Lucene search
K

7 matches found

NVD
NVD
added 2026/06/30 5:16 p.m.9 views

CVE-2026-58373

CVAT before 2.69.0 contains an improper authorization vulnerability in QualityReportViewSet.getqueryset that allows authenticated attackers to enumerate quality report identifiers belonging to other organizations by exploiting a missing checkobjectpermissions call on the parentid query parameter ...

5.3CVSS0.00204EPSS
Exploits0References4
CVE
CVE
added 2026/06/30 3:58 p.m.17 views

CVE-2026-58373

CVAT before version 2.69.0 contains an improper authorization vulnerability in QualityReportViewSet.get_queryset that lets authenticated attackers enumerate quality report identifiers across organizations by exploiting a missing check_object_permissions on the parent_id parameter of the quality r...

5.3CVSS5.8AI score0.00204EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.11 views

PT-2026-53931

Name of the Vulnerable Software and Affected Versions CVAT versions prior to 2.69.0 Description An improper authorization issue exists in the QualityReportViewSet.get queryset function. Authenticated attackers can enumerate quality report identifiers from other organizations by exploiting a missi...

5.3CVSS6AI score0.00204EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.7 views

PT-2026-5119

LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenutitle and Surveymenuparent id parameters to execute arbitrary JavaScript in administrative contexts...

6.4CVSS6AI score0.00249EPSS
Exploits1References5
OSV
OSV
added 2017/07/17 1:18 p.m.2 views

DEBIAN-CVE-2017-1000032

Cross-Site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parentid parameter to tree.php and drpaction parameter to datasources.php...

6.1CVSS6.2AI score0.00887EPSS
Exploits0References1
OSV
OSV
added 2016/04/12 4:59 p.m.3 views

DEBIAN-CVE-2016-3172

SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parentid parameter in an itemedit action...

8.8CVSS8.9AI score0.02827EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2016/04/12 4:0 p.m.61 views

CVE-2016-3172

SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parentid parameter in an itemedit action...

8.8CVSS8.9AI score0.02827EPSS
Exploits1
Rows per page
Query Builder