Lucene search
K

13 matches found

NVD
NVD
added 2025/09/30 11:37 a.m.7 views

CVE-2025-41097

Insecure Direct Object Reference IDOR vulnerability in BOLD Workplanner in versions prior to 2.5.25 4935b438f9b, consisting of a lack of adequate validation of user input, allowing an authenticated user to access to basic employee details using unauthorised internal identifiers...

7.1CVSS0.00234EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/30 12:0 a.m.4 views

Bold Workplanner 安全漏洞

Bold Workplanner is an enterprise software for human resource management from the Spanish company Bold Workplanner. Bold Workplanner suffers from an insecure direct object reference vulnerability that can be exploited by an attacker to access functional contract details using an unauthorized...

7.1CVSS6.7AI score0.00234EPSS
Exploits0References1
NVD
NVD
added 2025/08/28 6:15 p.m.2 views

CVE-2025-31971

AIML Solutions for HCL SX is vulnerable to a URL validation vulnerability. The issue may allow attackers to launch a server-side request forgery SSRF attack enabling unauthorized network calls from the system, potentially exposing internal services or sensitive information...

5.1CVSS0.00127EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/22 12:0 a.m.7 views

PT-2025-34455 · Reolink · Reolink

Name of the Vulnerable Software and Affected Versions: Reolink version 4.54.0.4.20250526 Description: An intent redirection issue in Reolink allows unauthorized attackers to access internal functions or non-public components. Recommendations: At the moment, there is no information about a newer...

5.3CVSS6.9AI score0.00307EPSS
Exploits1References5
Veracode
Veracode
added 2025/04/29 5:39 a.m.4 views

Server-Side Request Forgery (SSRF)

Crawl4AI is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper input validation and insufficient sanitization of user-controlled URLs in /crawl4ai/asyncdispatcher.py, allowing unauthorized internal network access...

9.1CVSS6.7AI score0.00296EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/01/21 7:15 p.m.4 views

CVE-2025-23369

An improper verification of cryptographic signature vulnerability was identified in GitHub Enterprise Server that allowed signature spoofing for unauthorized internal users. Instances not utilizing SAML single sign-on or where the attacker is not already an existing user were not impacted. This...

8.8CVSS5.8AI score0.01552EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/01/09 12:0 a.m.4 views

PT-2025-6749 · Wazuh · Wazuh Siem

Name of the Vulnerable Software and Affected Versions: Wazuh SIEM version 4.8.2 Description: This issue is related to a broken access control vulnerability, allowing the unauthorized creation of internal users without assigning any existing user role. This could potentially lead to privilege...

9CVSS7.2AI score0.0025EPSS
Exploits1References9
NVD
NVD
added 2024/11/07 10:15 p.m.28 views

CVE-2024-10824

An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed unauthorized internal users to access sensitive secret scanning alert data intended only for business owners. This issue could be exploited only by organization members with a personal access token PAT a...

6.5CVSS0.00339EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/07 12:0 a.m.5 views

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server, which...

6.5CVSS6.4AI score0.00339EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/06/07 12:0 a.m.3 views

PT-2022-19700 · Jamf · Jamf Private Access

Name of the Vulnerable Software and Affected Versions: Jamf Private Access versions prior to 2022-05-16 Description: The issue is related to Incorrect Access Control, allowing an unauthorized user to reach a system in the internal infrastructure. Recommendations: For Jamf Private Access versions...

7.5CVSS7.3AI score0.0088EPSS
Exploits0References4
CNVD
CNVD
added 2022/03/08 12:0 a.m.20 views

D-Link DAP-1620 Path Traversal Vulnerability

A path traversal vulnerability exists in the D-Link DAP-1620, a wireless repeater extender from D-Link, Taiwan, China, which results from a path traversal in the D-Link DAP-1620 that causes local file inclusion to lead to unauthorized internal file reads of /etc/passwd and / etc/shadow. No detail...

7.5CVSS2.7AI score0.57984EPSS
Exploits4References1
NVD
NVD
added 2017/11/30 9:29 a.m.19 views

CVE-2017-12351

A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container. An attacker would need valid administrator credentials to perform this attack. The vulnerability is due t...

5.7CVSS5.4AI score0.00345EPSS
Exploits0References3
OSV
OSV
added 2017/11/30 9:29 a.m.8 views

CVE-2017-12351

A vulnerability in the guest shell feature of Cisco NX-OS System Software could allow an authenticated, local attacker to read and send packets outside the scope of the guest shell container. An attacker would need valid administrator credentials to perform this attack. The vulnerability is due t...

5.7CVSS5.8AI score0.00345EPSS
Exploits0References3
Rows per page
Query Builder