Lucene search
K

39 matches found

Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.17 views

PT-2026-49885

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Web Server Plugin. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Acces...

7.3CVSS5.1AI score0.00307EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/05 4:28 p.m.15 views

praisonai-platform: Agent endpoints accept any agent_id without workspace ownership check, cross-workspace read/update/delete IDOR

Summary Type: Insecure Direct Object Reference. The agent CRUD endpoints GET / PATCH / DELETE /workspaces/workspaceid/agents/agentid gate access on requireworkspacememberworkspaceid only, then resolve agentid through AgentService.getagentid which is a primary-key lookup with no workspace...

5.5AI score0.00043EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.11 views

PT-2026-45487

Summary Type: Insecure Direct Object Reference. The issue CRUD endpoints GET / PATCH / DELETE /workspaces/workspace id/issues/issue id gate access on require workspace memberworkspace id only, then resolve issue id through IssueService.getissue id which is a primary-key lookup with no workspace...

8.3CVSS5.8AI score0.00043EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/06 12:30 p.m.8 views

EUVD-2026-27639

In the Linux kernel, the following vulnerability has been resolved: srcu: Use irqwork to start GP in tiny SRCU Tiny SRCU's srcugpstartifneeded directly calls schedulework, which acquires the workqueue pool-lock. This causes a lockdep splat when callsrcu is called with a scheduler lock held, due t...

5.8AI score0.001EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/08 6:32 p.m.5 views

EUVD-2026-5776

A security flaw has been discovered in code-projects Contact Management System 1.0. This affects an unknown part of the component CRUD Endpoint. The manipulation of the argument ID results in improper authentication. The attack may be launched remotely...

9.8CVSS5.1AI score0.00563EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/08 12:0 a.m.10 views

PT-2026-7006

Name of the Vulnerable Software and Affected Versions code-projects Contact Management System version 1.0 Description A security flaw exists in the Contact Management System. The issue involves improper authentication due to manipulation of the ID argument within the CRUD Endpoint component. This...

7.5CVSS5.5AI score0.00563EPSS
Exploits0References6
CNVD
CNVD
added 2025/11/14 12:0 a.m.3 views

Unspecified Vulnerability in Rockwell Automation Verve Asset Manager

Rockwell Automation Verve Asset Manager is a vendor-neutral OT endpoint management platform from Rockwell Automation USA. A security vulnerability exists in Rockwell Automation Verve Asset Manager that can be exploited by an attacker to read, update, and delete users via the API...

8.4CVSS5.9AI score0.00311EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/11 3:31 p.m.5 views

EUVD-2025-84345

A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users to read, update, and delete users via the API...

8.4CVSS6.2AI score0.00311EPSS
Exploits0References2
CVE
CVE
added 2025/11/11 1:43 p.m.11 views

CVE-2025-11862

CVE-2025-11862 : Verve Asset Manager has an access-control vulnerability enabling unauthorized read-only users to read, update, and delete users via the API. Affects the Verve Asset Manager API endpoints (and is described as a user data manipulation issue with API exposure). The CVSS 4.0 base sco...

8.4CVSS6.3AI score0.00311EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.7 views

PT-2025-46340

Name of the Vulnerable Software and Affected Versions Verve Asset Manager affected versions not specified Description A security issue exists in Verve Asset Manager that allows unauthorized read-only users to perform actions beyond their intended permissions. Specifically, these users can read,...

8.4CVSS6AI score0.00311EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/11/05 12:0 a.m.6 views

WordPress plugin Document Embedder – Embed PDFs Word Excel and Other Files 安全漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin Document Embedder -...

8.6CVSS6.9AI score0.00299EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.8 views

PT-2025-43938

Name of the Vulnerable Software and Affected Versions DRED virtual campus platform affected versions not specified Description A SQL injection issue exists in the DRED virtual campus platform. An attacker can retrieve, create, update, and delete data from the database. This is achieved by sending...

9.3CVSS7.3AI score0.00276EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/10/22 8:18 p.m.3 views

CVE-2025-53041

Vulnerability in the Oracle iStore product of Oracle E-Business Suite component: Shopping Cart. Supported versions that are affected are 12.2.5-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks...

6.1CVSS5.5AI score0.00213EPSS
Exploits0References1
OSV
OSV
added 2025/10/21 8:20 p.m.6 views

CVE-2025-53041

Vulnerability in the Oracle iStore product of Oracle E-Business Suite component: Shopping Cart. Supported versions that are affected are 12.2.5-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks...

6.1CVSS5.8AI score
Exploits0References1
Amazon
Amazon
added 2025/05/29 12:0 a.m.12 views

Medium: libxml2

Issue Overview: In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters...

7.5CVSS6.9AI score0.00559EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/23 6:6 a.m.6 views

CVE-2023-21924

Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications component: Core. Supported versions that are affected are Prior to 6.3.1.3 and Prior to 7.0.0.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to...

5.9CVSS5.4AI score0.00387EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/07 12:0 a.m.11 views

PT-2025-15132 · Unknown · Openharmony

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 5.0.2 Description: The issue allows a local attacker to cause a denial of service DOS through an out-of-bounds read. Recommendations: For versions prior to 5.0.2, update to a version that contains a fix for this...

3.3CVSS6.1AI score0.00137EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/10/27 12:0 a.m.2 views

PT-2024-34358

Name of the Vulnerable Software and Affected Versions: libsndfile versions prior to 1.2.3 Description: The issue is related to an out-of-bounds read in the ogg vorbis.c component of the libsndfile library, specifically in the vorbis analysis wrote function. This could potentially allow an attacke...

7.1CVSS7.7AI score0.01754EPSS
Exploits2References58
OSV
OSV
added 2024/05/01 6:15 a.m.1 views

DEBIAN-CVE-2024-27017

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: walk over current view on netlink dump The generation mask can be updated while netlink dump is in progress. The pipapo set backend walk iterator cannot rely on it to infer what view of the datastructure ...

5.5CVSS5.7AI score0.00277EPSS
Exploits0References1
OSV
OSV
added 2024/05/01 6:15 a.m.7 views

UBUNTU-CVE-2024-27017

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: walk over current view on netlink dump The generation mask can be updated while netlink dump is in progress. The pipapo set backend walk iterator cannot rely on it to infer what view of the datastructure ...

5.5CVSS6.2AI score0.00277EPSS
Exploits0References15
Rows per page
Query Builder