Lucene search
K

289 matches found

RedhatCVE
RedhatCVE
added 2025/11/06 9:50 p.m.7 views

CVE-2024-12125

A flaw was found in the 3scale Developer Portal. When creating or updating an account in the Developer Portal UI it is possible to modify fields explicitly configured as read-only or hidden, allowing an attacker to modify restricted information. Mitigation Red Hat has investigated whether a...

7.5CVSS6.4AI score0.00243EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/06 12:0 a.m.6 views

PT-2025-45387

Name of the Vulnerable Software and Affected Versions 3scale Developer Portal affected versions not specified Description A flaw exists in the 3scale developer portal that could allow account creation or updates through hidden or read-only fields. This allows an attacker to potentially access or...

7.5CVSS6.1AI score0.00243EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/22 6:30 p.m.6 views

EUVD-2025-35599

Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to subscribe to an item/object without having the expected permission level...

5.3CVSS6.2AI score0.0016EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/16 5:11 p.m.10 views

CVE-2025-61907 Icinga 2 API users could access restricted values in filter expressions

Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information tha...

7.1CVSS0.00365EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/16 6:33 a.m.35 views

CVE-2025-31702

A vulnerability exists in certain Dahua embedded products. Third-party malicious attacker with obtained normal user credentials could exploit the vulnerability to access certain data which are restricted to admin privileges, such as system-sensitive files through specific HTTP request. This may...

6.8CVSS6.8AI score0.00275EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/10/15 5:53 a.m.10 views

CVE-2025-31702

A vulnerability exists in certain Dahua embedded products. Third-party malicious attacker with obtained normal user credentials could exploit the vulnerability to access certain data which are restricted to admin privileges, such as system-sensitive files through specific HTTP request. This may...

6.8CVSS6.5AI score0.00275EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-27461

Malware in sbrugna...

6.5CVSS6.9AI score0.0102EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-1091

Malware in sbrugna...

5.3CVSS5.5AI score0.0136EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2002-0566

Malware in sbrugna...

7.5CVSS6.4AI score0.0303EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2020-27418

Malware in sbrugna...

8.1CVSS5.9AI score0.00675EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-41310

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.0127EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-41640

Malicious code in bioql PyPI...

7.1CVSS6.6AI score0.00397EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-34950

Malicious code in bioql PyPI...

6.2CVSS6.6AI score0.00129EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.13 views

EUVD-2025-32066

Malicious code in bioql PyPI...

4.3CVSS6.5AI score0.00237EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-28218

Malicious code in bioql PyPI...

8.2CVSS6.3AI score0.00262EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-24092

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00391EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/11 12:0 a.m.5 views

JEPaaS 访问控制错误漏洞

JEPaaS is a low-code rapid development platform for building enterprise-class applications. A security vulnerability exists in JEPaaS 7.2.8, which stems from the doFilterInternal function of the Filter Handler component not properly enforcing access control. The vulnerability can be exploited by ...

6.5CVSS6.9AI score0.00305EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/08/22 5:29 a.m.15 views

CVE-2025-54551

Synapse Mobility 8.0, 8.0.1, 8.0.2, 8.1, and 8.1.1 contain a privilege escalation vulnerability through external control of Web parameter. If exploited, a user of the product may escalate the privilege and access data that the user do not have permission to view by altering the parameters of the...

5.3CVSS7.7AI score0.0023EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.10 views

PT-2025-34074 · Frappé Technologies · Frappe

Name of the Vulnerable Software and Affected Versions: Frappe versions prior to 15.74.2 Frappe versions prior to 14.96.15 Description: Frappe is a full-stack web application framework. A carefully crafted request could extract data that the user would normally not have access to via SQL injection...

8.8CVSS6.9AI score0.00334EPSS
Exploits0References6
CNVD
CNVD
added 2025/08/20 12:0 a.m.6 views

D-Link DIR-818L Injection Vulnerability

The D-Link DIR-818L is a WiFi router from the Chinese company AUO D-Link. The D-Link DIR-818L suffers from an injection vulnerability that originates from a misbehavior in the file /htdocs/cgibin, which can be exploited by an attacker to bypass authentication and access restricted data by injecti...

8.8CVSS8.1AI score0.18145EPSS
Exploits1References1
Rows per page
Query Builder