Lucene search
K

254 matches found

Cvelist
Cvelist
added 2025/08/11 6:57 p.m.19 views

CVE-2025-8285 Unauthorized Channel Subscription Creation in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to create channel subscription without proper access to the channel via API call to the create channel subscription endpoint...

4CVSS0.00184EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/11 6:57 p.m.4 views

CVE-2025-53910 Unauthorized Channel Subscription Edit in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the channel which allows attackers to create a channel subscription without proper access to the channel via API call to the edit channel subscription endpoint...

4CVSS7AI score0.00183EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/11 6:56 p.m.1 views

CVE-2025-48731 Unauthorized Subscription Edit to Confluence Space in Mattermost Confluence Plugin

Mattermost Confluence Plugin version 1.5.0 fails to check the access of the user to the Confluence space which allows attackers to edit a subscription for a Confluence space the user does not have access for via edit subscription endpoint...

6.4CVSS7.1AI score0.00164EPSS
Exploits0References1
OSV
OSV
added 2025/07/07 6:15 p.m.3 views

CVE-2025-20323

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a low-privileged user that does not hold the "admin" or "power" Splunk roles could turn off the scheduled search Bucket Copy Trigger within the Splunk Archiver application. This is because of missing access controls in the saved...

4.3CVSS5.8AI score
Exploits0References1
CNVD
CNVD
added 2025/07/04 12:0 a.m.2 views

FileBrowser has an unspecified vulnerability (CNVD-2025-22702)

FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser has a security vulnerability , the vulnerability stems from the file access permissions are not...

5.5CVSS6.9AI score0.0019EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:50 a.m.5 views

CVE-2024-12307

A function-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows teachers to modify student personal data without proper authorization. The vulnerability exists due to missing access control checks in the student editing functionality. At the...

4.3CVSS6.9AI score0.00237EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:3 a.m.6 views

CVE-2023-33970

Kanboard is open source project management software that focuses on the Kanban methodology. A vulnerability related to a missing access control was found, which allows a User with the lowest privileges to leak all the tasks and projects titles within the software, even if they are not invited or...

6.5CVSS6.4AI score0.00516EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:10 a.m.5 views

CVE-2019-19845

In Joomla! before 3.9.14, a missing access check in framework files could lead to a path disclosure...

5.3CVSS6.7AI score0.01101EPSS
Exploits0References1
OSV
OSV
added 2025/04/22 3:29 p.m.7 views

GO-2025-3600 Missing ACLs on JavaScript APIs allowing privilege escalation github.com/nats-io/nats-server

Missing...

9.6CVSS7.2AI score0.00561EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/04/22 12:0 a.m.4 views

Codemers KLIMS 安全漏洞

Codemers KLIMS is a system for laboratory information management from Codemers. A security vulnerability exists in Codemers KLIMS version 1.6.DEV, which stems from a missing access control mechanism that could lead to elevated privileges...

7.3CVSS6.3AI score0.00281EPSS
Exploits1References2
Snyk
Snyk
added 2025/04/14 11:41 p.m.5 views

Information Exposure

Overview agpt is an An open-source attempt to make GPT-4 autonomous Affected versions of this package are vulnerable to Information Exposure due to missing access controls in the WebSocket API. Node execution updates were sent to any subscriber using a valid graphid and graphversion, allowing...

4.8CVSS6.8AI score0.0034EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/10 12:0 a.m.4 views

WordPress plugin Hive Support 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.5CVSS6.9AI score0.00257EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/28 10:40 p.m.19 views

CVE-2025-20230

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could edit and delete other user data in App Key Value...

4.3CVSS7.1AI score0.003EPSS
Exploits0References3
OSV
OSV
added 2025/03/20 10:15 a.m.10 views

CVE-2024-9000

In lunary-ai/lunary before version 1.4.26, the checklists.post endpoint allows users to create or modify checklists without validating whether the user has proper permissions. This missing access control permits unauthorized users to create checklists, bypassing intended permission checks...

6.5CVSS6.9AI score0.0051EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2025/03/03 12:0 a.m.5 views

The vulnerability of the DDNS service in the D-Link DIR-816 A2 router software allows a hacker to compromise the integrity of the protected information.

The vulnerability of the DDNS service in the D-Link DIR-816 A2 router software lies in its lack of access control mechanisms. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the protected information...

5.3CVSS6.2AI score0.00785EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/02/27 10:15 p.m.3 views

CVE-2024-38292

In Extreme Networks XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible, which may lead to privilege escalation...

9.8CVSS5.8AI score0.00536EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/02/11 12:0 a.m.6 views

VulnCheck KEV: CVE-2018-1217

Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated attacker to read or change the Local...

9.8CVSS5.8AI score0.46642EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/02/06 2:30 a.m.13 views

CVE-2025-24885

pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Missing access control on rendering custom unprivileged dojo pages causes ability for users to create stored XSS...

7.6CVSS6.6AI score0.00233EPSS
Exploits0References1
OSV
OSV
added 2025/01/11 3:15 a.m.7 views

CVE-2024-42169

HCL MyXalytics is affected by insecure direct object references. It occurs due to missing access control checks, which fail to verify whether a user should be allowed to access specific data...

8.1CVSS5.8AI score0.00263EPSS
Exploits0References1
Hacker One
Hacker One
added 2024/11/20 9:40 p.m.7 views

U.S. Dept Of Defense: Exposed Extremely Sensitive Information in Public ZIP File

A publicly accessible ZIP file containing sensitive information, including SMTP credentials, database connection details, and AWS secret keys, was discovered. The sensitive data was exposed due to the lack of proper access controls and encryption. The exposed credentials could have been misused f...

6.9AI score
Exploits0
Rows per page
Query Builder