Lucene search
K

12 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/26 12:0 a.m.9 views

CVE-2026-38587

An Insecure Direct Object Reference IDOR vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions User or Guest to retrieve sensitive information, such as the Owner's unique...

5.8AI score0.00221EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/26 12:0 a.m.12 views

CVE-2026-38587

An Insecure Direct Object Reference IDOR vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions User or Guest to retrieve sensitive information, such as the Owner's unique...

5.8AI score0.00221EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.7 views

Discourse security vulnerabilities

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Vulnerabilities exist in versions of Discourse prior to 3.5.4, as well as versions prior to 2025.11.2, 2025.12.1, and 2026.1....

6.5CVSS5.8AI score0.00238EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:41 p.m.8 views

CVE-2023-25195

Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache Fineract. Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic. This issue affects Apache Fineract: from 1.4 through 1.8.3...

8.1CVSS7AI score0.00982EPSS
Exploits0References1
NVD
NVD
added 2025/12/04 9:16 p.m.6 views

CVE-2025-55948

This vulnerability fundamentally arises from yzcheng90 X-SpringBoot 6.0's implementation of role-based access control RBAC through dual dependency on frontend menu systems and backend permission tables, without enforcing atomic synchronization between these components. The critical flaw manifests...

7.3CVSS0.00249EPSS
Exploits1References2
OSV
OSV
added 2025/10/23 3:15 p.m.6 views

CVE-2025-56008

Cross site scripting XSS vulnerability in KeeneticOS before 4.3 at "Wireless ISP" page allows attackers located near to the router to takeover the device via adding additional users with full permissions...

6.1CVSS5.7AI score0.00223EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-2316

Malicious code in bioql PyPI...

9.9CVSS6.3AI score0.0121EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/10/01 12:0 a.m.8 views

PT-2025-43522

Name of the Vulnerable Software and Affected Versions KeeneticOS versions prior to 4.3 Description A cross site request forgery CSRF issue exists in KeeneticOS. The issue is present in the ''/rci'' API endpoint and allows attackers to gain control of the device by adding users with full...

5.3CVSS5.3AI score0.00169EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2025/10/01 12:0 a.m.9 views

PT-2025-43520

Name of the Vulnerable Software and Affected Versions KeeneticOS versions prior to 4.3 Description A CRLF-injection flaw exists in KeeneticOS prior to version 4.3. This issue is present at the /auth API endpoint and could allow attackers to gain control of the device. Exploitation involves adding...

7.8CVSS5.8AI score0.0031EPSS
Exploits1References10
OSV
OSV
added 2025/01/22 2:15 a.m.3 views

UBUNTU-CVE-2025-23083

With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...

7.7CVSS7AI score0.00413EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/10/15 12:0 a.m.5 views

PT-2024-10843 · WordPress · Indeed Membership Pro

Name of the Vulnerable Software and Affected Versions: Indeed Membership Pro plugin for WordPress versions 7.3 through 8.6 Description: The Indeed Membership Pro plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various AJAX actions. This makes it...

6.3CVSS7AI score0.00339EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2022/10/28 4:57 p.m.11 views

CVE-2022-3400

The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the brickssavepost AJAX action in versions 1.0 to 1.5.3. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to edit any page, post, or template...

6.5CVSS7.2AI score0.00618EPSS
Exploits1References2
Rows per page
Query Builder