CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

In Click Studios SA Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder with the default permission model can extend his...

6.5CVSS7AI score0.00807EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 6:43 p.m.•9 views

CVE-2021-37554

In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding permissions...

4.3CVSS6.8AI score0.00881EPSS

Exploits0References1

Tenable Nessus•added 2025/05/22 12:0 a.m.•13 views

Mattermost Server 9.11.x < 9.11.12 / 10.5.x < 10.5.3 Multiple Vulnerabilities (MMSA-2025-00455, MMSA-2025-00456)

The version of Mattermost Server installed on the remote host is prior to 9.11.12 or 10.5.3. It is, therefore, affected by multiple vulnerabilities as referenced in the MMSA-2025-0045500456 advisory. - Mattermost versions 10.5.x = 10.5.2, 9.11.x = 9.11.11 failed to properly verify a user's...

4.3CVSS5.7AI score0.00278EPSS

Exploits0References3

NVD•added 2025/05/20 2:15 p.m.•11 views

CVE-2025-47937

TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, when performing a database query involving multiple tables through the database abstraction layer DBAL, frontend...

5.3CVSS0.00253EPSS

Exploits0References2

OSV•added 2025/04/18 4:5 p.m.•5 views

CVE-2025-32795 Dify Allows Insecure User Role Access Control for APP Editing

Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users are improperly granted permissions to edit APP names, descriptions and icons. This access control flaw allows non-admin users to modify app details, despite...

6.5CVSS6.6AI score0.00249EPSS

Exploits1References4

CVE•added 2025/04/18 4:5 p.m.•77 views

CVE-2025-32795

CVE-2025-32795 affects Dify, an open-source LLM app development platform. Prior to version 0.6.12, a misconfigured access control allowed normal/non-admin users to edit app details (names, descriptions, icons) despite not having permission to view apps, compromising integrity. Root cause: insuffi...

6.5CVSS7AI score0.00249EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2025/04/18 12:15 p.m.•12 views

CVE-2025-32790 Dify Allows Insecure User Role Access Control for APP DSL Exporting

Dify is an open-source LLM app development platform. In versions 0.6.8 and prior, a vulnerability was identified in the DIFY AI where normal users are improperly granted permissions to export APP DSL. The feature in '/export' should only allow administrator users to export DSL. A workaround for...

6.3CVSS6.1AI score0.0024EPSS

Exploits1References3

OSV•added 2024/02/20 2:15 p.m.•6 views

CVE-2024-1550

A malicious website could have used a combination of exiting fullscreen mode and requestPointerLock to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects...

6.1CVSS6AI score

Exploits0References6

NVD•added 2001/01/09 5:0 a.m.•19 views

CVE-2000-1096

crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating...

3.7CVSS7.2AI score0.00786EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by