Lucene search
K

23 matches found

Cvelist
Cvelist
added 2026/06/12 6:11 p.m.26 views

CVE-2026-47236 Solidtime team page exposes pending invitation and member emails to employees who lack invitations:view/members:view permission

Solidtime is an open-source time-tracking app. Prior to version 0.12.2, Solidtime defines an explicit invitations:view and members:view permissions that gates the official invitations and members API. The Jetstream web team page authorizes access with only belongsToTeam and then loads and...

4.3CVSS0.00183EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 6:11 p.m.9 views

CVE-2026-47236 Solidtime team page exposes pending invitation and member emails to employees who lack invitations:view/members:view permission

Solidtime is an open-source time-tracking app. Prior to version 0.12.2, Solidtime defines an explicit invitations:view and members:view permissions that gates the official invitations and members API. The Jetstream web team page authorizes access with only belongsToTeam and then loads and...

4.3CVSS5.2AI score0.00183EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 6:11 p.m.12 views

CVE-2026-47236

CVE-2026-47236 affects the Solidtime open‑source time-tracking app prior to version 0.12.2. The root cause is insufficient access control in the Jetstream-backed team page: invitations:view and members:view permissions gate the official APIs, but the Jetstream page authorizes access with only bel...

4.3CVSS5.3AI score0.00183EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.13 views

PT-2026-48954

Solidtime is an open-source time-tracking app. Prior to version 0.12.2, Solidtime defines an explicit invitations:view and members:view permissions that gates the official invitations and members API. The Jetstream web team page authorizes access with only belongsToTeam and then loads and...

4.3CVSS5.3AI score0.00183EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-16713

Malware in sbrugna...

6.1CVSS6.3AI score0.00808EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-30719

Malicious code in bioql PyPI...

4.7CVSS6.5AI score0.00379EPSS
Exploits0References1
CNVD
CNVD
added 2025/06/11 12:0 a.m.1 views

Online Fire Reporting System /admin/edit-team.php File SQL Injection Vulnerability

Online Fire Reporting System is an online fire reporting system. The Online Fire Reporting System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter teamid in the file /admin/edit-team.php. An attacker can...

9.8CVSS7.1AI score0.00387EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/06/04 12:0 a.m.2 views

PHPGurukul Online Fire Reporting System 注入漏洞

Online Fire Reporting System is an online fire reporting system. The Online Fire Reporting System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter teamid in the file /admin/edit-team.php. An attacker can...

9.8CVSS8.2AI score0.00387EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/23 10:20 a.m.6 views

CVE-2024-32957

Missing Authorization vulnerability in Live Composer Team Page Builder: Live Composer.This issue affects Page Builder: Live Composer: from n/a through 1.5.38...

4.7CVSS5.2AI score0.00379EPSS
Exploits0References1
NVD
NVD
added 2024/06/21 12:15 p.m.23 views

CVE-2024-35779

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Live Composer Team Page Builder: Live Composer allows Stored XSS.This issue affects Page Builder: Live Composer: from n/a through 1.5.42...

6.5CVSS0.00295EPSS
Exploits0References1
CVE
CVE
added 2024/04/15 9:24 a.m.63 views

CVE-2024-31933

Technical details for CVE-2024-31933 are not publicly provided in the supplied documents; monitor for updates from vendors and advisories.

5.4CVSS5.1AI score0.00197EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/01 12:0 a.m.4 views

PT-2024-14460 · Unknown · Live Composer Team Page Builder

Name of the Vulnerable Software and Affected Versions: Live Composer Team Page Builder versions 1.5.23 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows stored cross-site scripting XSS. This means that an attacker can inject...

6.5CVSS6AI score0.0031EPSS
Exploits0References8
BDU FSTEC
BDU FSTEC
added 2022/10/03 12:0 a.m.3 views

The vulnerability of the “id” parameter in the “team.php”, “player.php”, and “club.php” scripts of the KandNconcepts Club CMS allows a hacker to perform XSS attacks.

The vulnerability of the “id” parameter in the “team.php”, “player.php”, and “club.php” scripts of the KandNconcepts Club CMS exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...

6.4CVSS6.3AI score0.00808EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/06/02 2:16 p.m.2 views

CVE-2022-31980

Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/manageteam&id=...

7.2CVSS7.2AI score0.01971EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/06/02 2:15 p.m.4 views

CVE-2022-31957

Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via rdms/admin/teams/viewteam.php?id=...

9.8CVSS7.5AI score0.01081EPSS
Exploits1References2
OSV
OSV
added 2022/06/02 2:15 p.m.6 views

CVE-2022-31959

Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/teams/manageteam.php?id=...

9.8CVSS5.8AI score0.01081EPSS
Exploits1References1
OSV
OSV
added 2022/06/02 2:15 p.m.3 views

CVE-2022-31957

Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via rdms/admin/teams/viewteam.php?id=...

9.8CVSS5.8AI score0.01081EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.3 views

Online Fire Reporting System SQL注入漏洞

Online Fire Reporting System is an online fire reporting system from Carlo Montero's personal developer. version v1.0 of Online Fire Reporting System is vulnerable to SQL injection, which originates from /ofrs/admin/?page=teams/ manageteam...

7.2CVSS5.7AI score0.01971EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.6 views

Rescue Dispatch Management System SQL注入漏洞

Rescue Dispatch Management System is a rescue dispatch management system from Carlo Montero's personal developer. rescue dispatch management system v1.0 is vulnerable to SQL injection, which originates from /rdms/classes/ Master.php?f=deleteteam page lacks validation of externally entered SQL...

9.8CVSS5.9AI score0.01081EPSS
Exploits1References2
OSV
OSV
added 2020/08/27 2:15 p.m.2 views

CVE-2020-23973

KandNconcepts Club CMS 1.1 and 1.2 has SQL Injection via the 'team.php,player.php,club.php' id parameter...

9.8CVSS7.4AI score0.01563EPSS
Exploits1References1
Rows per page
Query Builder