Lucene search
K

14 matches found

Vulnrichment
Vulnrichment
added 2026/03/09 8:8 p.m.3 views

CVE-2026-25737 Budibase Arbitrary File Upload Leading to Multiple Critical Vulnerabilities (SSRF, Stored XSS)

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.24.0 and earlier, an arbitrary file upload vulnerability exists even though file extension restrictions are configured. The restriction is enforced only at the UI level. An attacker can bypass these...

8.9CVSS5.9AI score0.00264EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.11 views

PT-2026-20322

Name of the Vulnerable Software and Affected Versions Gogs versions 0.13.4 and below Description Gogs, an open-source self-hosted Git service, contains an access control bypass issue. Repository collaborators with Write permissions can delete protected branches, including the default branch, by...

9.9CVSS6AI score0.27661EPSS
Exploits45References117
EUVD
EUVD
added 2026/01/29 9:33 p.m.6 views

EUVD-2026-4950

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions up to and including 3.26.3, a Creator-level user, who normally has no UI permission to invite users, can manipulate API requests to invite new users with any role, including Admin, Creator, or Ap...

7.1CVSS5.9AI score0.00523EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.5 views

PT-2026-5360

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.26.4 Description Budibase is a low code platform used for building internal tools, workflows, and admin panels. A Creator-level user, normally lacking UI permissions to invite users, can manipulate API requests to...

7.1CVSS6AI score0.00523EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-32479

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00456EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/17 12:0 a.m.3 views

MevzuatTR 安全漏洞

MevzuatTR is an online platform for retrieval and notification of judicial decisions in Turkey by MevzuatTR Turkey. A security vulnerability exists in MevzuatTR versions prior to 12.02.2025 that stems from improper input neutralization and improper UI layer or frame restriction, which could lead ...

4.7CVSS6.6AI score0.00233EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:55 a.m.9 views

CVE-2017-20041

A vulnerability was found in Ucweb UC Browser 11.2.5.932. It has been classified as critical. Affected is an unknown function of the component HTML Handler. The manipulation of the argument title leads to improper restriction of rendered ui layers URL. It is possible to launch the attack remotely...

6.5CVSS6.8AI score0.00669EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/04/09 12:0 a.m.5 views

Inaba Denki Sangyo Wi-Fi AP UNIT 安全漏洞

The Inaba Denki Sangyo Wi-Fi AP UNIT is a Wi-Fi AP unit from Inaba Denki Sangyo, a Japanese company. A security vulnerability exists in Inaba Denki Sangyo Wi-Fi AP UNIT v2.0.03P and prior versions, which stems from improper restrictions in the UI layer or framework, and could lead to the user...

6.5CVSS9.1AI score0.00298EPSS
Exploits0References2
NVD
NVD
added 2024/07/17 5:15 p.m.20 views

CVE-2024-38446

NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a report and, despite the restrictions imposed by the UI, change the author of that report to an arbitrary user without their consent or knowledge via a modified UUID in a POST request...

6.5CVSS0.00347EPSS
Exploits1References1
CVE
CVE
added 2024/07/17 12:0 a.m.56 views

CVE-2024-38446

CVE-2024-38446 concerns NATO NCI ANET 3.4.1. The vulnerability allows an attacker to create a report and, by altering a UUID in a POST request, change the report author to an arbitrary user without their consent. This is a logic/authorization issue where report ownership is mishandled. Affected c...

6.5CVSS6.7AI score0.00347EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/11 12:0 a.m.5 views

CVE-2023-0780 Improper Restriction of Rendered UI Layers or Frames in cockpit-hq/cockpit

Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev...

4CVSS7.2AI score0.00373EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2022/10/12 12:0 a.m.5 views

Vulnerability of the CSP configuration implementation: The base-uri header of browsers like Firefox, Firefox ESR, and the email client Thunderbird allows attackers to circumvent security restrictions.

Vulnerability of the CSP configuration implementation: The base-uri settings of Firefox, Firefox ESR, and the Thunderbird email client are related to incorrect restrictions on the layers or frames of the user interface when processing HTML elements. Exploiting this vulnerability allows a remote...

6.4CVSS7AI score0.00877EPSS
Exploits0References17Affected Software8
OSV
OSV
added 2020/11/16 7:15 p.m.3 views

CVE-2020-26508

The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI...

9.8CVSS7.3AI score0.01121EPSS
Exploits0References1
Hacker One
Hacker One
added 2015/10/30 11:46 p.m.12 views

Shopify: An administrator without the 'Settings' permission is able to see payment gateways

Description ==== An administrator who lacks the 'Settings' permission is not able to see the shops payment gateways through the UI. But the endpoint shop.myshopify.com/admin/paymentgateways.json does disclose payment gateways to the unprivileged user. Mitigation ==== Restrict the endpoint in...

1.9AI score
Exploits0
Rows per page
Query Builder