Lucene search
K

7 matches found

Vulnrichment
Vulnrichment
added 2025/11/24 12:0 a.m.3 views

CVE-2025-63914

An issue was discovered in Cinnamon kotaemon 0.11.0. The mayextractzip function in the \libs\ktem\ktem\index\file\ui.py file does not check the contents of uploaded ZIP files. Although the contents are extracted into a temporary folder that is cleared before each extraction, successfully uploadin...

6.5AI score0.00312EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2025/09/15 12:0 a.m.4 views

PT-2025-37851

Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.7 iPadOS versions prior to 18.7 iOS versions prior to 26 iPadOS versions prior to 26 Description An application may be able to monitor keystrokes without user permission due to improved checks. Recommendations Update t...

10CVSS6.6AI score0.01024EPSS
Exploits0References14
Drupal
Drupal
added 2024/09/04 12:0 a.m.10 views

Content Entity Clone - Moderately critical - Information Disclosure - SA-CONTRIB-2024-035

This module enables you to "clone" a content entity, i.e. to create a new content pre-filled with data from another entity of the same type and bundle. The module doesn't properly check the user access to the original entity, allowing users to create a new entity they have permission to create...

4.3CVSS6.9AI score0.00296EPSS
Exploits0References6
Prion
Prion
added 2021/04/28 7:15 a.m.18 views

Authentication flaw

Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the addissuenotes permission requirement by leveraging the incoming mail handler...

5CVSS5.5AI score0.01192EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2020/04/01 6:15 p.m.3 views

CVE-2020-3916

An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. Setting an alternate app icon may disclose a photo without needing permission to access photos...

5.3CVSS6AI score0.0081EPSS
Exploits0References2
OSV
OSV
added 2018/02/21 8:12 p.m.4 views

DRUPAL-CONTRIB-2018-015

This module provides a JSON API standards-compliant API for accessing and manipulating Drupal content and configuration entities. The module doesn't sufficiently associate cacheability metadata in certain situations thereby causing an access bypass vulnerability. This vulnerability is mitigated b...

6.7AI score
Exploits0References1
Cvelist
Cvelist
added 2011/09/08 6:0 p.m.15 views

CVE-2011-3391

IBM Rational Build Forge 7.1.2 relies on client-side JavaScript code to enforce the EditSecurity permission requirement for the Export Key File function, which allows remote authenticated users to read a key file by removing a disable attribute in the Security sub-menu...

6.1AI score0.01152EPSS
Exploits0References6
Rows per page
Query Builder