Lucene search
K

113 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:55 a.m.9 views

CVE-2011-1321

The AuthCache purge implementation in the Security component in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 does not purge a user from the PlatformCredential cache, which might allow remote authenticated users to gain privileges by leveraging a group...

6.5CVSS6.5AI score0.00967EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/10 9:11 a.m.10 views

CVE-2025-30000

A vulnerability has been identified in Siemens License Server SLS All versions V4.3. The affected application does not properly restrict permissions of the users. This could allow a lowly-privileged attacker to escalate their privileges...

6.7CVSS6.9AI score0.00134EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/06 1:58 a.m.21 views

CVE-2022-25311

A vulnerability has been identified in SINEC NMS All versions = V1.0.3 V2.0, SINEC NMS All versions V1.0.3, SINEMA Server V14 All versions. The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This coul...

8.8CVSS6.4AI score0.00518EPSS
Exploits0References1
Redos
Redos
added 2025/01/21 12:0 a.m.15 views

ROS-20250121-05

A vulnerability in the modsql component of the ProFTPD FTP server is related to privilege management errors. Exploitation of the vulnerability could allow an attacker acting remotely to elevate his privileges to the root user...

7.5CVSS6.8AI score0.02204EPSS
Exploits0
CNVD
CNVD
added 2024/12/09 12:0 a.m.5 views

SQL Injection Vulnerability in Ruiyou Skywing Application Virtualization System of Xi'an Ruiyou Information Technology Information Co.

Ruiyou Tianyi Application Virtualization System is a domestic application virtualization platform with independent intellectual property rights, which is based on Server-based Computing SBC. Xi'an Ruiyou Information Technology Co., Ltd. Ruiyou Tianyi Application Virtualization System suffers from...

8.4AI score
Exploits0
CNVD
CNVD
added 2024/12/06 12:0 a.m.3 views

File upload vulnerability in the education cloud platform of Beijing Zhongqing Modern Technology Co. Ltd (CNVD-C-2024-945982)

Beijing Zhongqing Modern Technology Co., Ltd. is a high-tech enterprise founded in 1993, specializing in providing educational users with products and solutions such as recording and broadcasting system, three classrooms and smart classrooms. A file upload vulnerability exists in the education...

7.3AI score
Exploits0
CNVD
CNVD
added 2024/08/30 12:0 a.m.6 views

FeehiCMS code issue vulnerability (CNVD-2024-37609)

FeehiCMS is a content management system CMS based on the Yii2 framework, aiming to provide Yii2 enthusiasts with a full-featured CMS system so that developers can focus more on the development of business functions. A security vulnerability exists in FeehiCMS. The vulnerability is related to the...

9.8CVSS7AI score0.00756EPSS
Exploits1References1
CNVD
CNVD
added 2024/07/20 12:0 a.m.4 views

File Upload Vulnerability in EG2000K of Beijing StarNet Ruijie Network Technology Co.

Ruijie Networks, founded in 2003, is an industry-leading ICT infrastructure and solutions provider. A file upload vulnerability exists in the EG2000K of Beijing StarNet Ruijie Network Technology Co. Ltd, which can be exploited by attackers to gain server privileges...

7.3AI score
Exploits0
Debian
Debian
added 2024/04/12 8:31 p.m.23 views

[SECURITY] [DSA 5657-1] xorg-server security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5657-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 12, 2024 https://www.debian.org/security/faq -...

7.8CVSS8.9AI score0.01843EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/03/26 9:34 a.m.16 views

CVE-2024-28033

OS command injection vulnerability exists in WebProxy 1.7.8 and 1.7.9, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Note that the developer was unreachable, therefore, users should consider stop using WebProxy...

7.9AI score0.01019EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/03/25 12:0 a.m.22 views

JVN#17176449: ffBull vulnerable to OS command injection

ffBull according to the original report submitted by the reporter provided by Fortunefield is a bulletin board system BBS. ffBull contains an OS command injection vulnerability CWE-78. Impact A remote unauthenticated attacker may execute an arbitrary OS command with the privilege of the running w...

9.8CVSS9.9AI score0.01284EPSS
Exploits0
GithubExploit
GithubExploit
added 2023/10/17 7:43 a.m.270 views

Exploit for CVE-2023-38646

CVE-2023-38646 - Metabase RCE Metabase open source before 0.46...

9.8CVSS9.9AI score0.97924EPSS
Exploits36
Tenable Nessus
Tenable Nessus
added 2023/08/05 12:0 a.m.17 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xtrans (SUSE-SU-2023:3190-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:3190-1 advisory. - CVE-2020-25697: Fixed local privilege escalation via TRANSABSTRACT on the client side bsc1178613. Tenab...

7CVSS7.1AI score0.00326EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2023/08/02 1:21 p.m.291 views

Exploit for CVE-2023-38646

CVE-2023-38646 - Metabase Pre-auth RCE !Untitled presentatio...

9.8CVSS10AI score0.97924EPSS
Exploits36
NVD
NVD
added 2023/07/21 3:15 p.m.28 views

CVE-2023-38646

Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2...

9.8CVSS9.9AI score0.97924EPSS
Exploits36References6
Prion
Prion
added 2023/07/21 3:15 p.m.48 views

Design/Logic Flaw

Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2...

7.5CVSS9.7AI score0.97924EPSS
Exploits36References6Affected Software1
OSV
OSV
added 2023/07/21 12:0 a.m.38 views

CVE-2023-38646

Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2...

9.8CVSS8.1AI score0.97924EPSS
Exploits36References8
Veracode
Veracode
added 2023/04/18 9:32 a.m.22 views

Arbitrary File Upload

yuan1994/tpadmin is vulnerable to Arbitrary File Upload. The vulnerability exists because the library does not properly validate files uploaded in Upload.php, allowing an attacker to bypass the file upload restrictions and take over server privilege...

7.2CVSS6.9AI score0.01013EPSS
Exploits1References5Affected Software1
Oracle linux
Oracle linux
added 2023/02/08 12:0 a.m.21 views

tigervnc security update

1.12.0-9 - xorg-x11-server: DeepCopyPointerClasses use-after-free leads to privilege elevation Resolves: bz2167057...

7.8CVSS7.9AI score0.00899EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2023/01/10 8:0 a.m.79 views

Microsoft Exchange Server Elevation of Privilege Vulnerability

...

7.8CVSS7.8AI score0.00599EPSS
Exploits0
Rows per page
Query Builder