Lucene search
+L

173 matches found

RedhatCVE
RedhatCVE
added 2025/09/13 1:18 a.m.15 views

CVE-2025-6088

In version 0.7.8 of danny-avila/librechat, improper authorization controls in the conversation sharing feature allow unauthorized access to other users' conversations if the conversation ID is known. Although UUIDv4 conversation IDs are generated server-side and are difficult to brute force, they...

4.2CVSS6.9AI score0.00267EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/09/11 2:9 a.m.24 views

CVE-2025-42913

Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to escalate privileges and perform activities that are otherwise restricted, resulting in a low impact on the integrity of the application. Confidentiali...

3.1CVSS6.7AI score0.00188EPSS
Exploits0References1
OSV
OSV
added 2025/09/09 9:1 a.m.8 views

CVE-2025-59018 Information Disclosure in Workspaces Module

Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke the corresponding AJAX backend route to disclose sensitive information without having access...

7.1CVSS5.8AI score0.00266EPSS
Exploits0References5
CVE
CVE
added 2025/09/09 6:40 a.m.26 views

CVE-2025-9542

Summary (CVE-2025-9542) The WordPress plugin AutomatorWP – Automator (AutomatorWP) ≤ 5.3.7 is affected by a missing capability check that lets authenticated users with Subscriber-level access or higher view and modify integration settings and automations. The vulnerability affects all versions up...

5.4CVSS4.6AI score0.0018EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.5 views

PT-2025-36693

Name of the Vulnerable Software and Affected Versions: TYPO3 CMS versions 9.0.0 through 9.5.54 TYPO3 CMS versions 10.0.0 through 10.4.53 TYPO3 CMS versions 11.0.0 through 11.5.47 TYPO3 CMS versions 12.0.0 through 12.4.36 TYPO3 CMS versions 13.0.0 through 13.4.17 Description: The Backend Routing...

8.8CVSS6.1AI score0.00276EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.4 views

PT-2025-36547

Name of the Vulnerable Software and Affected Versions: SAP HCM My Timesheet Fiori 2.0 application affected versions not specified Description: The SAP HCM My Timesheet Fiori 2.0 application is susceptible to a privilege escalation issue stemming from missing authorization checks. An authenticated...

3.1CVSS6.1AI score0.00188EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.3 views

SAP HCM My Timesheet Fiori 安全漏洞

SAP HCM My Timesheet Fiori is a timesheet application from SAP, Germany. A security vulnerability exists in SAP HCM My Timesheet Fiori version 2.0, which stems from a lack of authorization checking and could lead to elevated privileges...

3.1CVSS6.5AI score0.00188EPSS
Exploits0References2
NVD
NVD
added 2025/09/02 8:15 p.m.5 views

CVE-2025-6685

ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The...

8.8CVSS0.00654EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/08/30 12:0 a.m.5 views

SUNNET Corporate Training Management System 安全漏洞

SUNNET Corporate Training Management System is a corporate training management system from SUNNET. A security vulnerability exists in SUNNET Corporate Training Management System versions prior to 10.11, which stems from a lack of authorization checking and could lead to unauthorized application...

9.8CVSS6.5AI score0.00466EPSS
Exploits0References2
NVD
NVD
added 2025/08/14 5:15 p.m.19 views

CVE-2025-20302

A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, low-privileged, remote attacker to retrieve a generated report from a different domain. This vulnerability is due to missing authorization checks. An attacker could exploit this...

4.3CVSS0.00289EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/08/12 12:0 a.m.4 views

SAP ABAP Platform 安全漏洞

SAP ABAP Platform is an ABAP-based SAP solution from SAP, a German company. A security vulnerability exists in SAP ABAP Platform that stems from a lack of authorization checks and could lead to unauthorized database access...

4.9CVSS6.4AI score0.00312EPSS
Exploits0References2
NVD
NVD
added 2025/08/02 8:15 a.m.7 views

CVE-2025-6754

The SEO Metrics plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks in both the seometricshandleconnectbuttonclick AJAX handler and the seometricshandlecustomendpoint function in all versions up to, and including, 1.0.15. Because the AJAX action only...

8.8CVSS0.00381EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/08/02 12:0 a.m.7 views

PT-2025-31725 · WordPress · Seo Metrics

Name of the Vulnerable Software and Affected Versions: SEO Metrics versions 1.0.5 through 1.0.15 Description: The SEO Metrics plugin for WordPress is susceptible to privilege escalation due to insufficient authorization checks. Specifically, the seo metrics handle connect button click AJAX handle...

8.8CVSS6.7AI score0.00381EPSS
Exploits0References12
CNNVD
CNNVD
added 2025/07/04 12:0 a.m.6 views

WordPress plugin WP Human Resource Management 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.8CVSS6.5AI score0.00364EPSS
Exploits0References5
Veracode
Veracode
added 2025/05/30 2:44 a.m.5 views

Insecure Direct Object Reference (IDOR)

mautic/core is vulnerable to an Insecure Direct Object Reference IDOR. The vulnerability is due to missing authorization checks in the segment cloning function, which allows authenticated users to clone segments even if they don’t have the necessary permissions...

4.3CVSS6.4AI score0.00211EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2025/05/29 6:8 p.m.6 views

Unauthorized Access To Unpublished Page Previews

mautic/core is vulnerable to Unauthorized Access to unpublished page previews. The vulnerability is due to missing authorization checks on predictable preview URLs, allowing unauthenticated users and search engines to access and index draft content...

6.5CVSS6.8AI score0.00298EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 8:29 a.m.5 views

CVE-2024-44113

Due to missing authorization checks, SAP Business Warehouse BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the...

4.3CVSS6.5AI score0.00262EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:31 p.m.3 views

CVE-2021-21486

SAP Enterprise Financial Services versions, 101, 102, 103, 104, 105, 600, 603, 604, 605, 606, 616, 617, 618, 800, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges...

8.8CVSS7AI score0.00753EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:23 p.m.9 views

CVE-2021-24779

The WP Debugging WordPress plugin before 2.11.0 has its updatesettings function hooked to admininit and is missing any authorisation and CSRF checks, as a result, the settings can be updated by unauthenticated users...

6.5CVSS6.9AI score0.00556EPSS
Exploits2References1
CNNVD
CNNVD
added 2025/05/20 12:0 a.m.4 views

VMware Cloud Foundation 安全漏洞

VMware Cloud Foundation is an all-in-one hybrid cloud platform from VMware. The platform includes features such as operations automation, infrastructure auto-configuration and integrated lifecycle management. VMware Cloud Foundation suffers from an authorization issue vulnerability that stems fro...

7.3CVSS6.9AI score0.00157EPSS
Exploits0References1
Rows per page
Query Builder