CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1088 matches found

Prion•added 2023/05/08 9:15 p.m.•15 views

Design/Logic Flaw

Ghost is an app for new-media creators with tools to build a website, publish content, send newsletters, and offer paid subscriptions to members. Prior to version 5.46.1, due to a lack of validation when filtering on the public API endpoints, it is possible to reveal private fields via a brute...

5CVSS7.5AI score0.45713EPSS

Exploits0References3Affected Software1

OSV•added 2023/05/08 8:56 p.m.•27 views

CVE-2023-31133 Ghost vulnerable to disclosure of private API fields

7.5CVSS7.3AI score0.45713EPSS

Exploits0References5

OSV•added 2023/05/02 2:15 p.m.•4 views

CVE-2023-2445

Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name...

4.9CVSS5.8AI score0.00979EPSS

Exploits0References1

NVD•added 2023/05/02 2:15 p.m.•31 views

CVE-2023-2445

4.9CVSS5AI score0.00979EPSS

Exploits0References1

Prion•added 2023/05/02 2:15 p.m.•26 views

Improper access control

3.3CVSS5AI score0.00979EPSS

Exploits0References1Affected Software1

Cvelist•added 2023/05/02 1:11 p.m.•29 views

CVE-2023-2445

5.3AI score0.00979EPSS

Exploits0References1

CVE•added 2023/05/02 1:11 p.m.•55 views

CVE-2023-2445

Summary of CVE-2023-2445 (Devolutions Server) Affected software: Devolutions Server, versions 2023.1.1 and earlier. Vulnerability: Improper access control in the Subscriptions Folder path filter. This allows attackers with administrator privileges to retrieve usage information about folders in a ...

4.9CVSS4.9AI score0.00979EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2023/05/02 12:0 a.m.•4 views

PT-2023-19610 · Devolutions · Devolutions Server

Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2023.1.1 and earlier Description: The issue is related to improper access control in the Subscriptions Folder path filter, allowing attackers with administrator privileges to retrieve usage information on folders i...

4.9CVSS6.8AI score0.00979EPSS

Exploits0References4

BDU FSTEC•added 2023/03/28 12:0 a.m.•3 views

The vulnerability of the Active IQ Unified Manager, a tool for managing the state and performance of data storage systems, stems from deficiencies in access control. This allows attackers to update subscriptions to EMS.

The vulnerability of the Active IQ Unified Manager, a tool for managing system storage performance and status, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to update subscriptions to EMS through unauthorized channels...

6.8CVSS6.6AI score0.00414EPSS

Exploits0References2Affected Software1

Veracode•added 2023/03/17 8:46 a.m.•25 views

Improper Access Control

moodle/moodle is vulnerable to Improper Access Control. The vulnerability exists in calendarcaneditsubscription function of lib.php because the user subscriptions are not properly handled which allows an attacker to edit user subscriptions and perform unauthorized actions...

5.3CVSS5.7AI score0.00505EPSS

Exploits0References5Affected Software1

WPVulnDB•added 2023/03/11 12:0 a.m.•18 views

FluentCRM - Marketing Automation For WordPress < 2.8.0 - Unauthenticated Subscriptions Update

The plugin does not properly secure the use of MD5 hash without a salt to control subscriptions, making it possible for unauthenticated attackers to unsubscribe users from lists and manage subscriptions...

5.3CVSS6.9AI score0.00802EPSS

Exploits1References1Affected Software1

OSV•added 2023/03/07 12:30 a.m.•29 views

GHSA-35WF-3WQ2-R3HX Moodle has Incorrect Default Permissions