Lucene search
K

14 matches found

Cvelist
Cvelist
added 2 days ago20 views

CVE-2026-56249 Capgo - Unauthorized Channel Overwrite and Ownership Takeover via POST /channel Name Collision

Capgo before 12.128.2 contains an authorization bypass vulnerability in the channel creation endpoint that allows authenticated users to overwrite existing channels by reusing their names. Attackers with app.createchannel permission can exploit a logic mismatch between existence validation and...

7.6CVSS0.00257EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/13 8:54 p.m.4 views

Incorrect Authorization

Overview @openclaw/zalouser is an OpenClaw Zalo Personal Account plugin via native zca-js integration Affected versions of this package are vulnerable to Incorrect Authorization in the channels.zalouser.groups. An attacker can gain unauthorized access to restricted channels by reusing a display...

9.8CVSS5.8AI score0.00335EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/11/14 9:45 p.m.9 views

Directus has Improper Permission Handling on Deleted Fields

Summary Directus does not properly clean up field-level permissions when a field is deleted. If a new field with the same name is created later, the system automatically re-applies the old permissions, which can lead to unauthorized access. Details When a field is removed from a collection, its...

5.4CVSS6.7AI score0.00163EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/09/30 6:15 p.m.8 views

CVE-2025-11195

Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability, whereby an attacker can change the project name directly in the configuration file to a name that already exists. This issue stems from a lack of effective verification of the uniqueness of project...

3.3CVSS5.8AI score0.00084EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 3:22 a.m.4 views

SUSE CVE-2022-45408

Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...

6.5CVSS7.7AI score0.007EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2022/12/13 4:8 p.m.4 views

Mozilla: Fullscreen notification bypass via windowName

The Mozilla Foundation Security Advisory describes this flaw as: Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks...

6.5CVSS7.3AI score0.007EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/12/13 4:8 p.m.6 views

Mozilla: Fullscreen notification bypass via windowName

The Mozilla Foundation Security Advisory describes this flaw as: Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks...

6.5CVSS7.3AI score0.007EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/11/21 12:52 p.m.4 views

Mozilla: Fullscreen notification bypass via windowName

The Mozilla Foundation Security Advisory describes this flaw as: Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks...

6.5CVSS7.3AI score0.007EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/11/21 12:35 p.m.4 views

Mozilla: Fullscreen notification bypass via windowName

The Mozilla Foundation Security Advisory describes this flaw as: Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks...

6.5CVSS7.3AI score0.007EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/11/21 11:29 a.m.6 views

Mozilla: Fullscreen notification bypass via windowName

The Mozilla Foundation Security Advisory describes this flaw as: Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks...

6.5CVSS7.3AI score0.007EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/11/21 11:11 a.m.5 views

Mozilla: Fullscreen notification bypass via windowName

The Mozilla Foundation Security Advisory describes this flaw as: Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks...

6.5CVSS7.3AI score0.007EPSS
Exploits0References6
OSV
OSV
added 2022/11/16 12:0 a.m.3 views

UBUNTU-CVE-2022-45408

Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...

6.5CVSS6.9AI score0.007EPSS
Exploits0References7
OSV
OSV
added 2019/08/06 7:15 p.m.5 views

UBUNTU-CVE-2019-2386

After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue affects MongoDB Server v4.0 versions prior to 4.0.9;...

7.1CVSS5.8AI score0.01225EPSS
Exploits1References5
securityvulns
securityvulns
added 2004/11/24 12:0 a.m.20 views

[SA13261] SecretSanta Security Bypass Vulnerability

TITLE: SecretSanta Security Bypass Vulnerability SECUNIA ADVISORY ID: SA13261 VERIFY ADVISORY: http://secunia.com/advisories/13261/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: From remote SOFTWARE: SecretSanta 1.x http://secunia.com/product/4304/ DESCRIPTION: A vulnerability has been...

0.2AI score
Exploits0
Rows per page
Query Builder