Lucene search
K

12 matches found

OSV
OSV
added 2026/06/29 5:19 p.m.4 views

CVE-2026-57949 ruoyi-vue-pro - Missing Authorization in CRM Follow-up Record GET Endpoint

ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization vulnerability in the CRM module's GET /admin-api/crm/follow-up-record/get endpoint that allows authenticated users to read any follow-up record by iterating sequential numeric IDs. Attackers can exploit this ...

7.1CVSS6.1AI score0.00231EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/09 12:35 p.m.3 views

ruby: use of predictable source port and transaction id in DNS requests done by resolv.rb module

resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than...

5.8CVSS6.9AI score0.02415EPSS
Exploits2References4
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.7 views

Astra Linux – Vulnerability in Zabbix

When a URL is added to the map element, it is recorded in the database with a sequential ID. When adding a new URL, the system retrieves the previous value of the sysmapelementurlid and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by...

2.2CVSS5.4AI score0.00493EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/05 4:49 p.m.5 views

CVE-2025-66546 Nextcloud Calendar app allowed booking appointments without the generated token

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1...

3.3CVSS6.3AI score0.0012EPSS
Exploits0References4
OSV
OSV
added 2025/12/05 4:49 p.m.7 views

CVE-2025-66546 Nextcloud Calendar app allowed booking appointments without the generated token

Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7.19, 5.5.6, and 6.0.1, the calendar app allowed blindly booking appointments with a squential ID without known the appointment token. This vulnerability is fixed in 4.7.19, 5.5.6, and 6.0.1...

3.3CVSS6.6AI score0.0012EPSS
Exploits0References6
Nextcloud
Nextcloud
added 2025/12/05 8:0 a.m.18 views

Calendar app allowed booking appointments without the generated token

None...

3.3CVSS5.2AI score0.0012EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.7 views

PT-2025-49289

Name of the Vulnerable Software and Affected Versions Nextcloud Calendar versions prior to 4.7.19 Nextcloud Calendar versions prior to 5.5.6 Nextcloud Calendar versions prior to 6.0.1 Description The Nextcloud Calendar application contained a flaw where appointments could be booked without knowin...

3.3CVSS6.4AI score0.0012EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.6 views

PT-2025-44426

Name of the Vulnerable Software and Affected Versions mCarFix Motorists App version 2.3 Description The mCarFix Motorists App has improper access control issues. An attacker can bypass verification to create accounts and, by manipulating sequential numeric IDs, gain unauthorized access to user da...

7.5CVSS6.8AI score0.00286EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:7 a.m.4 views

SUSE CVE-2008-4100

GNU adns 1.4 and earlier uses a fixed source port and sequential transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: the vendor reports that this is intended behavior and is compatible with the...

6.4CVSS7.5AI score0.01492EPSS
Exploits0References3
OSV
OSV
added 2019/12/09 9:15 p.m.3 views

DEBIAN-CVE-2013-0342

The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294...

4.3CVSS5AI score0.01543EPSS
Exploits0References1
OSV
OSV
added 2008/09/18 5:59 p.m.4 views

DEBIAN-CVE-2008-4100

GNU adns 1.4 and earlier uses a fixed source port and sequential transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: the vendor reports that this is intended behavior and is compatible with the...

6.4CVSS6.5AI score0.01492EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2008/09/18 12:0 a.m.5 views

PT-2008-5403 · Gnu +1 · Gnu Adns +1

Name of the Vulnerable Software and Affected Versions: GNU adns versions 1.4 and earlier Description: The issue allows remote attackers to spoof DNS responses due to the use of a fixed source port and sequential transaction IDs for DNS requests. This behavior is reported by the vendor as intended...

6.4CVSS6.4AI score0.01492EPSS
Exploits0References10
Rows per page
Query Builder