Lucene search
K

3169 matches found

Vulnrichment
Vulnrichment
added 2024/06/03 1:59 p.m.11 views

CVE-2024-0336 Improper Access Control in EMTA Grups PDKS

Missing Authentication for Critical Function vulnerability in EMTA Grup PDKS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDKS: from V3.04 before 20240603. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

9.4CVSS5.8AI score0.00382EPSS
Exploits0References2
NVD
NVD
added 2024/05/17 9:15 a.m.12 views

CVE-2024-31281

Missing Authorization vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 4.1.6...

6.3CVSS6.3AI score0.00342EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/17 8:54 a.m.31 views

CVE-2024-31281 WordPress Church Admin plugin <= 4.1.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 4.1.6...

6.3CVSS6.3AI score0.00342EPSS
Exploits0References1
CVE
CVE
added 2024/05/17 8:54 a.m.58 views

CVE-2024-31281

CVE-2024-31281 is a Missing Authorization vulnerability in the WordPress plugin Church Admin (church-admin) affecting versions up to 4.1.6. Public records consistently describe it as a broken access control vulnerability that allows exploitation due to incorrectly configured access control securi...

6.3CVSS7.2AI score0.00342EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/05/17 7:15 a.m.1 views

CVE-2023-33321

Missing Authorization vulnerability in Metagauss EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 2.8.6...

5.3CVSS7.3AI score
Exploits0References1
NVD
NVD
added 2024/05/17 7:15 a.m.24 views

CVE-2023-33321

Missing Authorization vulnerability in Metagauss EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 2.8.6...

5.3CVSS5.3AI score0.00515EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/17 6:45 a.m.11 views

CVE-2023-33321 WordPress EventPrime plugin <= 2.8.6 - Sensitive Data Exposure

Missing Authorization vulnerability in Metagauss EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 2.8.6...

5.3CVSS6.9AI score0.00515EPSS
Exploits0References1
CVE
CVE
added 2024/05/17 6:45 a.m.54 views

CVE-2023-33321

CVE-2023-33321 is a confirmed vulnerability in the WordPress plugin EventPrime (Metagauss) affecting versions

5.3CVSS6.8AI score0.00515EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/05/17 6:45 a.m.28 views

CVE-2023-33321 WordPress EventPrime plugin <= 2.8.6 - Sensitive Data Exposure

Missing Authorization vulnerability in Metagauss EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 2.8.6...

5.3CVSS5.3AI score0.00515EPSS
Exploits0References1
CVE
CVE
added 2024/03/19 3:54 p.m.67 views

CVE-2023-32259

CVE-2023-32259 concerns insufficient granularity of access control in OpenText SMAX and AMX. Affected products/versions: SMAX 2020.05–2022.11 and AMX 2021.08–2022.11. Root cause per sources: incorrectly configured access control security levels leading to improper access checks. Potential impact ...

6.5CVSS6.5AI score0.0034EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/19 3:54 p.m.34 views

CVE-2023-32259 Potential Insufficient Access Control vulnerability has been identified in OpenText™ SMAX/AMX products.

Insufficient Granularity of Access Control vulnerability in OpenText™ Service Management Automation X SMAX, OpenText™ Asset Management X AMX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Service Management Automation X SMAX versions 2020.05, 2020.08,...

6.5CVSS6.7AI score0.0034EPSS
Exploits0References1
Atlassian
Atlassian
added 2023/10/25 4:0 p.m.20 views

JIRA REST API /rest/api/2/user/viewissue/search doesn't respect Security Levels

h3. Issue Summary REST API - rest/api/2/user/viewissue/search Does not respect permissions, doing this REST API both on users who have browse permission and no permissions for a single ticket will result in both users still being able to view the issue. See this documentation for reference -...

7.2AI score
Exploits0
NVD
NVD
added 2023/06/02 1:15 p.m.22 views

CVE-2023-3033

Incorrect Authorization vulnerability in Mobatime web application allows Privilege Escalation, Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobatime web application: through 06.7.22...

8.8CVSS7.3AI score0.00602EPSS
Exploits1References1
Prion
Prion
added 2023/06/02 1:15 p.m.15 views

Authorization

Incorrect Authorization vulnerability in Mobatime web application allows Privilege Escalation, Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobatime web application: through 06.7.22...

6.5CVSS8.7AI score0.00602EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/06/02 12:28 p.m.46 views

CVE-2023-3033

Mobatime web application is affected by CVE-2023-3033 due to incorrect authorization and misconfigured access control, enabling privilege escalation through versions up to 06.7.22. The product/component is Mobatime web app; root cause is broken/incorrect access control. Impact is privilege escala...

8.8CVSS7.8AI score0.00602EPSS
Exploits1References1Affected Software1
ICS
ICS
added 2021/07/01 12:0 a.m.235 views

All Bachmann M1 System Processor Modules

1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Bachmann Electronic, GmbH Equipment: All M-Base Controllers Vulnerability: Use of Password Hash with Insufficient Computational Effort 2. REPOSTED INFORMATION This updated advisory is a follow-up to the...

8.5AI score0.00824EPSS
Exploits0References24
Cvelist
Cvelist
added 2020/04/15 9:25 a.m.24 views

CVE-2020-7278 McAfee firewall rules not enforced correctly

Exploiting incorrectly configured access control security levels vulnerability in ENS Firewall in McAfee Endpoint Security ENS for Windows prior to 10.7.0 April 2020 and 10.6.1 April 2020 updates allows remote attackers and local users to allow or block unauthorized traffic via pre-existing rules...

7.4CVSS7.7AI score0.00636EPSS
Exploits0References1
NVD
NVD
added 2019/06/24 7:15 p.m.23 views

CVE-2019-9957

Stored XSS within Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the username to an XSS payload. The stored payload c...

5.4CVSS5.5AI score0.00821EPSS
Exploits1References1
Prion
Prion
added 2019/06/24 7:15 p.m.21 views

Cross site scripting

Stored XSS within Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the username to an XSS payload. The stored payload c...

3.5CVSS5.6AI score0.00821EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/06/24 6:14 p.m.24 views

CVE-2019-9957

Stored XSS within Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the username to an XSS payload. The stored payload c...

5.5AI score0.00821EPSS
Exploits1References1
Rows per page
Query Builder