21 matches found
EUVD-2025-11859
Malicious code in bioql PyPI...
EUVD-2025-11860
Malicious code in bioql PyPI...
CVE-2025-32796
Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users can enable or disable apps through the API, even though the web UI button for this action is disabled and normal users are not permitted to make such changes...
CVE-2025-32795
Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users are improperly granted permissions to edit APP names, descriptions and icons. This access control flaw allows non-admin users to modify app details, despite...
CVE-2025-32796 Dify Allows Unauthorized APP Enable/Disable via API
Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users can enable or disable apps through the API, even though the web UI button for this action is disabled and normal users are not permitted to make such changes...
6 Mistakes Organizations Make When Deploying Advanced Authentication
Deploying advanced authentication measures is key to helping organizations address their weakest cybersecurity link: their human users. Having some form of 2-factor authentication in place is a great start, but many organizations may not yet be in that spot or have the needed level of...
Access Control Bypass
sulu/sulu is vulnerable to Access Control Bypass. The vulnerability is due to a misconfiguration or flaw in the implementation of role-based access controls, permission checks or security settings, enabling users to bypass intended restrictions, which can leads to a significant security risk...
CVE-2023-29927
Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurations, could recover the SQL connectio...
CVE-2023-29927
CVE-2023-29927 affects Sage 300 up to 2022. The issue is that role-based access controls are enforced only on the client side, enabling low-privilege users—especially on workstations in Windows Peer-to-Peer or Client-Server Sage 300 configurations—to recover SQL connection strings and directly in...
PT-2022-20466 · Bleve +1 · Bleve +1
Name of the Vulnerable Software and Affected Versions: Bleve affected versions not specified Description: The issue concerns the bleve/http package, which is used for demonstration purposes and lacks authentication, authorization, and validation of user inputs. This allows attackers to exploit a...
Simplifying the complex: Introducing Privacy Management for Microsoft 365
The data privacy regulation landscape is more complex than ever. With new laws emerging in countries like China and India, shifts in Europe and the United Kingdom, and currently 26 different laws across the United States, staying ahead of regulations can feel impossible. But this work is...
Simplifying the complex: Introducing Privacy Management for Microsoft 365
The data privacy regulation landscape is more complex than ever. With new laws emerging in countries like China and India, shifts in Europe and the United Kingdom, and currently 26 different laws across the United States, staying ahead of regulations can feel impossible. But this work is...
Directory traversal
A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected software does not perform proper input validatio...
CVE-2017-12285
A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected software does not perform proper input validatio...
Cisco Network Analysis Module Parameter Directory Traversal Arbitrary File Deletion Vulnerability
A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system. The vulnerability exists because the affected software does not perform proper input validation of HTTP requests that i...
Cisco Prime Collaboration Provisioning Multiple Directory Traversal Vulnerabilities (May 2017)
cisco prime collaboration provisioning is prone to multiple directory traversal vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...
Directory traversal
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software prior to Release 11.1 could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation o...
CVE-2017-6636
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software prior to Release 11.1 could allow an authenticated, remote attacker to view any file on an affected system. The vulnerability exists because the affected software does not perform proper input validation of HT...
CVE-2017-6637
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software prior to Release 11.1 could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation o...
CVE-2017-6637
A vulnerability in the web interface of Cisco Prime Collaboration Provisioning Software prior to Release 11.1 could allow an authenticated, remote attacker to delete any file from an affected system. The vulnerability exists because the affected software does not perform proper input validation o...