Lucene search
K

17 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-38628

Malicious code in bioql PyPI...

7.1CVSS6.3AI score0.00335EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/05/23 7:31 a.m.5 views

CVE-2024-40787

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8, watchOS 10.6. A shortcut may be able to bypass Internet permission requirements...

7.1CVSS5.8AI score0.00335EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:8 p.m.8 views

CVE-2021-33057

The QQ application 8.7.1 for Android and iOS does not enforce the permission requirements e.g., android.permission.ACCESSFINELOCATION for determining the device's physical location. An attacker can use qq.createMapContext to create a MapContext object, use MapContext.moveToLocation to move the...

7.5CVSS6.3AI score0.01032EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:17 a.m.10 views

CVE-2017-1000104

The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords. Users with only Overall/Read access to Jenkins were able to access URLs directly that allowed viewing these files. Access to view these files now requires sufficient...

6.5CVSS6.6AI score0.00818EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/26 12:5 a.m.9 views

CVE-2025-32964

ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 00bebea, when enabling a conflicting extension, a restricted extension would be automatically disabled even if the user did not hold the ManageWiki-restricted right. This issue has been patched in commit 00bebea. ...

4.6CVSS6.7AI score0.00193EPSS
Exploits0References1
NVD
NVD
added 2024/12/04 2:15 a.m.34 views

CVE-2024-42456

A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specific port. This can result in unauthorized...

8.8CVSS0.0038EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/04 1:6 a.m.18 views

CVE-2024-42456

A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specific port. This can result in unauthorized...

8.8CVSS7.1AI score0.0038EPSS
Exploits0References1
CVE
CVE
added 2024/12/04 1:6 a.m.77 views

CVE-2024-42456

CVE-2024-42456 affects Veeam Backup & Replication . A low-privileged user with a specific role can exploit a method with insufficient permission checks to modify critical configuration settings (e.g., trusted client certificate on a port), potentially allowing calls to privileged methods and init...

8.8CVSS7.1AI score0.0038EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/12/04 1:6 a.m.38 views

CVE-2024-42456

A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specific port. This can result in unauthorized...

8.8CVSS0.0038EPSS
Exploits0References1
CVE
CVE
added 2024/07/29 10:16 p.m.71 views

CVE-2024-40787

CVE-2024-40787 is a local, low-privilege impact issue in Apple platforms where an attacker could bypass internet permission prompts. The root cause involves the handling of user consent prompts, allowing a Shortcut to circumvent Internet permission requirements. Affected products/versions include...

7.1CVSS5.8AI score0.00335EPSS
Exploits0References20Affected Software4
OSV
OSV
added 2024/07/26 10:3 a.m.15 views

OPENSUSE-SU-2024:0220-1 Security update for caddy

This update for caddy fixes the following issues: - Update to version 2.8.4: cmd: fix regression in auto-detect of Caddyfile 6362 Tag v2.8.3 was mistakenly made on the v2.8.2 commit and is skipped - Update to version 2.8.2: cmd: fix auto-detetction of .caddyfile extension 6356 caddyhttp: properly...

7.5CVSS8.2AI score0.01364EPSS
Exploits0References4
Drupal
Drupal
added 2023/08/23 12:0 a.m.4 views

Flexi Access - Critical - Arbitrary PHP code execution - SA-CONTRIB-2023-036

The Flexi Access module will provide a simple and flexible interface to the ACL Access Control List module. It will let you set up and mange ACLs naming individual users that are allowed access to a particular node. The module processes user input in a way that could be unsafe. This can lead to...

5.9AI score
Exploits0References7
Prion
Prion
added 2022/07/26 11:15 p.m.15 views

Design/Logic Flaw

The QQ application 8.7.1 for Android and iOS does not enforce the permission requirements e.g., android.permission.ACCESSFINELOCATION for determining the device's physical location. An attacker can use qq.createMapContext to create a MapContext object, use MapContext.moveToLocation to move the...

5CVSS7AI score0.01032EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2022/07/26 10:36 p.m.63 views

CVE-2021-33057

The CVE-2021-33057 entry concerns Tencent QQ version 8.7.1 on Android and iOS. The issue is that QQ does not enforce location permission requirements (e.g., android.permission.ACCESS_FINE_LOCATION) when determining the device’s physical location. An attacker can use qq.createMapContext to instant...

7.5CVSS7AI score0.01032EPSS
Exploits1References3Affected Software1
Kitploit
Kitploit
added 2021/08/01 12:30 p.m.82 views

CSIRT-Collect - PowerShell Script To Collect Memory And (Triage) Disk Forensics

A PowerShell script to collect memory and triage disk forensics for incident response investigations. The script leverages a network share, from which it will access and copy the required executables and subsequently upload the acquired evidence to the same share post-collection. Permission...

7.5AI score
Exploits0References1
Citrix
Citrix
added 2018/08/20 12:0 a.m.11 views

Permissions required for FAS Certificate Templates

Domain computers generating many requests on Certificate Authority CA...

7.2AI score
Exploits0
Drupal
Drupal
added 2010/10/06 12:0 a.m.20 views

SA-CONTRIB-2010-099 - Views Bulk Operations - Access Bypass

Views Bulk Operations augments Views by allowing bulk operations to be executed on the nodes and users displayed by a view. It does so by showing a checkbox in front of each item, and adding a select box containing operations that can be applied on the selected items. In some circumstances, a...

4.9CVSS6.3AI score0.01064EPSS
Exploits0References6
Rows per page
Query Builder