Lucene search
K

23 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-11860

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.0035EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-11859

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00249EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/04/27 4:9 p.m.19 views

CVE-2025-43862

Dify is an open-source LLM app development platform. Prior to version 0.6.12, a normal user is able to access and modify APP orchestration, even though the web UI of APP orchestration is not presented for a normal user. This access control flaw allows non-admin users to make unauthorized access a...

7.6CVSS7AI score0.00284EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/26 12:2 a.m.8 views

CVE-2025-32796

Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users can enable or disable apps through the API, even though the web UI button for this action is disabled and normal users are not permitted to make such changes...

6.5CVSS6.7AI score0.0035EPSS
Exploits1References1
NVD
NVD
added 2025/04/18 4:15 p.m.14 views

CVE-2025-32795

Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users are improperly granted permissions to edit APP names, descriptions and icons. This access control flaw allows non-admin users to modify app details, despite...

6.5CVSS0.00249EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/04/18 4:6 p.m.16 views

CVE-2025-32796 Dify Allows Unauthorized APP Enable/Disable via API

Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users can enable or disable apps through the API, even though the web UI button for this action is disabled and normal users are not permitted to make such changes...

6.5CVSS6.4AI score0.0035EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2022-31022

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pav...

6.2CVSS5.7AI score0.00332EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2024/05/14 10:51 a.m.11 views

6 Mistakes Organizations Make When Deploying Advanced Authentication

Deploying advanced authentication measures is key to helping organizations address their weakest cybersecurity link: their human users. Having some form of 2-factor authentication in place is a great start, but many organizations may not yet be in that spot or have the needed level of...

7.1AI score
Exploits0
Veracode
Veracode
added 2024/03/05 5:17 a.m.15 views

Access Control Bypass

sulu/sulu is vulnerable to Access Control Bypass. The vulnerability is due to a misconfiguration or flaw in the implementation of role-based access controls, permission checks or security settings, enabling users to bypass intended restrictions, which can leads to a significant security risk...

8.1CVSS6.8AI score0.0045EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2023/05/16 8:15 p.m.16 views

CVE-2023-29927

Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurations, could recover the SQL connectio...

4.3CVSS5AI score0.00402EPSS
Exploits0References1
CVE
CVE
added 2023/05/16 12:0 a.m.45 views

CVE-2023-29927

CVE-2023-29927 affects Sage 300 up to 2022. The issue is that role-based access controls are enforced only on the client side, enabling low-privilege users—especially on workstations in Windows Peer-to-Peer or Client-Server Sage 300 configurations—to recover SQL connection strings and directly in...

4.3CVSS5AI score0.00402EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/06/01 12:0 a.m.4 views

PT-2022-20466 · Bleve +1 · Bleve +1

Name of the Vulnerable Software and Affected Versions: Bleve affected versions not specified Description: The issue concerns the bleve/http package, which is used for demonstration purposes and lacks authentication, authorization, and validation of user inputs. This allows attackers to exploit a...

6.2CVSS5.7AI score0.00332EPSS
Exploits0References19
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/10/19 1:0 p.m.28 views

Simplifying the complex: Introducing Privacy Management for Microsoft 365

The data privacy regulation landscape is more complex than ever. With new laws emerging in countries like China and India, shifts in Europe and the United Kingdom, and currently 26 different laws across the United States, staying ahead of regulations can feel impossible. But this work is...

0.7AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2021/10/19 1:0 p.m.22 views

Simplifying the complex: Introducing Privacy Management for Microsoft 365

The data privacy regulation landscape is more complex than ever. With new laws emerging in countries like China and India, shifts in Europe and the United Kingdom, and currently 26 different laws across the United States, staying ahead of regulations can feel impossible. But this work is...

0.7AI score
Exploits0
NVD
NVD
added 2017/10/19 8:29 a.m.17 views

CVE-2017-12285

A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected software does not perform proper input validatio...

6.4CVSS5.4AI score0.37192EPSS
Exploits0References3
Prion
Prion
added 2017/10/19 8:29 a.m.13 views

Directory traversal

A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected software does not perform proper input validatio...

6.4CVSS5.4AI score0.37192EPSS
Exploits0References3Affected Software1
Cisco
Cisco
added 2017/10/18 4:0 p.m.35 views

Cisco Network Analysis Module Parameter Directory Traversal Arbitrary File Deletion Vulnerability

A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests that i...

6.5CVSS5.3AI score0.37192EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2017/05/29 12:0 a.m.20 views

Cisco Prime Collaboration Provisioning Multiple Directory Traversal Vulnerabilities (May 2017)

cisco prime collaboration provisioning is prone to multiple directory traversal vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

6.5CVSS6.6AI score0.07844EPSS
Exploits0References6
NVD
NVD
added 2017/05/22 1:29 a.m.19 views

CVE-2017-6637

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software prior to Release 11.1 could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation o...

6.5CVSS6.4AI score0.07844EPSS
Exploits0References3
Prion
Prion
added 2017/05/22 1:29 a.m.15 views

Directory traversal

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software prior to Release 11.1 could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation o...

4CVSS6.4AI score0.07844EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder