Lucene search
K

51 matches found

EUVD
EUVD
added 2026/04/22 9:25 p.m.6 views

EUVD-2026-25108

Statamic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.20 and 6.13.0, manipulating query parameters on Control Panel and REST API endpoints, or arguments in GraphQL queries, could result in the loss of content, assets, and user accounts. The Control Panel...

8.1CVSS5.7AI score0.00304EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/10 7:30 p.m.5 views

Bugsink affected by authenticated arbitrary file write in artifactbundle/assemble

Authenticated arbitrary file write in artifact bundle assembly Summary An authenticated file write vulnerability was identified in Bugsink 2.1.0 in the artifact bundle assembly flow. A user with a valid authentication token could cause the application to write attacker-controlled content to a...

7.1CVSS6.2AI score0.00299EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/03/30 12:16 a.m.4 views

CVE-2026-2370

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Connect installations that could have allowed an authenticated user with minimal workspace permissions to obtain installation credentials and...

8.8CVSS0.00432EPSS
Exploits0References6
OSV
OSV
added 2026/03/30 12:16 a.m.7 views

UBUNTU-CVE-2026-2370

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Connect installations that could have allowed an authenticated user with minimal workspace permissions to obtain installation credentials and...

8.8CVSS5.8AI score0.00432EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/03/30 12:0 a.m.10 views

GitLab 14.3 < 18.8.7 / 18.9 < 18.9.3 / 18.10 < 18.10.1 (CVE-2026-2370)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Connect installations that could have allowed...

8.8CVSS6.7AI score0.00432EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/29 11:33 p.m.28 views

CVE-2026-2370 Improper Handling of Parameters in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.3 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 affecting Jira Connect installations that could have allowed an authenticated user with minimal workspace permissions to obtain installation credentials and...

8.1CVSS0.00432EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/03/29 11:33 p.m.5 views

CVE-2026-2370

Removed by vendor...

8.8CVSS6.6AI score0.00432EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/01/28 11:23 a.m.6 views

CVE-2026-0844

The Simple User Registration plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7 due to insufficient restriction on the 'profilesavefield' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to...

8.8CVSS5.9AI score0.00292EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-6863

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.0055EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/08/14 4:40 p.m.10 views

CVE-2025-55192 HomeAssistant-Tapo-Control Code Injection Vulnerability in issues.yml Workflow

HomeAssistant-Tapo-Control offers Control for Tapo cameras as a Home Assistant component. Prior to commit 2a3b80f, there is a code injection vulnerability in the GitHub Actions workflow .github/workflows/issues.yml. It does not affect users of the Home Assistant integration itself — it only impac...

8.6CVSS0.0032EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/06/06 12:0 a.m.13 views

Grafana Labs < 11.6.1+security-01 Authorization Bypass (CVE-2025-3260)

The version of Grafana Labs installed on the remote host is affected by a vulnerability as referenced in the CVE-2025-3260 advisory. Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could...

8.3CVSS7.6AI score0.00484EPSS
Exploits0References2
OSV
OSV
added 2025/06/04 2:44 p.m.3 views

BIT-GRAFANA-2025-3454

This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...

5CVSS6.5AI score0.00414EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 1:57 a.m.8 views

CVE-2023-3244

The Comments Like Dislike plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the restoresettings function called via an AJAX action in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers with minimal...

4.3CVSS6.4AI score0.00787EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:50 a.m.6 views

CVE-2023-2414

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcitasavesettingscallback function in versions up to, and including, 4.4.6. This makes it possible for authenticated...

5.4CVSS6.4AI score0.00484EPSS
Exploits1References1
OSV
OSV
added 2025/04/11 12:15 p.m.1 views

CVE-2024-52280

A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher which allows users to watch resources they are not allowed to access, when they have at least some generic permissions on the type. This issue affects rancher: before 2175e09, before 6e30359, before c744f0b...

7.7CVSS5.8AI score0.0039EPSS
Exploits0References2
CVE
CVE
added 2025/03/20 10:10 a.m.85 views

CVE-2024-9099

In lunary-ai/lunary version v1.4.29, the GET /projects API endpoint exposes both public and private API keys for all projects to users with minimal permissions (e.g., Viewers, Prompt Editors). This is a data disclosure vulnerability that could let an attacker retrieve sensitive credentials and ac...

8.8CVSS8.5AI score0.0055EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 8:14 p.m.11 views

CVE-2022-4950

Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber...

8.8CVSS7.7AI score0.01377EPSS
Exploits0References1
OSV
OSV
added 2024/11/07 5:42 p.m.7 views

CVE-2024-45794 SQL Injection in CreateUser API in devtron

devtron is an open source tool integration platform for Kubernetes. In affected versions an authenticated user with minimum permission could utilize and exploit SQL Injection to allow the execution of malicious SQL queries via CreateUser API /orchestrator/user. This issue has been addressed in...

8.3CVSS7.8AI score0.00748EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2024/08/14 3:3 p.m.4 views

mozilla: Missing permission check when creating a StreamFilter

The Mozilla Foundation Security Advisory describes this flaw as: It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site...

9.1CVSS7.3AI score0.00564EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/08/14 3:2 p.m.2 views

mozilla: Missing permission check when creating a StreamFilter

The Mozilla Foundation Security Advisory describes this flaw as: It was possible for a web extension with minimal permissions to create a StreamFilter which could be used to read and modify the response body of requests on any site...

9.1CVSS7.3AI score0.00564EPSS
Exploits0References5
Rows per page
Query Builder