Lucene search
K

242 matches found

OSV
OSV
added 2024/03/06 7:33 p.m.20 views

CVE-2024-27915 Sulu grants access to pages regardless of role permissions

Sulu is a PHP content management system. Starting in verson 2.2.0 and prior to version 2.4.17 and 2.5.13, access to pages is granted regardless of role permissions for webspaces which have a security system configured and permission check enabled. Webspaces without do not have this issue. The...

6.8CVSS6.9AI score0.0045EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/03/06 7:33 p.m.35 views

CVE-2024-27915 Sulu grants access to pages regardless of role permissions

Sulu is a PHP content management system. Starting in verson 2.2.0 and prior to version 2.4.17 and 2.5.13, access to pages is granted regardless of role permissions for webspaces which have a security system configured and permission check enabled. Webspaces without do not have this issue. The...

6.8CVSS6.8AI score0.0045EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/03/04 8:45 p.m.20 views

Sulu grants access to pages regardless of role permissions

Impact What kind of vulnerability is it? Who is impacted? Access to pages is granted regardless of role permissions for webspaces which have a security system configured and permission check enabled. Webspaces without do not have this issue. Patches Has the problem been patched? What versions...

8.1CVSS6.7AI score0.0045EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/01/20 1:15 a.m.14 views

CVE-2021-31314

File upload vulnerability in ejinshan v8+ terminal security system allows attackers to upload arbitrary files to arbitrary locations on the server...

9.8CVSS9.5AI score0.0074EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/01/20 12:0 a.m.3 views

CVE-2021-31314

File upload vulnerability in ejinshan v8+ terminal security system allows attackers to upload arbitrary files to arbitrary locations on the server...

9.6AI score0.0074EPSS
Exploits1References1
CVE
CVE
added 2024/01/20 12:0 a.m.33 views

CVE-2021-31314

The CVE-2021-31314 entry concerns ejinshan v8+ terminal security system and is a file upload vulnerability that allows an attacker to upload arbitrary files to arbitrary locations on the server. The NVD/Red Hat/CNNVD entries corroborate an unrestricted file upload issue affecting ejinshan v8+; th...

9.8CVSS9.4AI score0.0074EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/01/20 12:0 a.m.26 views

CVE-2021-31314

File upload vulnerability in ejinshan v8+ terminal security system allows attackers to upload arbitrary files to arbitrary locations on the server...

9.7AI score0.0074EPSS
Exploits1References1
CNVD
CNVD
added 2024/01/03 12:0 a.m.8 views

Arbitrary File Read Vulnerability in Electronic Document Security Management System of Beijing Yisetong Technology Development Co., Ltd (CNVD-2024-08160)

Electronic document security management system is a controllable authorization of electronic document security sharing management system, using real-time dynamic encryption and decryption protection technology and real-time rights recovery mechanism, to provide all kinds of electronic documents...

7.1AI score
Exploits0
CNVD
CNVD
added 2023/12/12 12:0 a.m.20 views

Command Execution Vulnerability in Isthmus Electronic Document Security Management System (CNVD-2024-03256)

Beijing Yisaitong Science and Technology Development Co., Ltd. is an enterprise mainly engaged in science and technology promotion and application service industry. A command execution vulnerability exists in the Yisetong Electronic Document Security Management System, which can be exploited by a...

7.5AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/11/29 7:41 p.m.13 views

Okta: Breach Affected All Customer Support Users

When KrebsOnSecurity broke the news on Oct. 20, 2023 that identity and authentication giant Okta had suffered a breach in its customer support department, Okta said the intrusion allowed hackers to steal sensitive data from fewer than one percent of its 18,000+ customers. But today, Okta revised...

7.2AI score
Exploits0
Wallarm Lab
Wallarm Lab
added 2023/10/31 7:48 p.m.24 views

What is a Cloud Native Application Protection Platform CNAPP ?

Revealing the Secrets of the Cloud-specific Application Safety Platform CSASP In the landscape of online safety, the notion of the Cloud-specific Application Safety Platform CSASP is something relatively unheard of, but rapidly gaining popularity. Intuitively from its name, CSASP is a system...

7.6AI score
Exploits0
NVD
NVD
added 2023/08/15 8:15 p.m.16 views

CVE-2023-39842

Missing encryption in the RFID tag of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device...

2.4CVSS3.6AI score0.00122EPSS
Exploits1References1
Prion
Prion
added 2023/08/15 8:15 p.m.19 views

Design/Logic Flaw

Missing encryption in the RFID tag of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device...

2.1CVSS3.9AI score0.00122EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/08/15 12:0 a.m.33 views

CVE-2023-39842

CVE-2023-39842 concerns the Digoo DG-HAMB Smart Home Security System (v1.0) where the RFID tag lacks encryption, enabling an attacker to clone a tag with only brief physical proximity to the device. The NVD entry records a CVSSv3.1 base score of 2.4 (LOW) with AV:P, AC:L, PR:N, UI:N, S:U, C:N, I:...

2.4CVSS3.9AI score0.00122EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/08/15 12:0 a.m.26 views

CVE-2023-39842

Missing encryption in the RFID tag of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device...

3.9AI score0.00122EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/08/04 12:0 a.m.14 views

CVE-2023-39551

PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php...

10AI score0.01134EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2023/08/03 7:44 p.m.25 views

Sulu Observable Response Discrepancy on Admin Login

Impact It allows over the Admin Login form to detect which user username, email exists and which one do not exist. Impacted by this issue are Sulu installation = 2.5.0 and getMessage; instead the $exception-getMessageKey; References Currently no references...

4.3CVSS6.7AI score0.00496EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/08/03 7:44 p.m.22 views

GHSA-WMWF-49VV-P3MR Sulu Observable Response Discrepancy on Admin Login

Impact It allows over the Admin Login form to detect which user username, email exists and which one do not exist. Impacted by this issue are Sulu installation = 2.5.0 and getMessage; instead the $exception-getMessageKey; References Currently no references...

4.3CVSS4.3AI score0.00496EPSS
Exploits0References6
Friends Of PHP
Friends Of PHP
added 2023/08/03 6:2 a.m.28 views

Observable Response Discrepancy on Admin Login

Impact It allows over the Admin Login form to detect which user username, email exists and which one do not exist. Impacted by this issue are Sulu installation = 2.5.0 and getMessage; instead the $exception-getMessageKey; References Currently no references...

4.3CVSS4.3AI score0.00496EPSS
Exploits0Affected Software1
Debian CVE
Debian CVE
added 2023/07/14 6:23 p.m.31 views

CVE-2022-20565

Removed by vendor...

4.3AI score
Exploits0
Rows per page
Query Builder