Lucene search
K

22 matches found

OSV
OSV
added 2026/05/29 10:6 p.m.7 views

GHSA-X628-457G-2PW9 Admidio has IDOR in `documents-files.php` `mode=move_save` that lets any folder-uploader exfiltrate files from private folders

Summary modules/documents-files.php gates state-changing modes by checking that the actor has hasUploadRight on the URL parameter folderuuid. The movesave handler then operates on a separate URL parameter fileuuid and calls File::moveToFolder$destFolderUUID. File::moveToFolder checks the upload...

8.1CVSS5.7AI score0.00032EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.10 views

PT-2026-45040

Summary modules/documents-files.php mode file rename save shares the same root-cause shape as the cross-folder move bug 05-documents-cross-folder-move-idor.md: the top-level rights check at lines 79-89 validates hasUploadRight on the URL parameter folder uuid, but the rename operation acts on fil...

6.5CVSS5.8AI score0.00029EPSS
Exploits0References3
OSV
OSV
added 2025/10/24 10:10 a.m.3 views

SUSE-SU-2025:20919-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_11

This update for kernel-livepatch-MICRO-6-0-RTUpdate11 fixes the following issues: - CVE-2025-38566: sunrpc: fix handling of server side tls alerts bsc1248376 - CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns bsc1248673 - CVE-2025-38678: netfilter:...

7.5CVSS5.8AI score0.00528EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-17689

Malware in sbrugna...

7.5CVSS7.5AI score0.01407EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2023-39923

Malicious code in bioql PyPI...

8.1CVSS7.9AI score0.00477EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-38209

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00472EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-38210

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00472EPSS
Exploits0References2
NVD
NVD
added 2025/04/30 3:16 p.m.19 views

CVE-2025-32971

XWiki is a generic wiki platform. In versions starting from 4.5.1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the Solr script service doesn't take dropped programming rights into account. The Solr script service that is accessible in XWiki's...

3.8CVSS0.00334EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/02/05 11:6 a.m.11 views

CVE-2024-21648

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The rollback action is missing a right protection, a user can rollback to a previous version of the page to gain rights they don't have anymore. The problem has been patched in XWiki 14.10.17,...

8.8CVSS6.8AI score0.00512EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/30 12:0 a.m.8 views

PT-2024-34392 · Teampass · Teampass

Name of the Vulnerable Software and Affected Versions: TeamPass versions prior to 3.1.3.1 Description: The issue arises when retrieving information about access rights for a folder. TeamPass does not properly check whether a folder is in a user's allowed folders list that has been defined by an...

4.3CVSS6.8AI score0.00322EPSS
Exploits0References11
CVE
CVE
added 2024/12/30 12:0 a.m.77 views

CVE-2024-50701

Summary : CVE-2024-50701 affects TeamPass prior to 3.1.3.1. The vulnerability arises when retrieving folder access rights, where the system does not properly verify whether a folder belongs to the user’s admin-defined allowed folders list. Affected software : nilsteampassnet/teampass (TeamPass) p...

4.3CVSS6.7AI score0.00322EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/07/05 9:15 p.m.1 views

UBUNTU-CVE-2023-35940

GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Version 10.0.8 contains a patch for this issue...

7.5CVSS5.8AI score0.00551EPSS
Exploits0References3
Prion
Prion
added 2023/07/05 8:15 p.m.25 views

Design/Logic Flaw

GLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user, allows access to the view all KnowbaseItems. Version 10.0.8 has a patch for this issue...

4CVSS6.4AI score0.00472EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/07/05 8:15 p.m.2 views

UBUNTU-CVE-2023-34107

GLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user, allows access to the view all KnowbaseItems. Version 10.0.8 has a patch for this issue...

6.5CVSS6.6AI score0.00472EPSS
Exploits0References3
OSV
OSV
added 2023/07/05 7:15 p.m.17 views

CVE-2023-34107 GLPI vulnerable to unauthorized access to KnowbaseItem data

GLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user, allows access to the view all KnowbaseItems. Version 10.0.8 has a patch for this issue...

6.5CVSS6.3AI score0.00472EPSS
Exploits0References4
Prion
Prion
added 2023/07/05 6:15 p.m.19 views

Design/Logic Flaw

GLPI is a free asset and IT management software package. Versions of the software starting with 0.68 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user. This allows access to the list of all users and their personal information. Users should...

4CVSS6.5AI score0.00472EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/07/05 6:15 p.m.2 views

UBUNTU-CVE-2023-34106

GLPI is a free asset and IT management software package. Versions of the software starting with 0.68 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user. This allows access to the list of all users and their personal information. Users should...

6.5CVSS6.6AI score0.00472EPSS
Exploits0References3
OSV
OSV
added 2023/07/05 5:48 p.m.23 views

CVE-2023-34106 GLPI vulnerable to unauthorized access to User data

GLPI is a free asset and IT management software package. Versions of the software starting with 0.68 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user. This allows access to the list of all users and their personal information. Users should...

6.5CVSS6.3AI score0.00472EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/07/05 12:0 a.m.5 views

PT-2023-24678 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions 9.2.0 through 10.0.7 Description: The issue is related to an incorrect rights check on a file accessible by an authenticated user, allowing access to view all KnowbaseItems. Recommendations: For versions 9.2.0 through 10.0.7,...

10CVSS6.8AI score0.99628EPSS
Exploits27References157
Positive Technologies
Positive Technologies
added 2023/05/07 12:0 a.m.3 views

PT-2023-3797 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions 9.5.0 through 10.0.7 Description: The issue is related to an incorrect rights check on a file in GLPI, a free asset and IT management software package. This allows an unauthenticated user to access dashboards data. The problem i...

10CVSS7.1AI score0.99628EPSS
Exploits27References157
Rows per page
Query Builder