Lucene search
K

136 matches found

OSV
OSV
added 2025/08/14 12:30 p.m.4 views

GHSA-2VV2-3X8X-4GV7 Flowise OS command remote code execution

The Custom MCPs feature is designed to execute OS commands, for instance, using tools like npx to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls RBAC. Furthermore, in Flowise versions before 3.0.1 the...

9.8CVSS7.6AI score0.70866EPSS
Exploits3References3
RedhatCVE
RedhatCVE
added 2025/05/23 6:50 a.m.5 views

CVE-2024-12307

A function-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows teachers to modify student personal data without proper authorization. The vulnerability exists due to missing access control checks in the student editing functionality. At the...

4.3CVSS6.9AI score0.00237EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:3 a.m.6 views

CVE-2023-33970

Kanboard is open source project management software that focuses on the Kanban methodology. A vulnerability related to a missing access control was found, which allows a User with the lowest privileges to leak all the tasks and projects titles within the software, even if they are not invited or...

6.5CVSS6.4AI score0.00516EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/04/22 12:0 a.m.4 views

Codemers KLIMS 安全漏洞

Codemers KLIMS is a system for laboratory information management from Codemers. A security vulnerability exists in Codemers KLIMS version 1.6.DEV, which stems from a missing access control mechanism that could lead to elevated privileges...

7.3CVSS6.3AI score0.00281EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/03/28 10:40 p.m.20 views

CVE-2025-20230

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could edit and delete other user data in App Key Value...

4.3CVSS7.1AI score0.003EPSS
Exploits0References3
OSV
OSV
added 2025/03/20 10:15 a.m.10 views

CVE-2024-9000

In lunary-ai/lunary before version 1.4.26, the checklists.post endpoint allows users to create or modify checklists without validating whether the user has proper permissions. This missing access control permits unauthorized users to create checklists, bypassing intended permission checks...

6.5CVSS6.9AI score0.0051EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2025/03/03 12:0 a.m.5 views

The vulnerability of the DDNS service in the D-Link DIR-816 A2 router software allows a hacker to compromise the integrity of the protected information.

The vulnerability of the DDNS service in the D-Link DIR-816 A2 router software lies in its lack of access control mechanisms. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the protected information...

5.3CVSS6.2AI score0.00785EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/02/27 10:15 p.m.3 views

CVE-2024-38292

In Extreme Networks XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible, which may lead to privilege escalation...

9.8CVSS5.8AI score0.00536EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/11 12:0 a.m.6 views

VulnCheck KEV: CVE-2018-1217

Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated attacker to read or change the Local...

9.8CVSS5.8AI score0.46642EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/02/06 2:30 a.m.14 views

CVE-2025-24885

pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Missing access control on rendering custom unprivileged dojo pages causes ability for users to create stored XSS...

7.6CVSS6.6AI score0.00233EPSS
Exploits0References1
OSV
OSV
added 2025/01/11 3:15 a.m.7 views

CVE-2024-42169

HCL MyXalytics is affected by insecure direct object references. It occurs due to missing access control checks, which fail to verify whether a user should be allowed to access specific data...

8.1CVSS5.8AI score0.00263EPSS
Exploits0References1
Huntr
Huntr
added 2024/10/23 8:14 a.m.6 views

Missing access control on endpoint to list all evaluations in lunary-ai/lunary

Description The /v1/evaluators/ route allows users to fetch all evaluators of a project by sending a GET request. However, the route lacks proper access control, such as middleware to ensure that only users with appropriate roles can access evaluator data. The current implementation: Does not...

6.5CVSS6.6AI score0.00487EPSS
Exploits1
NVD
NVD
added 2024/07/31 7:15 p.m.32 views

CVE-2024-41108

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. The hostinfo page has missing/improper access control since only the host's mac address is required to obtain the configuration information. This data can only be retrieved if a task is pending on that...

7.5CVSS0.00552EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/06/14 12:0 a.m.10 views

PT-2024-27471 · User Oidc · User Oidc

Name of the Vulnerable Software and Affected Versions: user oidc app versions prior to 3.0.0 user oidc app versions prior to 4.0.0 user oidc app versions prior to 5.0.0 Description: The issue is related to missing access control on the ID4me endpoint, allowing an attacker to register an account a...

6.3CVSS7.3AI score0.00637EPSS
Exploits1References7
OSV
OSV
added 2024/03/15 12:30 p.m.4 views

GHSA-R978-9M6M-6GM6 Apache ZooKeeper vulnerable to information disclosure in persistent watchers handling

Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher addWatch command to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when th...

5.3CVSS6.7AI score0.00246EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/03/15 12:0 a.m.3 views

Apache Zookeeper 信息泄露漏洞

Apache Zookeeper is a software project of the U.S. Apache Apache Foundation, which is able to provide open source distributed configuration services, synchronization services, and naming registry for large-scale distributed computing. Apache ZooKeeper has an information disclosure vulnerability...

5.3CVSS6.3AI score0.00246EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/02/05 12:0 a.m.6 views

PT-2024-20674 · Jetbrains · Teamcity

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2023.11.2 Description: The issue is related to missing access control at the S3 Artifact Storage plugin endpoint. This could potentially allow unauthorized access. Recommendations: For versions prior to...

5.3CVSS5.1AI score0.00307EPSS
Exploits0References7
OSV
OSV
added 2024/01/16 10:15 a.m.4 views

CVE-2023-34063

Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows...

8.3CVSS5.8AI score0.00949EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/01/16 9:10 a.m.35 views

CVE-2023-34063

Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows...

9.9CVSS9.5AI score0.00949EPSS
Exploits0References1
CVE
CVE
added 2024/01/16 9:10 a.m.177 views

CVE-2023-34063

VMware Aria Automation (formerly vRealize Automation) is affected by CVE-2023-34063 due to a Missing Access Control flaw. An authenticated attacker could gain unauthorized access to remote organizations and workflows. The vulnerability affects Aria Automation prior to fixed builds; no exploit det...

9.9CVSS8.1AI score0.00949EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder