Lucene search
+L

26 matches found

Cvelist
Cvelist
added 2026/07/10 8:42 p.m.31 views

CVE-2026-55880 OpenReplay: Cross-user IDOR in notes and dashboard widgets

OpenReplay is a self-hosted session replay suite. In 1.27.0 and earlier, three dashboard and note mutation functions ran their SQL without the ownership predicate that their sibling read and edit functions use: notes.delete filtered only on note id and project id, while dashboards.updatewidget an...

7.1CVSS0.00195EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 11:2 p.m.8 views

GHSA-39G2-8X68-PMX8 Nezha Monitoring: Stored future DDNS profile ID allows unauthorized use of another user's DDNS profile context

Summary PATCH /server/id accepts and persists nonexistent ddnsprofiles IDs for a member-owned server. If another user later creates a DDNS profile with one of those IDs, the DDNS worker resolves the stored ID and dispatches an update using the other user's DDNS profile configuration in the contex...

6.4CVSS5.8AI score0.00227EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/06 11:27 a.m.32 views

CVE-2026-43121 io_uring/zcrx: fix user_ref race between scrub and refill paths

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix userref race between scrub and refill paths The iozcrxputniovuref function uses a non-atomic check-then-decrement pattern atomicread followed by separate atomicdec to manipulate userrefs. This is serialized...

0.00088EPSS
Exploits0References3
Circl
Circl
added 2026/04/09 11:16 a.m.6 views

GHSA-C3H3-89QF-JQM5

creationtimestamp| type| source ---|---|--- 2026-04-09 11:16:38+00:00| seen| Telegram/nE1gVyn8jRxbZ-OhSUewb4fvVZDT-qjlGTvhk8YiMctdMk...

5.3AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2013-2091

Malware in sbrugna...

5.8CVSS6.4AI score0.01309EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2009-1504

Malware in sbrugna...

7.5CVSS6.4AI score0.01355EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/22 3:41 a.m.8 views

CVE-2013-2123

The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to content containing a user reference field when the author update/delete grants are enabled and the author's user account is deleted, which allows remote attacke...

5.8CVSS7.1AI score0.01309EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/20 12:0 a.m.4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from ksmbd not properly handling sess-user references in Kerberos authentication, which could lead to reuse after...

7.8CVSS6.3AI score0.09796EPSS
Exploits0References6
Circl
Circl
added 2024/07/17 7:53 p.m.7 views

CVE-2024-20435

creationtimestamp| type| source ---|---|--- 2024-07-17 19:53:42+00:00| seen| https://t.me/cvedetector/1101 2024-07-18 11:16:31+00:00| seen| https://t.me/kasperskyb2b/1343 2024-08-11 18:11:49+00:00| seen| https://t.me/MrVGunz/1251...

8.8CVSS4.8AI score0.00164EPSS
Exploits0References3
myhack58
myhack58
added 2016/05/12 12:0 a.m.20 views

Security Alert: WordPress Forum plug-in bbPress, there is stored XSS vulnerability, the impact of fix version 2. 5. 9 all previous versions-bug warning-the black bar safety net

Recently, the WordPress parent company Automattic released bbPress 2.5.9 version in the official WordPress Forum plugin to the latest version, fixes a higher threat of the storage typeXSSvulnerabilities that affect the scope include existing bbPress version, i.e., version 2.5.9 of all will suffer...

7.3AI score
Exploits0
NVD
NVD
added 2013/08/28 10:55 p.m.18 views

CVE-2013-2123

The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to content containing a user reference field when the author update/delete grants are enabled and the author's user account is deleted, which allows remote attacke...

5.8CVSS6.7AI score0.01309EPSS
Exploits1References4
Prion
Prion
added 2013/08/28 10:55 p.m.18 views

Code injection

The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to content containing a user reference field when the author update/delete grants are enabled and the author's user account is deleted, which allows remote attacke...

5.8CVSS7.2AI score0.01309EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2013/08/28 3:0 p.m.50 views

CVE-2013-2123

The CVE-2013-2123 issue affects the Drupal module Node access user reference (nodeaccess_userreference) for Drupal 6.x-3.x (before 6.x-3.5) and Drupal 7.x-3.x (before 7.x-3.10). The root cause is inadequate access restriction for content containing a user reference field when author update/delete...

5.8CVSS6.8AI score0.01309EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2013/08/28 3:0 p.m.30 views

CVE-2013-2123

The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to content containing a user reference field when the author update/delete grants are enabled and the author's user account is deleted, which allows remote attacke...

6.7AI score0.01309EPSS
Exploits1References4
seebug.org
seebug.org
added 2013/06/01 12:0 a.m.36 views

Drupal Node Access User Reference模块访问绕过漏洞

Bugtraq ID:60211 CVE ID:CVE-2013-2123 Drupal是一个基于PHP语言编写的开发型CMF(内容管理框架)。 Drupal Node Access User Reference模块允许对坐着,引用用户和非引用用户分配不同的访问权限。当作者创建包含用户引用字段的内容,并坐着用户账户不就被删除后,该作者创建的内容可被匿名用户编辑。 0 Drupal Node Access User Reference 6.x Drupal Node Access User Reference 7.x 厂商解决方案 Drupal Node Access User...

5.8CVSS6.7AI score0.01309EPSS
Exploits1
Drupal
Drupal
added 2013/05/29 12:0 a.m.29 views

SA-CONTRIB-2013-049 - Node access user reference - Access Bypass

This module allows different access permissions to be given to authors, referenced users and non-referenced users. When an author has created content containing a user reference field with author update/delete grants enabled and the author's user account is later deleted, content created by them...

5.8CVSS6.3AI score0.01309EPSS
Exploits1References12
0day.today
0day.today
added 2010/02/17 12:0 a.m.28 views

Drupal's <= v6.x-1.0 Realname User Reference Widget contributed module

Exploit for unknown platform in category web applications ====================================================================== Drupal's Description of Vulnerability: ----------------------------- Drupal is a free software package that allows an individual or a community of users to easily...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2010/02/16 12:0 a.m.36 views

Drupal Realname User Reference Information Disclosure

Information disclosure vulnerability in Drupal's Realname User Reference Widget contributed module version 6.x-1.0 Discovered by Martin Barbella Description of Vulnerability: ----------------------------- Drupal is a free software package that allows an individual or a community of users to easil...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2010/02/16 12:0 a.m.32 views

Information disclosure vulnerability in Drupal&#39;s Realname User Reference Widget contributed module &#40;version 6.x-1.0&#41;

Information disclosure vulnerability in Drupal's Realname User Reference Widget contributed module version 6.x-1.0 Discovered by Martin Barbella [email protected] Description of Vulnerability: ----------------------------- Drupal is a free software package that allows an individual or a...

0.1AI score
Exploits0
CVE
CVE
added 2009/05/01 5:0 p.m.36 views

CVE-2009-1507

The vulnerability CVE-2009-1507 affects the Drupal Node Access User Reference module (5.x prior to 5.x-2.0-beta4 and 6.x prior to 6.x-2.0-beta6). The module interprets an empty CCK user reference as the anonymous user, potentially bypassing access controls to read or modify a node. Remediation: u...

7.5CVSS6.9AI score0.01355EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder