Lucene search
K

13 matches found

Vulnrichment
Vulnrichment
added 2025/07/17 1:50 p.m.3 views

CVE-2025-53927 MaxKB sandbox bypass

MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed because MaxKB only restricts the execution permissions of files in a specific directory. Therefore, an attacker can use the shutil.copy2 method in Python to copy the command they...

4.6CVSS7.6AI score0.00226EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 7:54 a.m.16 views

CVE-2024-42411

Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0, 9.8.x = 9.8.2 fail to restrict the input in POST /api/v4/users which allows a user to manipulate the creation date in POST /api/v4/users tricking the admin into believing their account is much older...

5.3CVSS5.2AI score0.00291EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/04/02 5:4 p.m.18 views

CVE-2025-30369

Zulip is an open-source team collaboration tool. The API for deleting an organization custom profile field is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any...

2.7CVSS7AI score0.00256EPSS
Exploits0References1
OSV
OSV
added 2024/09/26 2:57 p.m.4 views

CVE-2024-9155 Insufficient Authorization On Unlinked Channel Files

Mattermost versions 9.10.x = 9.10.1, 9.9.x = 9.9.2, 9.5.x = 9.5.8 fail to limit access to channels files that have not been linked to a post which allows an attacker to view them in channels that they are a member of...

4.3CVSS5.9AI score0.00259EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/08/21 12:0 a.m.10 views

PT-2024-29932 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.8.x through 9.8.2 Mattermost versions 9.9.x through 9.9.1 Mattermost versions 9.5.x through 9.5.7 Mattermost versions 9.10.x through 9.10.0 Description: The issue arises from the failure to restrict input in the POST...

5.3CVSS6.8AI score0.00291EPSS
Exploits0References6
CNVD
CNVD
added 2020/06/30 12:0 a.m.11 views

Unspecified Vulnerability in ASRock RGB Driver

ASRock RGB Driver is a RGB three primary colors light mode light driver from ASRock Taiwan, China. A security vulnerability exists in the AsrDrv103.sys file in ASRock RGB Driver, which originates from the program's failure to properly restrict access from user space. No details of the vulnerabili...

5.5CVSS6.7AI score0.01349EPSS
Exploits1References1
OSV
OSV
added 2017/04/20 6:59 p.m.3 views

CVE-2016-1220

Cybozu Garoon before 4.2.2 does not properly restrict access...

4.3CVSS5.8AI score
Exploits0References4
Cvelist
Cvelist
added 2017/04/14 6:0 p.m.22 views

CVE-2016-4889

ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to restrict access to unknown functions...

8.7AI score0.02683EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/11/11 5:50 a.m.6 views

CG-WLR300NX fails to restrict access permissions

Overview CG-WLR300NX provided by Corega Inc is a wireless LAN router. CG-WLR300NX fails to restrict access permissions. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

8.8CVSS6.6AI score0.00889EPSS
Exploits0References5
OSV
OSV
added 2016/09/25 8:59 p.m.3 views

UBUNTU-CVE-2016-5173

The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect...

7.1CVSS7.2AI score0.0102EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2015/03/25 12:0 a.m.59 views

ManageEngine Desktop Central Remote Security Bypass (Intrusive Check)

The version of ManageEngine Desktop Central running on the remote host is affected by a remote security bypass vulnerability, due to a failure to restrict access to 'DCPluginServelet'. This allows an unauthenticated, remote attacker to create an account with full administrative privileges within...

9.8CVSS8.6AI score0.81048EPSS
Exploits8References2
Debian CVE
Debian CVE
added 2004/11/19 5:0 a.m.42 views

CVE-2004-0749

The modauthzsvn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via 1 svn log -v, 2 svn propget, or 3 svn blame, and other commands that follow renames...

5CVSS5.4AI score0.01457EPSS
Exploits0
CVE
CVE
added 2001/10/12 4:0 a.m.52 views

CVE-2001-0535

The CVE-2001-0535 issue affects ColdFusion Server 4.x Exampleapps, where access checks do not correctly limit requests from outside the local host domain. This enables remote attackers to spoof the HTTP Host (CGI.Host) to the Web Publish and Email example scripts, allowing upload, read, or execut...

7.5CVSS6.7AI score0.01958EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder