Lucene search
+L

202 matches found

CVE
CVE
added 2025/03/20 10:8 a.m.54 views

CVE-2024-11821

CVE-2024-11821 affects langgenius/dify 0.9.1. The issue is a privilege escalation where a normal user can modify Orchestrate instructions for an admin-created chatbot due to improper access control on the endpoint /console/api/apps/{chatbot-id}/model-config. The CVE entry lists a CVSSv3 base scor...

4.3CVSS4.8AI score0.00442EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/03/18 12:0 a.m.55 views

CVE-2025-25585

CVE-2025-25585 affects yimioa prior to v2024.07.04. The vulnerability is in the component /config/WebSecurityConfig.java and is caused by incorrect access control, enabling unauthorized attackers to arbitrarily modify the administrator password. The CVE details from multiple sources align on this...

7.3CVSS6.5AI score0.00257EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/26 12:26 a.m.10 views

CVE-2024-56897

Improper access control in the HTTP server in YI Car Dashcam v3.88 allows unrestricted file downloads, uploads, and API commands. API commands can also be made to make unauthorized modifications to the device settings, such as disabling recording, disabling sounds, factory reset...

9.8CVSS7AI score0.0069EPSS
Exploits1References1
NVD
NVD
added 2025/02/24 4:15 p.m.16 views

CVE-2024-56897

Improper access control in the HTTP server in YI Car Dashcam v3.88 allows unrestricted file downloads, uploads, and API commands. API commands can also be made to make unauthorized modifications to the device settings, such as disabling recording, disabling sounds, factory reset...

9.8CVSS0.0069EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/02/24 12:0 a.m.14 views

CVE-2024-56897

Improper access control in the HTTP server in YI Car Dashcam v3.88 allows unrestricted file downloads, uploads, and API commands. API commands can also be made to make unauthorized modifications to the device settings, such as disabling recording, disabling sounds, factory reset...

0.0069EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/02/24 12:0 a.m.9 views

CVE-2024-56897

Improper access control in the HTTP server in YI Car Dashcam v3.88 allows unrestricted file downloads, uploads, and API commands. API commands can also be made to make unauthorized modifications to the device settings, such as disabling recording, disabling sounds, factory reset...

9.5AI score0.0069EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/02/06 12:3 a.m.10 views

CVE-2022-29176

Rubygems is a package registry used to supply software for the Ruby language ecosystem. Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so. To be vulnerable, a gem needed: one or more dashes i...

9.9CVSS6.7AI score0.01845EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 11:39 p.m.12 views

CVE-2022-41937

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The application allows anyone with view access to modify any page of the wiki by importing a crafted XAR package. The problem has been patched in XWiki 14.6RC1, 14.6 and 13.10.8. As a...

9.6CVSS6.5AI score0.00732EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:39 a.m.9 views

CVE-2024-1626

An Insecure Direct Object Reference IDOR vulnerability exists in the lunary-ai/lunary repository, version 0.3.0, within the project update endpoint. The vulnerability allows authenticated users to modify the name of any project within the system without proper authorization checks, by directly...

9.1CVSS7.8AI score0.00479EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2025/01/22 12:0 a.m.16 views

Oracle Java SE Security Update (Jan 2025) - Linux

Oracle Java SE is prone to an unspecified vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.8CVSS4.8AI score0.00971EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/01/22 12:0 a.m.14 views

Oracle VirtualBox Security Update (Jan 2025) - Windows

Oracle VirtualBox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:vmvirtualbox";...

7.3CVSS9.2AI score0.00292EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/01/22 12:0 a.m.13 views

Oracle Java SE Security Update (Jan 2025) - Windows

Oracle Java SE is prone to an unspecified vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.8CVSS4.8AI score0.00971EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/01/03 12:0 a.m.18 views

JetBrains TeamCity < 2024.12 Multiple Vulnerabilities

The version of JetBrains TeamCity installed on the remote host is prior to 2024.12. It is, therefore, affected by multiple vulnerabilities: - In JetBrains TeamCity before 2024.12, Improper access control allowed viewing details of unauthorized agents TW-85841 - In JetBrains TeamCity before 2024.1...

8.8CVSS5.5AI score0.0078EPSS
Exploits1References10
Vulnrichment
Vulnrichment
added 2024/12/30 4:14 p.m.17 views

CVE-2024-52294 khoj has an IDOR in subscription management that allows unauthorized subscription modifications

Khoj is a self-hostable artificial intelligence app. Prior to version 1.29.10, an Insecure Direct Object Reference IDOR vulnerability in the updatesubscription endpoint allows any authenticated user to manipulate other users' Stripe subscriptions by simply modifying the email parameter in the...

4.3CVSS6.9AI score0.00373EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/30 4:14 p.m.24 views

CVE-2024-52294 khoj has an IDOR in subscription management that allows unauthorized subscription modifications

Khoj is a self-hostable artificial intelligence app. Prior to version 1.29.10, an Insecure Direct Object Reference IDOR vulnerability in the updatesubscription endpoint allows any authenticated user to manipulate other users' Stripe subscriptions by simply modifying the email parameter in the...

4.3CVSS0.00373EPSS
Exploits0References2
OSV
OSV
added 2024/12/30 4:12 p.m.14 views

GHSA-HQ4H-W933-JM6C khoj has an IDOR in subscription management allows unauthorized subscription modifications

Summary An Insecure Direct Object Reference IDOR vulnerability in the updatesubscription endpoint allows any authenticated user to manipulate other users' Stripe subscriptions by simply modifying the email parameter in the request. Details The vulnerability exists in the subscription endpoint at...

4.3CVSS4.7AI score0.00373EPSS
Exploits0References4
OSV
OSV
added 2024/12/12 3:46 p.m.20 views

GO-2024-3268 Harbor fails to validate the user permissions when updating p2p preheat policies in github.com/goharbor/harbor

Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in oth...

7.7CVSS7.2AI score0.00296EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/26 12:0 a.m.6 views

PT-2024-8801

Name of the Vulnerable Software and Affected Versions ProjectSend versions prior to r1720 Description The issue is related to an improper authentication vulnerability in ProjectSend, allowing remote, unauthenticated attackers to modify the application's configuration by sending crafted HTTP...

10CVSS7.5AI score0.91559EPSS
Exploits4References84
Cvelist
Cvelist
added 2024/10/25 4:57 p.m.38 views

CVE-2024-8036 Unauthorized Modifications of Firmware and Configuration

ABB is aware of privately reported vulnerabilities in the product versions referenced in this CVE. An attacker could exploit these vulnerabilities by sending a specially crafted firmware or configuration to the system node, causing the node to stop, become inaccessible, or allowing the attacker t...

5.9CVSS0.00143EPSS
Exploits0References1
CVE
CVE
added 2024/10/25 4:57 p.m.51 views

CVE-2024-8036

CVE-2024-8036 relates to ABB product families (e.g., Relion protection relays) where the root cause is a data-forgery risk in the firmware/config update process: the vulnerability arises because the firmware or configuration file’s authenticity/integrity is not checked, enabling an attacker to ca...

5.9CVSS6AI score0.00143EPSS
Exploits0References1
Rows per page
Query Builder