Lucene search
K

21 matches found

NVD
NVD
added 2026/06/23 8:16 p.m.7 views

CVE-2026-54328

Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi versions with temporary npm or git extension package installs used predictable paths under the operating system temporary directory. On Linux-based multi-user systems, a local attacker who can write to the shared temporary...

7.3CVSS0.00115EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/19 9:39 p.m.9 views

EUVD-2026-30993

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write methods, allowing any...

8.1CVSS5.9AI score0.00297EPSS
Exploits0References2
NVD
NVD
added 2026/02/25 11:16 p.m.5 views

CVE-2026-27495

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox boundary. On...

9.9CVSS0.00596EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : grub2-2.02-156.el8.ML.1 (AXSA:2024-8448:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8448:04 advisory. grub2: grub2-set-bootflag can be abused by local pseudo-users CVE-2024-1048 grub2: Out-of-bounds write at fs/ntfs.c may lead to unsigned code...

7.8CVSS7.8AI score0.00536EPSS
Exploits2References4
Cvelist
Cvelist
added 2025/10/14 12:18 a.m.7 views

CVE-2025-42939 Missing Authorization Check in SAP S/4HANA (Manage Processing Rules - For Bank Statements)

SAP S/4HANA Manage Processing Rules - For Bank Statements allows an authenticated attacker with basic privileges to delete conditions from any shared rule of any user by tampering the request parameter. Due to missing authorization check, the attacker can delete shared rule conditions that should...

4.3CVSS0.00209EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-32654

Malicious code in bioql PyPI...

9.6CVSS9.1AI score0.01668EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/07/12 7:24 p.m.10 views

CVE-2025-53709

Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on a small number of environments. Under specific circumstances, privileged users of secure-upload could have selected email templates not necessarily...

5.4CVSS7.3AI score0.00166EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/10 6:38 p.m.3 views

CVE-2025-53709 Access control issues impacting secure-upload service

Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on a small number of environments. Under specific circumstances, privileged users of secure-upload could have selected email templates not necessarily...

5.4CVSS6.6AI score0.00166EPSS
Exploits0References1
CVE
CVE
added 2025/07/10 6:38 p.m.20 views

CVE-2025-53709

The CVE-2025-53709 entries describe a privilege/authorization issue in Palantir Secure-upload, a data submission service installed on a limited set of environments. Affected component: Secure-upload before version 0.815.0. Reported problems include: privileged users could select email templates n...

5.4CVSS6.6AI score0.00166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:10 p.m.7 views

CVE-2021-45841

In Terramaster F4-210, F2-210 TOS 4.2.X 4.2.15-2107141517, an attacker can self-sign session cookies by knowing the target's MAC address and the user's password hash. Guest users disabled by default can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest...

8.1CVSS7.1AI score0.08057EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2025/05/22 9:9 p.m.11 views

CVE-2021-45335

Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files...

8.8CVSS6.8AI score0.00378EPSS
Exploits1
CNNVD
CNNVD
added 2024/09/12 12:0 a.m.2 views

SolarWinds Access Rights Manager 代码问题漏洞

SolarWinds Access Rights Manager is a lightweight review management system from SolarWinds, Inc. A code issue vulnerability exists in SolarWinds Access Rights Manager that originates from allowing an authenticated user to abuse the service, which could result in remote code execution...

9CVSS7.8AI score0.03085EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/04/25 12:0 a.m.4 views

ChurchCRM 跨站请求伪造漏洞

ChurchCRM is an open source CRM system for churches. A security vulnerability exists in ChurchCRM version v4.5.3. An attacker exploited the vulnerability to set a person as a user and set that user as an administrator...

5.3CVSS5.8AI score0.00288EPSS
Exploits1References4
Code423n4
Code423n4
added 2022/12/16 12:0 a.m.7 views

User can abuse tight stop losses and high leverage to make risk free trades

Lines of code Vulnerability details Impact User can abuse how stop losses are priced to open high leverage trades with huge upside and very little downside Proof of Concept function limitClose uint id, bool tp, PriceData calldata priceData, bytes calldata signature external checkDelayid, false;...

6.6AI score
Exploits0
OSV
OSV
added 2022/08/25 8:15 p.m.1 views

DEBIAN-CVE-2021-35938

A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system...

6.7CVSS6.7AI score0.00491EPSS
Exploits1References1
CVE
CVE
added 2021/12/27 12:29 p.m.55 views

CVE-2021-45335

CVE-2021-45335 affects Avast Antivirus: the sandbox component prior to version 20.4 has an insecure permission, enabling a local user to influence scan outcomes and potentially evade detection or delete arbitrary system files. Affected product is Avast Antivirus (sandbox module); root cause is an...

8.8CVSS8.5AI score0.00378EPSS
Exploits1References2Affected Software1
Hacker One
Hacker One
added 2021/01/19 4:15 p.m.47 views

Informatica: Html injection on ██████.informatica.com via search.html?q=1

hello dear I have found HTML injection on ██████.informatica.com parameters injectable search.html?q=1 URL : https://████████.informatica.com/search.html?q=1%22%3E%3Cimg%20src=https://www.no-gods-no-masters.com/imagesdesigns/anonymous-gandhi-d001001207265.png%3E%E2%80%[email protected]%20%22 payload ; 1"”@x...

2.2AI score
Exploits0
Kitploit
Kitploit
added 2020/01/07 11:0 a.m.101 views

RFCpwn - An Enumeration And Exploitation Toolkit Using RFC Calls To SAP

An SAP enumeration and exploitation toolkit using SAP RFC calls This is a toolkit for demonstrating the impact of compromised service accounts. This PoC is not for use in production environments, no guarantee of stability or support. RFCpwn relies on the pyrfc and the libraries provided by SAP in...

7.5AI score
Exploits0References2
PyPA
PyPA
added 2017/08/18 6:29 p.m.17 views

PYSEC-2017-11

Cross-site request forgery CSRF vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors...

8.8CVSS7AI score0.01036EPSS
Exploits0References4Affected Software1
Imperva Blog
Imperva Blog
added 2017/05/02 3:30 p.m.44 views

Why Care About Data-Centric Security?

It’s no surprise that data breaches are evolving and becoming increasingly more complex. According to the Verizon 2017 Data Breach Investigation Report, data breaches are “complex affairs often involving some combination of human factors, hardware devices, exploited configurations or malicious...

6.7AI score
Exploits0
Rows per page
Query Builder