Lucene search
K

145 matches found

Fedora
Fedora
added 2024/10/13 12:42 a.m.22 views

[SECURITY] Fedora 41 Update: podman-5.2.4-1.fc41

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

8.2CVSS7.2AI score0.00969EPSS
Exploits0
CVE
CVE
added 2024/10/01 2:36 p.m.58 views

CVE-2024-25632

CVE-2024-25632 affects eLabFTW. A regular user can become an administrator of a team where they are a member under a reasonable configuration, and in versions after v5.0.0 an initially unauthenticated user may gain administrative privileges over an arbitrary team. The vulnerability does not grant...

8.8CVSS8.7AI score0.00396EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/10/01 2:36 p.m.5 views

CVE-2024-25632 Unauthorised granting of administrator privileges over arbitrary teams under certain circumstances

eLabFTW is an open source electronic lab notebook for research labs. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A user may be an administrator in one team and a regular user in another. The...

8.6CVSS6.8AI score0.00396EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/06 12:0 a.m.6 views

PT-2024-24540 · Hsc Cybersecurity · Hc Mailinspector

Name of the Vulnerable Software and Affected Versions: HSC Cybersecurity HC Mailinspector versions 5.2.17-3 through 5.2.18 Description: The issue allows a regular user account to escalate their privileges and gain administrative access by changing the type parameter from 1 to 0. Recommendations:...

7.5CVSS7.7AI score0.00701EPSS
Exploits1References7
CNVD
CNVD
added 2024/04/11 12:0 a.m.18 views

Apache Zeppelin Cross-Site Scripting Vulnerability (CNVD-2024-17939)

Apache Zeppelin is a Web-based open source laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin suffers from a cross-site scripting vulnerability that stems from improper coding or escaping, which can be...

6.1CVSS6.1AI score0.0131EPSS
Exploits0References1
Fedora
Fedora
added 2024/04/03 1:16 a.m.39 views

[SECURITY] Fedora 39 Update: podman-4.9.4-1.fc39

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

8.6CVSS9.1AI score0.0049EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/03/27 9:52 p.m.18 views

CVE-2024-0071 CVE

NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds write. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, a...

7.8CVSS7.2AI score0.00381EPSS
Exploits0References1
OSV
OSV
added 2024/02/15 3:15 a.m.2 views

CVE-2024-26262

EBM Technologies Uniweb/SoliPACS WebServer's query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even...

8.8CVSS5.9AI score0.00771EPSS
Exploits0References1
OSV
OSV
added 2024/01/03 2:15 a.m.3 views

CVE-2023-41776

There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges...

7.8CVSS5.8AI score0.00161EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/01/03 12:0 a.m.3 views

PT-2024-40239 · Teleport · Teleport

Name of the Vulnerable Software and Affected Versions: Teleport versions prior to 12.4.31 Teleport versions prior to 13.4.13 Teleport versions prior to 14.2.4 Description: An attacker with access to nodes within the cluster may be able to SFTP to the Proxy Service. The user's permissions on the...

7AI score
Exploits0References5
OSV
OSV
added 2023/12/15 10:15 a.m.4 views

CVE-2023-48393

Kaifa Technology WebITR is an online attendance system. A remote attacker with regular user privilege can obtain partial sensitive system information from error message...

4.3CVSS5.8AI score0.0057EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/12/15 12:0 a.m.6 views

PT-2023-30815 · Kaifa Technology · Webitr

Name of the Vulnerable Software and Affected Versions: Kaifa Technology WebITR affected versions not specified Description: The file uploading function in Kaifa Technology WebITR does not restrict the upload of files with dangerous types. A remote attacker with regular user privileges can exploit...

8.8CVSS8.9AI score0.00886EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/11/03 4:11 a.m.25 views

CVE-2023-41343 Ragic No-Code Database Builder - Stored XSS

Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS Stored Cross-Site Scripting attack...

5.4CVSS5.5AI score0.00345EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/10/27 4:15 a.m.7 views

CVE-2023-46815

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with...

8.8CVSS7.2AI score0.00553EPSS
Exploits0References2
NVD
NVD
added 2023/10/27 4:15 a.m.20 views

CVE-2023-46815

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with...

8.8CVSS8.7AI score0.00553EPSS
Exploits0References1
OSV
OSV
added 2023/10/27 4:15 a.m.5 views

CVE-2023-46816

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. A Server Site Template Injection SSTI vulnerability has been identified in the GecControl action. By using a crafted request, custom PHP code can be injected via the GetControl action because of missing input validation. A...

8.8CVSS5.7AI score0.00597EPSS
Exploits0References1
OSV
OSV
added 2023/10/27 4:15 a.m.5 views

CVE-2023-46815

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with...

8.8CVSS5.7AI score0.00553EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/10/27 4:15 a.m.8 views

CVE-2023-46816

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. A Server Site Template Injection SSTI vulnerability has been identified in the GecControl action. By using a crafted request, custom PHP code can be injected via the GetControl action because of missing input validation. A...

8.8CVSS7.2AI score0.00597EPSS
Exploits0References2
Prion
Prion
added 2023/10/27 4:15 a.m.23 views

Unrestricted file upload

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with...

6.5CVSS8.6AI score0.00553EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/27 12:0 a.m.37 views

CVE-2023-46815

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with...

8.8AI score0.00553EPSS
Exploits0References1
Rows per page
Query Builder