Lucene search
K

143 matches found

OSV
OSV
added 2025/07/29 1:39 p.m.5 views

RLSA-2025:9329 Important: perl-YAML-LibYAML security update

Kirill Siminov's "libyaml" is arguably the best YAML implementation. The C library is written precisely to the YAML 1.1 specification. It was originally bound to Python and was later bound to Ruby. Security Fixes: yaml-libyaml: LibYAML Perl File Modification Vulnerability CVE-2025-40908 For more...

7.7CVSS7.1AI score0.00368EPSS
Exploits1References2
OSV
OSV
added 2025/06/23 12:0 a.m.5 views

ALSA-2025:9329 Important: perl-YAML-LibYAML security update

Kirill Siminov's "libyaml" is arguably the best YAML implementation. The C library is written precisely to the YAML 1.1 specification. It was originally bound to Python and was later bound to Ruby. Security Fixes: yaml-libyaml: LibYAML Perl File Modification Vulnerability CVE-2025-40908 For more...

9.1CVSS9.1AI score0.00368EPSS
Exploits1References4
OSV
OSV
added 2025/06/23 12:0 a.m.5 views

ALSA-2025:9330 Important: perl-YAML-LibYAML security update

Kirill Siminov's "libyaml" is arguably the best YAML implementation. The C library is written precisely to the YAML 1.1 specification. It was originally bound to Python and was later bound to Ruby. Security Fixes: yaml-libyaml: LibYAML Perl File Modification Vulnerability CVE-2025-40908 For more...

9.1CVSS7AI score0.00368EPSS
Exploits1References4
AlmaLinux
AlmaLinux
added 2025/06/23 12:0 a.m.4 views

Important: perl-YAML-LibYAML security update

Kirill Siminov's "libyaml" is arguably the best YAML implementation. The C library is written precisely to the YAML 1.1 specification. It was originally bound to Python and was later bound to Ruby. Security Fixes: yaml-libyaml: LibYAML Perl File Modification Vulnerability CVE-2025-40908 For more...

9.1CVSS9.2AI score0.00368EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/06/19 12:5 p.m.8 views

CVE-2025-3880

The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on several functions in all versions up to, and including, 19.9.0. This makes it possible for authenticated attackers, with...

4.3CVSS4.2AI score0.00241EPSS
Exploits0References1
OSV
OSV
added 2025/06/11 5:42 a.m.3 views

SUSE-SU-2025:01886-1 Security update for perl-YAML-LibYAML

This update for perl-YAML-LibYAML fixes the following issues: - CVE-2025-40908: YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified bsc1243902...

9.1CVSS9.4AI score0.00368EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2025/06/01 1:41 p.m.2 views

CVE-2025-40908

YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified...

9.1CVSS9.2AI score0.00368EPSS
Exploits1References3
OSV
OSV
added 2025/05/29 6:31 p.m.8 views

GHSA-4MMR-2W8P-WHCR Mattermost improperly allows team administrators to modify team invites

Mattermost versions 10.7.x = 10.7.0, 10.6.x = 10.6.2, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fail to properly validate permissions when changing team privacy settings, allowing team administrators without the 'invite user' permission to access and modify team invite IDs via the...

5.3CVSS7AI score0.00265EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 9:41 a.m.11 views

CVE-2024-1091

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reinitialize function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level...

4.3CVSS6.4AI score0.00347EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:18 a.m.8 views

CVE-2024-10216

The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'addsidebar' and 'removesidebar' functions in all versions up to, and including, 2.9.11. This makes it possible for authenticate...

4.3CVSS6.5AI score0.00429EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:11 a.m.8 views

CVE-2024-12781

The Aurum - WordPress & WooCommerce Shopping Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'lab1cldemoinstallpackagecontent' function in all versions up to, and including, 4.0.2. This makes it possible for authenticated...

4.3CVSS6.5AI score0.00322EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:0 a.m.21 views

CVE-2024-6754

The Social Auto Poster plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the ‘wpwautoposterupdatetweettemplate’ function in all versions up to, and including, 5.3.14. This makes it possible for authenticated attackers, with Subscriber-level...

5.4CVSS6.2AI score0.00264EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:39 a.m.8 views

CVE-2023-26282

IBM Watson CP4D Data Stores 4.6.0 through 4.6.3 could allow a user with physical access and specific knowledge of the system to modify files or data on the system. IBM X-Force ID: 248415...

4.2CVSS6.1AI score0.0024EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:31 a.m.7 views

CVE-2023-5411

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfaf2savepost function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

4.3CVSS6.4AI score0.00395EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:26 a.m.6 views

CVE-2023-4947

The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refreshordereandata AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above,...

4.3CVSS6.4AI score0.00357EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:47 p.m.8 views

CVE-2021-33346

There is an arbitrary password modification vulnerability in a D-LINK DSL-2888A router product. An attacker can use this vulnerability to modify the password of the admin user without authorization...

9.8CVSS7AI score0.01223EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:4 p.m.7 views

CVE-2020-20907

MetInfo 7.0 beta is affected by a file modification vulnerability. Attackers can delete and modify ini files in app/system/language/admin/languagegeneral.class.php and app/system/include/function/file.func.php...

9.1CVSS6.9AI score0.02201EPSS
Exploits1
Cvelist
Cvelist
added 2025/05/22 4:14 p.m.25 views

CVE-2025-33136 IBM Aspera Faspex data modification

IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data...

7.1CVSS0.00287EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:49 p.m.9 views

CVE-2018-1999032

A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to override this plugin's configuration by sending crafted HTTP requests to an unprotected endpoint...

6.5CVSS6.5AI score0.01019EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:15 a.m.18 views

CVE-2019-1003017

A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentially installing additional plugins necessary to load the imported job's configuration...

5.3CVSS6.5AI score0.00524EPSS
Exploits0References1
Rows per page
Query Builder