Lucene search
K

545 matches found

Snyk
Snyk
added 2026/05/04 9:30 p.m.11 views

Access Control Bypass

Overview rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Access Control Bypass via the API authentication process. An attacker can gain unauthorized access to other users' data and perform actions on their behalf by using any valid ...

8.6CVSS5.8AI score0.00245EPSS
Exploits0References2
NVD
NVD
added 2026/05/04 8:16 p.m.30 views

CVE-2025-67796

IKUS Rdiffweb before 2.10.5 has an improper authorization flaw that allows an attacker with any valid or stolen access token to act as other users. The API does not enforce binding between the authenticated subject and the targeted user/tenant, so crafted requests can read or modify other users...

8.1CVSS0.00245EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/04 12:0 a.m.45 views

CVE-2025-67796

IKUS Rdiffweb before 2.10.5 has an improper authorization flaw that allows an attacker with any valid or stolen access token to act as other users. The API does not enforce binding between the authenticated subject and the targeted user/tenant, so crafted requests can read or modify other users...

0.00245EPSS
Exploits0References2
OSV
OSV
added 2026/05/04 12:0 a.m.2 views

CVE-2025-67796

IKUS Rdiffweb before 2.10.5 has an improper authorization flaw that allows an attacker with any valid or stolen access token to act as other users. The API does not enforce binding between the authenticated subject and the targeted user/tenant, so crafted requests can read or modify other users...

8.1CVSS5.9AI score0.00245EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/04 12:0 a.m.11 views

EUVD-2025-209635

IKUS Rdiffweb before 2.10.5 has an improper authorization flaw that allows an attacker with any valid or stolen access token to act as other users. The API does not enforce binding between the authenticated subject and the targeted user/tenant, so crafted requests can read or modify other users...

5.8AI score0.00245EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.11 views

Rdiffweb 访问控制错误漏洞

Rdiffweb is a web application personally developed by Patrik Dufresne from the United States. It allows for quick access to your files through an efficient web interface. Versions of Rdiffweb prior to 2.10.5 contained a security vulnerability related to access control. This vulnerability stemmed...

8.1CVSS5.8AI score0.00245EPSS
Exploits0References2
CVE
CVE
added 2026/05/04 12:0 a.m.30 views

CVE-2025-67796

IKUS Rdiffweb is affected by an improper authorization vulnerability (CVE-2025-67796) in versions prior to 2.10.6. The API fails to bind the authenticated subject to the targeted user/tenant, allowing a valid or stolen token to read or modify other users’ data and potentially perform privileged a...

8.1CVSS5.8AI score0.00245EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2007-2739

Malware in sbrugna...

5CVSS6.4AI score0.03514EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-0248

Malicious code in bioql PyPI...

8.2CVSS7.9AI score0.00997EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-0250

Malicious code in bioql PyPI...

9.8CVSS4.1AI score0.0075EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-0263

Malicious code in bioql PyPI...

5.3CVSS4.6AI score0.00672EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-0257

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00481EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-0242

Malicious code in bioql PyPI...

7.5CVSS5.6AI score0.00951EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-0266

Malicious code in bioql PyPI...

9.8CVSS6AI score0.00345EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.13 views

EUVD-2022-0228

Malicious code in bioql PyPI...

10CVSS9AI score0.00968EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2022-0251

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00876EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-0267

Malicious code in bioql PyPI...

9.8CVSS4.8AI score0.00317EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2022-0231

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00684EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-0264

Malicious code in bioql PyPI...

6.1CVSS5.7AI score0.00492EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-0259

Malicious code in bioql PyPI...

7.2CVSS6.9AI score0.0113EPSS
Exploits1References6
Rows per page
Query Builder