Lucene search
K

12 matches found

Github Security Blog
Github Security Blog
added 2025/10/16 9:30 a.m.7 views

Mattermost has an Incorrect Authorization vulnerability

Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add any team members to their private channels via the /api/v4/channels/channelid/members endpoint...

4.3CVSS6.9AI score0.00306EPSS
Exploits0References7Affected Software2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-13154

Malware in sbrugna...

8.8CVSS8.8AI score0.00523EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-25063

Malicious code in bioql PyPI...

4CVSS4.1AI score0.00947EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 3:9 a.m.4 views

CVE-2023-23007

An issue was discovered in ESPCMS P8.21120101 after logging in to the background, there is a SQL injection vulnerability in the function node where members are added...

7.2CVSS8.1AI score0.00634EPSS
Exploits1References1
Huntr
Huntr
added 2023/03/23 10:39 a.m.13 views

ProjectID is disclosed and can be used for IDOR attack

I find that we click "Settings" button, we can see all the project, even the login user does not belong to the project. Using burpsuit to hijack the reqeust, we can obtain project ids. We can use projectid to perform IDOR attack. 1 create two projects: project1 and project2, and their admin is...

2.8CVSS6.8AI score0.0067EPSS
Exploits1
Prion
Prion
added 2023/02/17 4:15 p.m.11 views

Sql injection

An issue was discovered in ESPCMS P8.21120101 after logging in to the background, there is a SQL injection vulnerability in the function node where members are added...

5.8CVSS7.2AI score0.00634EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/17 12:0 a.m.4 views

CVE-2023-23007

An issue was discovered in ESPCMS P8.21120101 after logging in to the background, there is a SQL injection vulnerability in the function node where members are added...

7.8AI score0.00634EPSS
Exploits1References1
CVE
CVE
added 2022/06/06 5:0 p.m.2199 views

CVE-2022-1783

CVE-2022-1783 affects GitLab CE/EE across multiple streams: 14.3–14.9.5, 14.10–14.10.4, and 15.0–15.0.1. The issue allows malicious group maintainers to add new project members via the REST API even when a group owner disables such additions. Affected components are GitLab’s group/project members...

4CVSS3.6AI score0.00947EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 12:35 a.m.21 views

Plone unauthorized member addition vulnerability

Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator...

5.9CVSS6.8AI score0.02004EPSS
Exploits0References10Affected Software2
Veracode
Veracode
added 2021/11/15 4:27 a.m.24 views

Cross-site Request Forgery (CSRF)

showdoc/showdoc is vulnerable to cross-site request forgery. The vulnerability exists through the register function in UserController.class.php, allowing an attacker to add any member to the team...

5.4CVSS4AI score0.00399EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2017/09/25 5:29 p.m.15 views

CVE-2015-7315

Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator...

5.9CVSS6.5AI score0.02004EPSS
Exploits0References4
Cvelist
Cvelist
added 2017/09/25 5:0 p.m.23 views

CVE-2015-7315

Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator...

5.7AI score0.02004EPSS
Exploits0References4
Rows per page
Query Builder