display Template

Cockpit CMS through version 2.14.0, patched in commit 72a83fc, contains a stored cross-site scripting vulnerability in the Set field type's Display template option, where the template string is processed by the $interpolate function using new Function and rendered via Vue's v-html directive witho...

5.4CVSS0.00138EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.13 views

Cockpit CMS 跨站脚本漏洞

Cockpit CMS is an open-source headless content management system developed by Cockpit. Versions of Cockpit CMS 2.14.0 and earlier had a cross-site scripting vulnerability. This vulnerability stemmed from the use of the $interpolate function in template strings within the Display template options,...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-18222

Malware in sbrugna...

10CVSS9.4AI score0.01834EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-16522

Malware in sbrugna...

8.8CVSS8.8AI score0.01588EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-16998

Malicious code in bioql PyPI...

6.8CVSS6.6AI score0.00337EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-52758

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00514EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/06/07 2:6 p.m.19 views

CVE-2025-5382

Improper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to remove or change administrators MFA...

6.8CVSS6.5AI score0.00337EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/05 1:37 p.m.9 views

CVE-2025-5382

Improper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to remove or change administrators MFA...

6.8AI score0.00337EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/05 1:37 p.m.20 views

CVE-2025-5382

Improper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to remove or change administrators MFA...

0.00337EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/05 12:0 a.m.7 views

PT-2025-23931 · Devolutions · Devolutions Server

Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2025.1.7.0 and earlier Description: The issue is related to inadequate access control in the Multi-Factor Authentication MFA feature for users in Devolutions Server. This allows a user with user management permissi...

6.8CVSS6.3AI score0.00337EPSS
Exploits0References3
OSV
OSV
added 2025/03/10 7:15 p.m.8 views

CVE-2024-54560

A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, watchOS 11, tvOS 18, macOS Sequoia 15. A malicious app may be able to modify other apps without having App Management permission...

5.5CVSS5.7AI score0.00222EPSS
Exploits0References4
NVD
NVD
added 2025/03/10 7:15 p.m.15 views

CVE-2024-54560

A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, watchOS 11. A malicious app may be able to modify other apps without having App Management permission...

5.5CVSS0.00222EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/11/09 8:15 p.m.4 views

CVE-2023-5549

Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage...

5.3CVSS5.8AI score0.0056EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/12/06 12:0 a.m.5 views

CVE-2022-42777

In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed...

6.9AI score0.00091EPSS
Exploits0References1
OSV
OSV
added 2022/04/11 8:15 p.m.5 views

CVE-2022-22572

A non-admin user with user management permission can escalate his privilege to admin user via password reset functionality. The vulnerability affects Incapptic Connect version 1.40.1...

8.8CVSS5.8AI score0.02004EPSS
Exploits0References2
Rows per page
Query Builder