Lucene search
K

18 matches found

EUVD
EUVD
added 2026/04/22 6:31 p.m.6 views

EUVD-2025-209556

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user with project owner permissions to bypass group fork prevention settings due to...

2.7CVSS5.8AI score0.00381EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/29 12:0 a.m.9 views

OpenClaw 安全漏洞

OpenClaw is a command line tool for rights management. An improper access control vulnerability exists in OpenClaw versions prior to 2026.3.12, which stems from a lack of owner-level permission checking in the /config and /debug command handlers. An attacker can use this vulnerability to read or...

8.8CVSS5.8AI score0.00251EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/10 6:13 p.m.6 views

CVE-2025-14262

A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other users as if there were saved by the job owner. The attacker must have permissions to access the jobs but then they were saved into the catalog service using the wrong owner...

5.3CVSS6.7AI score0.00152EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/08 9:34 a.m.7 views

EUVD-2025-201697

A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other users as if there were saved by the job owner. The attacker must have permissions to access the jobs but then they were saved into the catalog service using the wrong owner...

5.3CVSS6.2AI score0.00194EPSS
Exploits0References2
CVE
CVE
added 2025/12/08 9:34 a.m.18 views

CVE-2025-14262

KNIME Business Hub vulnerability CVE-2025-14262 affects KNIME Business Hub prior to 1.17.0. A wrong permission check allowed an authenticated user to save another user’s jobs as if owned by the job owner, potentially enabling saves into spaces where the attacker lacked write permissions. The atta...

5.3CVSS6.3AI score0.00152EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/10/27 12:0 a.m.18 views

CVE-2025-54970

BAE Systems SOCET GXP prior to version 4.6.0.2 contains a vulnerability in the Job Status Service where requests are not authenticated. In affected configurations, remote or local users may abort jobs or read information without the job owner’s permissions. The issue is documented across multiple...

6.5CVSS6.1AI score0.0023EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-5596

Malware in sbrugna...

7.5CVSS7.6AI score0.01094EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-27023

Malware in sbrugna...

8.8CVSS8.1AI score0.00238EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2010-3758

Malware in sbrugna...

3.5CVSS6.1AI score0.01096EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-7159

Malicious code in bioql PyPI...

9.6CVSS5.4AI score0.00348EPSS
Exploits0References5
OSV
OSV
added 2024/09/07 4:15 p.m.4 views

DEBIAN-CVE-2024-36137

A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to...

3.3CVSS6AI score0.00395EPSS
Exploits0References1
OSV
OSV
added 2024/09/07 4:15 p.m.5 views

ALPINE-CVE-2024-36137

A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to...

3.3CVSS6.8AI score0.00395EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/09/07 12:0 a.m.10 views

PT-2022-4713

Name of the Vulnerable Software and Affected Versions SUSE Rancher versions prior to 2.6.7 SUSE Rancher versions prior to 2.5.16 Description The issue is related to an Improper Authorization vulnerability in SUSE Rancher. It allows any user with permissions to create or edit cluster role template...

9.1CVSS7.2AI score0.00813EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2021/10/01 12:0 a.m.4 views

PT-2021-21685 · Canonical · Multipass

Name of the Vulnerable Software and Affected Versions: Multipass version 1.7.0 through 1.7.1 Description: The issue concerns the MacOS version of Multipass, where the application directory was accidentally installed with incorrect owner permissions. Recommendations: For Multipass version 1.7.0 an...

8.8CVSS7.8AI score0.00238EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/08/28 12:0 a.m.19 views

openSUSE Security Update : inn (openSUSE-2020-1272)

This update for inn fixes the following issues : - change file owners in /usr/lib/news to root boo1172573 CVE-2020-8026 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2020-1272. The text description of...

8.4CVSS7.2AI score0.00362EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/11/07 12:0 a.m.43 views

Fedora 26 : community-mysql (2017-50c790aaed)

A quarter year regular dose of fixed CVE's. https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-20.html . rhbz1497694 : Fix owner and perms on log file in post script CVE fixes: rhbz1503701 CVE-2017-10155 CVE-2017-10227 CVE-2017-10268 CVE-2017-10276 CVE-2017-10279 CVE-2017-10283 CVE-2017-102...

7.5CVSS6.4AI score0.04291EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2010/11/04 12:0 a.m.26 views

FreeBSD : Mailman -- XSS in web interface (4ab29e12-e787-11df-adfa-00e0815b8da8)

Secunia reports : Two vulnerabilities have been reported in Mailman, which can be exploited by malicious users to conduct script insertion attacks. Certain input passed via the list descriptions is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrar...

3.5CVSS6.4AI score0.01973EPSS
Exploits0References2
Prion
Prion
added 2008/07/09 7:33 p.m.22 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Organic Groups OG module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote authenticated users, with group owner permissions, to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.6AI score0.00842EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder