Lucene search
+L

69 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.12 views

EUVD-2017-11793

Malware in sbrugna...

4.9CVSS5AI score0.01472EPSS
Exploits0References5
OSV
OSV
added 2025/09/02 8:15 p.m.5 views

CVE-2025-6685

ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The...

8.8CVSS5.9AI score0.00654EPSS
Exploits0References2
CVE
CVE
added 2025/09/02 7:48 p.m.17 views

CVE-2025-6685

ATEN eco DC contains a missing authorization flaw in its web-based interface that can enable privilege escalation. The issue arises from not validating the assigned user role when handling requests, allowing an attacker with network access to escalate privileges to restricted resources; authentic...

8.8CVSS6.6AI score0.00654EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/09/02 7:48 p.m.10 views

CVE-2025-6685 ATEN eco DC Missing Authorization Privilege Escalation Vulnerability

ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The...

8.8CVSS0.00654EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2025/07/24 12:0 a.m.4 views

ATEN eco DC Missing Authorization Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The issue results from the lack of validating the assigned user role when...

8.8CVSS7.2AI score0.00654EPSS
Exploits0References1
OSV
OSV
added 2025/04/24 12:15 a.m.13 views

CVE-2025-27581

NIH BRICS aka Biomedical Research Informatics Computing System through 14.0.0-67 allows users who lack the InET role to access the InET module via direct requests to known endpoints...

4.3CVSS5.8AI score0.00332EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/10/23 12:0 a.m.5 views

PT-2024-7464 · Cisco · Cisco Secure Firewall Management Center

Name of the Vulnerable Software and Affected Versions: Cisco Secure Firewall Management Center FMC Software affected versions not specified Description: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remo...

6.8CVSS6.9AI score0.00479EPSS
Exploits0References6
CNVD
CNVD
added 2024/06/13 12:0 a.m.2 views

Lunary Access Control Error Vulnerability

lunary is a production toolkit for LLM. An access control error vulnerability exists in lunary that stems from insufficient validation of roles and permissions on the backend. An attacker could exploit this vulnerability to cause information disclosure...

5.4CVSS5.1AI score0.00298EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.6 views

Lunary 访问控制错误漏洞

lunary is a production toolkit for LLM. An access control error vulnerability exists in lunary that stems from insufficient validation of roles and permissions on the backend. An attacker could exploit this vulnerability to cause information disclosure...

5.4CVSS6.5AI score0.00298EPSS
Exploits1References3
OSV
OSV
added 2024/06/05 3:10 p.m.29 views

GO-2024-2794 Mattermost fails to fully validate role changes in github.com/mattermost/mattermost-server

Mattermost fails to fully validate role changes in github.com/mattermost/mattermost-server...

2.7CVSS3.4AI score0.00502EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2024/04/26 12:11 p.m.23 views

CVE-2024-4195

A flaw was found in Mattermost, where it failed to fully validate role changes. This flaw allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests...

2.7CVSS6.8AI score0.00502EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/04/26 11:47 a.m.37 views

CVE-2024-4198

A flaw was found in Mattermost, where it failed to fully validate role changes. This flaw allows an attacker authenticated as team admin to demote users to guests via crafted HTTP requests...

2.7CVSS3.7AI score0.00502EPSS
Exploits0References4
OSV
OSV
added 2024/04/26 9:30 a.m.45 views

GHSA-5FH7-7MW7-MMX5 Mattermost allows team admins to promote guests to team admins

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests...

2.7CVSS3.3AI score0.00502EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/04/26 9:30 a.m.23 views

Mattermost allows team admins to promote guests to team admins

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests...

2.7CVSS6.6AI score0.00502EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2024/04/26 9:15 a.m.24 views

CVE-2024-4198

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests...

2.7CVSS3.5AI score0.00502EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/26 8:26 a.m.33 views

CVE-2024-4198

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests...

2.7CVSS3.9AI score0.00502EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/26 8:26 a.m.11 views

CVE-2024-4198

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests...

2.7CVSS6.6AI score0.00502EPSS
Exploits0References1
OSV
OSV
added 2024/04/26 8:26 a.m.7 views

CVE-2024-4198

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests...

2.7CVSS6.5AI score0.00502EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/04/26 8:26 a.m.27 views

CVE-2024-4195

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests...

2.7CVSS3.9AI score0.00502EPSS
Exploits0References1
OSV
OSV
added 2024/04/26 8:26 a.m.6 views

CVE-2024-4195

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests...

2.7CVSS6.5AI score0.00502EPSS
Exploits0References3
Rows per page
Query Builder