Lucene search
K

10 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-38280

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.00259EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/09/10 8:27 p.m.10 views

Indico may disclose unauthorized user details access via legacy API

Impact A legacy API to retrieve user details could be misused to retrieve profile details of other users without having admin permissions due to a broken access check. Patches You should to update to Indico 3.3.8 as soon as possible. See the docs for instructions on how to update. Workarounds It ...

4.3CVSS6.8AI score0.00235EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2025/07/07 12:0 a.m.5 views

Dokploy 安全漏洞

Dokploy is an open source software from Dokploy Open Source. A security vulnerability exists in Dokploy versions prior to 0.23.7, which stems from a low-privileged account being able to retrieve other users' details, potentially leading to information disclosure...

5.3CVSS6.4AI score0.00202EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/04/25 3:31 p.m.21 views

Moodle has an IDOR in web service which allows users enrolled in a course to access some details of other users

A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access...

4.3CVSS6.5AI score0.00316EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2025/04/25 3:31 p.m.19 views

Moodle has an IDOR in messaging web service which allows access to some user details

A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses...

4.3CVSS6.3AI score0.00302EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2025/04/25 2:43 p.m.17 views

CVE-2025-3645 Moodle: idor in messaging web service allows access to some user details

A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses...

4.3CVSS0.00302EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/04/25 2:43 p.m.7 views

CVE-2025-3645 Moodle: idor in messaging web service allows access to some user details

A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses...

4.3CVSS6.8AI score0.00302EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/04/22 1:34 p.m.15 views

CVE-2025-3640

A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access...

4.3CVSS6.9AI score0.00316EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/04/22 12:0 a.m.6 views

PT-2025-17915

Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description A flaw was found in the software, where insufficient capability checks allowed a user enrolled in a course to access certain details of other users they did not have permission to access, such...

4.3CVSS5.8AI score0.00316EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2022/08/29 12:0 a.m.12 views

PT-2022-16234 · WordPress · Simply Schedule Appointments

Name of the Vulnerable Software and Affected Versions: Simply Schedule Appointments WordPress plugin versions prior to 1.5.7.7 Description: The issue is related to missing authorization in a REST endpoint, allowing unauthenticated users to retrieve WordPress users' details, such as name and email...

5.3CVSS5.2AI score0.01424EPSS
Exploits2References5
Rows per page
Query Builder