Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:42 a.m.9 views

CVE-2022-26595

Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authenticated users to view sites/groups via the user's site membership assignment UI...

4.3CVSS6.4AI score0.00738EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-3778

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00735EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-34134

Malicious code in bioql PyPI...

5.3CVSS4.9AI score0.00302EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 1:6 a.m.5 views

CVE-2022-28160

Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item/Configure permission to read arbitrary files on the Jenkins controller...

6.5CVSS6.6AI score0.01051EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:8 p.m.9 views

CVE-2021-33327

The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8, does not properly check user permission, which allows remote authenticated users to view the Guest and User role even if "Role Visibilit...

4.3CVSS6.5AI score0.00861EPSS
Exploits0References1
CVE
CVE
added 2025/04/15 12:56 p.m.62 views

CVE-2025-32945

PeerTube CVE-2025-32945: A REST API flaw allows an authenticated user to add playlists to another user’s channel. The code creates the playlist with the requester as owner and sets the channel to the supplied ID without verifying ownership, enabling cross-user playlist creation. CVSS v3.1 base sc...

4.3CVSS7.2AI score0.00284EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2025/03/20 10:8 a.m.54 views

CVE-2024-13060

CVE-2024-13060 affects AnythingLLM Docker 1.3.1 and earlier. Affected component: the user cookie handling (cookie parameter id) that determines which profile picture is loaded. Root cause: insufficient authorization checks allow users with Default permission to access other users’ profile picture...

4.3CVSS4.4AI score0.00453EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 3:33 a.m.7 views

CVE-2024-45058

i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. Prior to the 2.9 branch, an attacker with only minimal viewing privileges in the settings section is able to change their user type to Administrator or...

8.1CVSS7.9AI score0.01365EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2022/09/13 6:50 p.m.5 views

CVE-2022-39206 CI/CD Docker Escape in OneDev

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket e.g. /var/run/docker.sock on Linux is mounted into each Docker step. Users that can define and trigger CI/CD jobs on a project could use this to control the Docker daem...

9.9CVSS9.7AI score0.0165EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/05/24 7:9 p.m.8 views

Liferay Portal and Liferay DXP does not properly check user permission

The Portlet Configuration module before 4.0.13 in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8, does not properly check user permission, which allows remote authenticated users to view the Guest and User role even if...

4.3CVSS6.7AI score0.00861EPSS
Exploits0References6Affected Software2
CNVD
CNVD
added 2020/11/25 12:0 a.m.9 views

Moodle Access Control Error Vulnerability

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. Moodle suffers from an Access Control Error vulnerability that stems from a failure to adequately check a user's ability to enroll when...

7.5CVSS6.5AI score0.01895EPSS
Exploits0References1
Rows per page
Query Builder