Lucene search
K

128 matches found

Nuclei
Nuclei
added 8 hours ago37 views

Dolibarr Unauthenticated Contacts Database Theft

An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists. id: CVE-2023-33568 info: name: Dolibarr Unauthenticated Contacts Database Theft...

7.5CVSS7.1AI score0.1494EPSS
Exploits2References5
EUVD
EUVD
added 2026/06/24 11:53 a.m.11 views

EUVD-2026-38751

Capgo before 12.128.2 contains an information disclosure vulnerability in the public.existappv2 RPC function that allows unauthenticated attackers to enumerate appids by calling POST /rest/v1/rpc/existappv2 with arbitrary appid parameters. Remote attackers can exploit this SECURITY DEFINER functi...

6.9CVSS6AI score0.00261EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50484

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description Open WebUI allows users with permissions to create, update, or import workspace models to store arbitrary meta.knowledge entries without verifying ownership or read access to the referenced files...

7.1CVSS6AI score0.00198EPSS
Exploits1References8
OSV
OSV
added 2026/03/07 2:25 a.m.4 views

GHSA-6W2R-CFPC-23R5 AVideo has Unauthenticated IDOR - Playlist Information Disclosure

Product: AVideo https://github.com/WWBN/AVideo Version: Latest tested March 2026 Type: Insecure Direct Object Reference IDOR Auth Required: No User Interaction: None Summary The /objects/playlistsFromUser.json.php endpoint returns all playlists for any user without requiring authentication or...

6.9CVSS5.8AI score0.00365EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.5 views

PT-2026-24090

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 25.0 Description The /objects/playlistsFromUser.json.php endpoint does not require authentication or authorization, allowing an unauthenticated attacker to enumerate user IDs and retrieve playlist information, includin...

6.9CVSS5.8AI score0.00365EPSS
Exploits1References10
OSV
OSV
added 2026/03/03 10:10 p.m.5 views

CVE-2026-24898 OpenEMR has an Unauthenticated MedEx Token Disclosure

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0, an unauthenticated token disclosure vulnerability in the MedEx callback endpoint allows any unauthenticated visitor to obtain the practice's MedEx API tokens, leading to comple...

10CVSS5.9AI score0.00555EPSS
Exploits1References4
Packet Storm News
Packet Storm News
added 2026/02/09 12:0 a.m.17 views

MUZZLE: Adaptive Agentic Red-Teaming of Web Agents against Indirect Prompt Injection Attacks

Large language model LLM based web agents are increasingly deployed to automate complex online tasks by directly interacting with web sites and performing actions on users' behalf. While these agents offer powerful capabilities, their design exposes them to indirect prompt injection attacks...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 9:9 a.m.7 views

CVE-2019-11784

Improper access control in mail module notifications in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to obtain access to arbitrary messages in conversations they were not a party to...

6.5CVSS6.6AI score0.00976EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/18 8:37 p.m.6 views

CVE-2025-34441

AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations...

7.5CVSS6.6AI score0.00731EPSS
Exploits2References1
EUVD
EUVD
added 2025/12/17 7:48 p.m.4 views

EUVD-2025-203938

AVideo versions prior to 20.0 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations...

6.9CVSS6.2AI score0.00731EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2025/10/17 2:52 p.m.4 views

CVE-2025-53950

An Exposure of Private Personal Information 'Privacy Violation' vulnerability CWE-359 in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS and Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1. through 11.1.2 and 11.0.1 and 10.5.1 and...

6CVSS6.7AI score0.00165EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/16 3:30 p.m.4 views

EUVD-2025-34762

An Exposure of Private Personal Information 'Privacy Violation' vulnerability CWE-359 in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS and Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1. through 11.1.2 and 11.0.1 and 10.5.1 and...

6CVSS6.2AI score0.00165EPSS
Exploits0References2
NVD
NVD
added 2025/10/16 2:15 p.m.7 views

CVE-2025-53950

An Exposure of Private Personal Information 'Privacy Violation' vulnerability CWE-359 in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS and Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1. through 11.1.2 and 11.0.1 and 10.5.1 and...

6CVSS0.00165EPSS
Exploits0References1
OSV
OSV
added 2025/10/16 2:15 p.m.3 views

CVE-2025-53950

An Exposure of Private Personal Information 'Privacy Violation' vulnerability CWE-359 in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS and Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1. through 11.1.2 and 11.0.1 and 10.5.1 and...

6CVSS5.8AI score0.00165EPSS
Exploits0References1
CVE
CVE
added 2025/10/16 2:0 p.m.12 views

CVE-2025-53950

Fortinet FortiDLP Agent’s Outlookproxy plugin for macOS and Windows is affected by CVE-2025-53950. The vulnerability allows an authenticated administrator to collect the current user’s email information across listed FortiDLP Agent versions (MacOS and Windows builds including 11.5.1, 11.4.2–11.4....

6CVSS6.3AI score0.00165EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/16 2:0 p.m.3 views

CVE-2025-53950

An Exposure of Private Personal Information 'Privacy Violation' vulnerability CWE-359 in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS and Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1. through 11.1.2 and 11.0.1 and 10.5.1 and...

5.5CVSS6.3AI score0.00165EPSS
Exploits0References1
OSV
OSV
added 2025/10/13 9:33 p.m.5 views

CVE-2025-62362 Name and e-mail of employee that has done a publication is discoverable in gpp-burgerportaal

gpp-burgerportaal is a Dutch government citizen portal application. In versions before 2.0.3, 3.0.2, and 4.0.1, the name and email address of employees who publish content are exposed in network responses and can be discovered by viewing the browser's developer tools network tab. This information...

6.9CVSS6.3AI score0.00293EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-16894

Malware in sbrugna...

4.3CVSS7AI score0.01167EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-5334

Malware in sbrugna...

5.3CVSS5.7AI score0.01796EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-22147

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.00384EPSS
Exploits0References2
Rows per page
Query Builder