Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.8 views

CVE-2026-5171

Improper access control in the entry activity log feature in Devolutions Server allows an authenticated user with access to an entry but without the required permission to retrieve that entry's activity logs via a crafted API request. This issue affects : Devolutions Server 2026.1.6.0 through...

4.3CVSS5.5AI score0.00162EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/26 9:31 p.m.10 views

Grafana OSS: Authorization bypass allows users with Editor role to modify protected webhook URLs without permissions

A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission. A patched version is available at...

5.4CVSS5.7AI score0.00238EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/09/14 1:15 p.m.4 views

CVE-2025-10204

A vulnerability has been discovered in AC Smart II where passwords can be changed without authorization. This page contains a hidden form for resetting the administrator password. The attacker can manipulate the page using developer tools to display and use the form. This form allows you to chang...

7.1CVSS0.00451EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.5 views

PT-2025-36941

Name of the Vulnerable Software and Affected Versions: pfSense CE affected versions not specified Description: The start-day parameter in /usr/local/www/status traffic totals.php does not undergo proper validation to ensure it is a numeric value or sanitized of HTML-related characters before bein...

5.1CVSS5.2AI score0.09815EPSS
Exploits0References4
Snyk
Snyk
added 2025/07/09 6:30 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Applitools URL field on the build page. An attacker can execute arbitrary JavaScript code in the context of other users by injecting malicious input into this field. This is only exploitable if the...

5.4CVSS5.4AI score0.00243EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/14 12:35 p.m.12 views

CVE-2023-36542

Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission fo...

8.8CVSS7.1AI score0.0163EPSS
Exploits0References6
VulnCheck KEV
VulnCheck KEV
added 2024/09/18 12:0 a.m.2 views

VulnCheck KEV: CVE-2023-36542

Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission...

8.8CVSS5.9AI score0.0163EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/07/29 9:30 a.m.24 views

Apache NiFi Code Injection vulnerability

Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission fo...

8.8CVSS8.7AI score0.0163EPSS
Exploits0References8Affected Software8
Prion
Prion
added 2023/07/29 8:15 a.m.20 views

Design/Logic Flaw

Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission fo...

6.5CVSS8.8AI score0.0163EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder