Lucene search
K

139 matches found

Microsoft KB
Microsoft KB
added 2025/11/11 8:0 a.m.20 views

KB5068402 - Description of the security update for SQL Server 2017 CU31: November 11, 2025

KB5068402 - Description of the security update for SQL Server 2017 CU31: November 11, 2025 Summary Improvements and fixes included in this update How to obtain and install the update More information File information Information about protection and security Summary This security update contains...

8.8CVSS5.8AI score0.01114EPSS
Exploits0
Microsoft KB
Microsoft KB
added 2025/11/11 8:0 a.m.21 views

KB5068404 - Description of the security update for SQL Server 2019 CU32: November 11, 2025

KB5068404 - Description of the security update for SQL Server 2019 CU32: November 11, 2025 Summary Improvements and fixes included in this update How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More information File information...

8.8CVSS5.8AI score0.01114EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/11/08 12:55 a.m.13 views

CVE-2025-63783

A Broken Object Level Authorization BOLA vulnerability was discovered in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application 0.2.32. The vulnerability exists because the API fails to verify the ownership or membership of the currently authenticated user for...

7.6CVSS6.8AI score0.00284EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/07 6:30 p.m.6 views

EUVD-2025-38272

A Broken Object Level Authorization BOLA vulnerability was discovered in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application 0.2.32. The vulnerability exists because the API fails to verify the ownership or membership of the currently authenticated user for...

6.2AI score0.00284EPSS
Exploits1References3
OSV
OSV
added 2025/11/07 4:15 p.m.5 views

CVE-2025-63783

A Broken Object Level Authorization BOLA vulnerability was discovered in the tRPC project mutation APIs update, delete, add/remove tag of the Onlook web application 0.2.32. The vulnerability exists because the API fails to verify the ownership or membership of the currently authenticated user for...

7.6CVSS5.8AI score0.00284EPSS
Exploits1References2
CVE
CVE
added 2025/11/07 12:0 a.m.11 views

CVE-2025-63783

Onlook web application 0.2.32 contains a Broken Object Level Authorization (BOLA) in tRPC mutation APIs (update, delete, add/remove tag). The API fails to verify the requester’s ownership/membership for the target project ID, enabling an authenticated attacker to modify, delete, or manipulate tag...

7.6CVSS6.4AI score0.00284EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-54316

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00268EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-54317

Malicious code in bioql PyPI...

7.6CVSS6.6AI score0.00289EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-54487

Malicious code in bioql PyPI...

3.1CVSS6.6AI score0.00237EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2025/07/19 12:57 p.m.93 views

Exploit for CVE-2025-53640

CVE-2025-53640 – Authenticated User Enumeration in CERN's Indi...

5.3CVSS7AI score0.00565EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/23 6:50 a.m.6 views

CVE-2024-12305

An object-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows unauthorized access to student grades. A malicious student user can view grades of other students by manipulating the studentid parameter in the marks viewing endpoint. The...

4.3CVSS6.8AI score0.00252EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:44 a.m.9 views

CVE-2023-41058

Parse Server is an open source backend server. In affected versions the Parse Cloud trigger beforeFind is not invoked in certain conditions of Parse.Query. This can pose a vulnerability for deployments where the beforeFind trigger is used as a security layer to modify the incoming query. The...

7.5CVSS7.1AI score0.00623EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:9 a.m.7 views

CVE-2023-51649

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. When submitting a Job to run via a Job Button, only the model-level extras.runjob permission is checked i.e., does the user have...

4.3CVSS6.6AI score0.00448EPSS
Exploits0References1
Wallarm Lab
Wallarm Lab
added 2025/03/31 12:25 p.m.9 views

Unsolved Challenge: Why API Access Control Vulnerabilities Remain a Major Security Risk

Despite advancements in API security, access control vulnerabilities, such as broken object-level authentication BOLA and broken function-level authentication BFLA, remain almost impossible to detect. This blog will explore why these vulnerabilities are so difficult to detect, the limitations of...

8.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/03/29 12:25 a.m.20 views

CVE-2024-55070

A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions...

3.1CVSS7.1AI score0.00237EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/29 12:24 a.m.18 views

CVE-2024-55073

A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...

7.6CVSS7.1AI score0.00289EPSS
Exploits1References1
NVD
NVD
added 2025/03/27 8:15 p.m.14 views

CVE-2024-55070

A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions...

3.1CVSS0.00237EPSS
Exploits1References2
NVD
NVD
added 2025/03/27 7:15 p.m.14 views

CVE-2024-55073

A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...

7.6CVSS0.00289EPSS
Exploits1References2
OSV
OSV
added 2025/03/27 7:15 p.m.6 views

CVE-2024-55072

A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...

5.4CVSS6.7AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/27 12:0 a.m.10 views

CVE-2024-55073

A Broken Object Level Authorization vulnerability in the component /api/users/user-id of hay-kot mealie v2.2.0 allows users to edit their own profile in order to give themselves more permissions or to change their household...

7.4AI score0.00289EPSS
Exploits1References2
Rows per page
Query Builder