Lucene search
K

145 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-29155

Malicious code in bioql PyPI...

5.7CVSS6.3AI score0.00135EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2025/10/03 11:28 a.m.4 views

CVE-2025-27236

A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to...

6.5CVSS5.3AI score0.0035EPSS
Exploits0
NVD
NVD
added 2025/09/15 6:15 a.m.8 views

CVE-2025-59378

In guix-daemon in GNU Guix before 1618ca7, a content-addressed-mirrors file can be written to create a setuid program that allows a regular user to gain the privileges of the build user that runs it even after the build has ended...

5.7CVSS0.00135EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/09/14 12:0 a.m.7 views

Realistic Environmental Injection Attacks on GUI Agents

GUI agents built on LVLMs are increasingly used to interact with websites. However, their exposure to open-world content makes them vulnerable to Environmental Injection Attacks EIAs that hijack agent behavior via webpage elements. Many recent studies assume the attacker to be a regular user who...

7.4AI score
Exploits0
Fedora
Fedora
added 2025/09/09 1:41 a.m.9 views

[SECURITY] Fedora 41 Update: podman-5.6.1-1.fc41

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

8.1CVSS6.9AI score0.01008EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:3 a.m.8 views

CVE-2019-17296

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Contacts module by a Regular user...

8.8CVSS8AI score0.01163EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:34 a.m.9 views

CVE-2019-17294

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the export function by a Regular user...

8.8CVSS8AI score0.01163EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:19 a.m.7 views

CVE-2019-17295

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the history function by a Regular user...

8.8CVSS8AI score0.01163EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:35 a.m.7 views

CVE-2019-17316

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a Regular user...

8.8CVSS7.3AI score0.01488EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:5 a.m.5 views

CVE-2019-17293

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmseProject module by a Regular user...

8.8CVSS8AI score0.01163EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:9 a.m.7 views

CVE-2019-17312

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the file function by a Regular user...

8.8CVSS7AI score0.01981EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:37 a.m.3 views

CVE-2019-17297

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Quotes module by a Regular user...

8.8CVSS8AI score0.01163EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:42 a.m.8 views

CVE-2019-17319

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Emails module by a Regular user...

8.8CVSS8AI score0.01173EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:36 a.m.10 views

CVE-2019-17311

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the attachment function by a Regular user...

8.8CVSS7AI score0.01981EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:36 a.m.11 views

CVE-2019-17305

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Regular user...

8.8CVSS7.5AI score0.01401EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/05/07 12:0 a.m.4 views

Ensure That Old Passwords Are Verified When Users Change Them

To prevent a third party from maliciously changing the password of another user, the old password must be verified when a user changes the password. According to the common practice in the industry, the old password does not need to be verified when the root user changes its own password. The roo...

7AI score
Exploits0References3
CVE
CVE
added 2025/03/27 12:30 p.m.81 views

CVE-2025-2242

CVE-2025-2242 describes an improper access-control vulnerability in GitLab CE/EE that lets a former instance admin, downgraded to a regular user, retain elevated privileges to groups and projects across GitLab versions 17.4 through 17.8.6, 17.9 through 17.9.3, and 17.10 through 17.10.1. The provi...

8.8CVSS7.3AI score0.00352EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/03/05 12:0 a.m.4 views

Peppermint 访问控制错误漏洞

Peppermint is an open source ticket management system from Peppermint Labs. A security vulnerability exists in Peppermint version 0.4.6 that stems from improper access control that allows a regular user to elevate privileges to administrator...

7.2CVSS6.7AI score0.00373EPSS
Exploits0References3
Fedora
Fedora
added 2025/01/25 2:17 a.m.22 views

[SECURITY] Fedora 41 Update: podman-5.3.2-1.fc41

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

8.6CVSS8.9AI score0.00358EPSS
Exploits0
Information Security Automation
Information Security Automation
added 2024/12/03 5:22 p.m.23 views

About Elevation of Privilege – needrestart (CVE-2024-48990) vulnerability

About Elevation of Privilege - needrestart CVE-2024-48990 vulnerability. On November 19, Qualys released a security bulletin about five privilege escalation vulnerabilities in the needrestart utility CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003 used in Ubuntu...

7.8CVSS7.5AI score0.19924EPSS
Exploits16
Rows per page
Query Builder