Lucene search
K

27 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.9 views

CVE-2026-29179

October is a Content Management System CMS and web platform. Prior to 3.7.16 and 4.1.16, fine-grained sub-permission checks for asset and blueprint file operations were not enforced in the CMS and Tailor editor extensions. This only affects backend users who were explicitly granted editor access...

3.3CVSS5.5AI score0.00144EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 3:54 p.m.35 views

CVE-2026-42843 grav-plugin-api: Grav API Privilege Escalation to Super Admin

Grav API Plugin is a RESTful API for Grav CMS that provides full headless access to your site's content, media, configuration, users, and system management. Prior to 1.0.0-beta.15, an insecure direct object reference and logic flaw in the Grav API plugin UsersController::update allows any...

8.8CVSS0.0035EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-19638

Malware in sbrugna...

4.6CVSS4.9AI score0.00223EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-6276

Malware in sbrugna...

5.3CVSS5.5AI score0.0064EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-26348

Malware in sbrugna...

7.8CVSS7.7AI score0.00162EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/07/10 11:22 a.m.5 views

CVE-2025-20997

Incorrect default permission in Framework for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to reset some configuration of Galaxy Watch...

6.2CVSS7AI score0.00116EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:52 p.m.11 views

CVE-2022-23139

ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could...

8.8CVSS6.9AI score0.00711EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:44 p.m.7 views

CVE-2020-14117

A improper permission configuration vulnerability in Xiaomi Content Center APP. This vulnerability is caused by the lack of correct permission verification in the Xiaomi content center APP, and attackers can use this vulnerability to invoke the sensitive component functions of the Xiaomi content...

5.3CVSS6.7AI score0.0064EPSS
Exploits0
NVD
NVD
added 2024/09/14 4:15 a.m.26 views

CVE-2024-8039

Improper permission configurationDomain configuration vulnerability of the mobile application com.afmobi.boomplayer can lead to account takeover risks...

9.8CVSS0.00434EPSS
Exploits0References2
Prion
Prion
added 2023/12/22 9:15 p.m.17 views

Design/Logic Flaw

Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue...

5CVSS7AI score0.00865EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/12/22 8:56 p.m.28 views

CVE-2023-51650 Unauthorized access vulnerability on three interfaces

Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue...

7.5CVSS7.5AI score0.00865EPSS
Exploits1References4
Veracode
Veracode
added 2023/06/02 12:10 p.m.29 views

Information Disclosure

github.com/goreleaser/nfpm is vulnerable to Information Disclosure. The vulnerability exists due to improper permission configuration in files and folders which allows an attacker access to the package on the file system...

7.1CVSS6.6AI score0.00384EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2022/05/12 8:15 p.m.10 views

CVE-2022-23139

ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could...

8.8CVSS0.00711EPSS
Exploits0References1
Prion
Prion
added 2022/05/12 8:15 p.m.19 views

Design/Logic Flaw

ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could...

6.5CVSS8.6AI score0.00711EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2022/04/29 12:0 a.m.17 views

Xiaomi Content Center APP incorrect permission configuration vulnerability

Xiaomi Content Center Xiaomi Content Center is a content center of Xiaomi China, Inc. An incorrect permission configuration vulnerability exists in Xiaomi Content Center APP, which is caused by the lack of proper permission validation in Xiaomi Content Center APP, and can be exploited by attacker...

5.3CVSS2.8AI score0.0064EPSS
Exploits0References1
CVE
CVE
added 2022/04/21 5:40 p.m.47 views

CVE-2020-14117

CVE-2020-14117 pertains to Xiaomi Content Center APP and is linked across multiple sources. The issue is described as an improper permission configuration caused by lack of correct permission verification within the Xiaomi Content Center APP, enabling attackers to invoke sensitive component funct...

5.3CVSS5.1AI score0.0064EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/02/09 11:15 p.m.3 views

CVE-2021-37107

There is an improper memory access permission configuration on ACPU.Successful exploitation of this vulnerability may cause out-of-bounds access...

5.5CVSS5.8AI score0.00168EPSS
Exploits0References1
CVE
CVE
added 2022/02/09 10:3 p.m.91 views

CVE-2021-39992

CVE-2021-39992 affects Huawei EMUI (Android-based) via a vulnerability in ACPU caused by a security privilege misconfiguration. The issue potentially allows code execution with high impact on confidentiality, integrity, and availability, given the CVSS 3.1 metrics (LOCAL access, LOW privileges re...

7.8CVSS7.6AI score0.00162EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/11/10 12:0 a.m.4 views

The vulnerability of the Elastic App Search application discovery tool, related to incorrect permission configuration, allows a violator to increase their privileges.

The vulnerability of the Elastic App Search application discovery tool is related to the improper assignment of permissions for API keys. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...

9CVSS7.5AI score0.00924EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/07/22 12:0 a.m.46 views

Node.js 12.x < 12.22.2 / 14.x < 14.17.2 / 16.x < 16.4.1 Multiple Vulnerabilities

The version of Node.js installed on the remote host is prior to 12.22.2, 14.17.2, 16.4.1. It is, therefore, affected by multiple vulnerabilities as referenced in the July 2021 Security Releases advisory. - Node.js is vulnerable to out-of-bounds read in libuv's uvidnatoascii function which is used...

7.8CVSS6.8AI score0.23132EPSS
Exploits4References5
Rows per page
Query Builder