Lucene search
K

8 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-39386

Malicious code in bioql PyPI...

4.3CVSS4.9AI score0.00279EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/05 12:4 p.m.9 views

CVE-2025-27454

The application is vulnerable to cross-site request forgery. An attacker can trick a valid, logged in user into submitting a web request that they did not intend. The request uses the victim's browser's saved authorization to execute the request...

4.3CVSS6.5AI score0.00179EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:25 a.m.9 views

CVE-2024-42000

Mattermost versions 9.10.x = 9.10.2, 9.11.x = 9.11.1, 9.5.x = 9.5.9 and 10.0.x = 10.0.0 fail to properly authorize the requests to /api/v4/channels which allows a User or System Manager, with "Read Groups" permission but with no access for channels to retrieve details about private channels that...

4.3CVSS4.6AI score0.00279EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2022/08/03 3:21 p.m.4 views

CVE-2022-35865

This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It! 20.21.2.109. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of...

7.3CVSS7.6AI score0.01443EPSS
Exploits0References2
Pen Test Partners Blog
Pen Test Partners Blog
added 2020/08/26 6:46 a.m.32 views

A Vulnerability Disclosure Program is not just a page on a web site

It’s great to see an increasing number of organisations starting down the path of a Vulnerability Disclosure Program or ‘VDP,’ but it increasingly strikes me that these are ‘check box’ exercises rather than a genuine desire to interact positively with researchers and improve security. A VDP is a...

6.5AI score
Exploits0
OSV
OSV
added 2019/03/15 5:29 p.m.4 views

CVE-2019-9831

The AirMore application through 1.6.1 for Android allows remote attackers to cause a denial of service system hang via many simultaneous /?Key=PhoneRequestAuthorization requests...

7.5CVSS7.2AI score0.0901EPSS
Exploits1References2
OSV
OSV
added 2019/03/06 6:29 p.m.3 views

CVE-2019-9601

The ApowerManager application through 3.1.7 for Android allows remote attackers to cause a denial of service via many simultaneous /?Key=PhoneRequestAuthorization requests...

7.5CVSS7.2AI score
Exploits0References2
CNVD
CNVD
added 2018/05/10 12:0 a.m.4 views

Multiple Schneider Electric Products CGI Request Authorization Bypass Vulnerability

Schneider Electric Modicon M340, etc. are programmable logic controller products of Schneider Electric France. A security vulnerability exists in several Schneider Electric products. A remote attacker could exploit the vulnerability by sending a specially crafted request to execute arbitrary code...

9.8CVSS7.5AI score0.01497EPSS
Exploits0References1
Rows per page
Query Builder