Lucene search
K

18 matches found

Cvelist
Cvelist
added 2026/06/11 9:41 a.m.33 views

CVE-2026-53911 Cerebrate primary key mass assignment in CRUD edit operations allows authenticated users to overwrite unrelated records

Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. In affected entities that did not explicitly mark id as inaccessible, an authenticated attacker could submit a crafted edit...

6.3CVSS0.00207EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.7 views

WordPress plugin ExactMetrics – Google Analytics Dashboard for WordPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

8.8CVSS5.8AI score0.0038EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-11121

Malware in sbrugna...

4.3CVSS4.9AI score0.00689EPSS
Exploits2References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-54643

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00426EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.18 views

EUVD-2025-12558

Malicious code in bioql PyPI...

7.6CVSS6.5AI score0.00284EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-59273

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.0038EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-12396

Malicious code in bioql PyPI...

6.5CVSS7AI score0.01003EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:25 a.m.6 views

CVE-2023-2529

The Enable SVG Uploads WordPress plugin through 2.1.5 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

5.4CVSS5.9AI score0.00523EPSS
Exploits2References1
CVE
CVE
added 2025/05/19 6:0 a.m.40 views

CVE-2025-1626

CVE-2025-1626 : Qi Blocks WordPress plugin prior to 1.4 fails to validate/escape Countdown block options, enabling stored XSS for users with the contributor role or higher when the block is embedded in a page/post. Affected: Qi Blocks

5.4CVSS5.7AI score0.00203EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/25 3:5 p.m.10 views

CVE-2025-43862 Dify Allows Unauthorized Access and Modification of APP Orchestration

Dify is an open-source LLM app development platform. Prior to version 0.6.12, a normal user is able to access and modify APP orchestration, even though the web UI of APP orchestration is not presented for a normal user. This access control flaw allows non-admin users to make unauthorized access a...

7.6CVSS6.9AI score0.00284EPSS
Exploits1References2
NVD
NVD
added 2025/04/18 1:15 p.m.42 views

CVE-2025-32790

Dify is an open-source LLM app development platform. In versions 0.6.8 and prior, a vulnerability was identified in the DIFY AI where normal users are improperly granted permissions to export APP DSL. The feature in '/export' should only allow administrator users to export DSL. A workaround for...

6.3CVSS0.00255EPSS
Exploits1References3
NVD
NVD
added 2023/08/03 10:15 p.m.28 views

CVE-2023-20216

A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploi...

7.8CVSS5.8AI score0.00148EPSS
Exploits0References1
Prion
Prion
added 2023/08/03 10:15 p.m.17 views

Design/Logic Flaw

A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploi...

4.3CVSS7.7AI score0.00148EPSS
Exploits0References1Affected Software12
Cisco
Cisco
added 2023/07/19 4:0 p.m.31 views

Cisco BroadWorks Privilege Escalation Vulnerability

A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploi...

4.4CVSS7.8AI score0.00148EPSS
Exploits0References1
OSV
OSV
added 2021/06/18 6:44 p.m.25 views

GHSA-5PR9-V234-JW36 Remote Code Execution via traversal in TAL expressions

Impact Most Python modules are not available for using in TAL expressions that you can add through-the-web, for example in Zope Page Templates. This restriction avoids file system access, for example via the 'os' module. But some of the untrusted modules are available indirectly through Python...

7.6CVSS8.5AI score0.01843EPSS
Exploits1References8
Veracode
Veracode
added 2019/05/02 5:3 a.m.19 views

Authorization Bypass

CFME is vulnerable to authorization bypass. User role permissions for actions associated with catalogs are not properly validated, which would allow an authenticated Management Engine user to use this flaw to delete arbitrary catalogs regardless of the granted permissions...

4CVSS6.2AI score0.01019EPSS
Exploits0References7Affected Software2
Veracode
Veracode
added 2017/11/28 7:27 a.m.17 views

Authorization Bypass

TeamPass is vulnerable to authorization bypass. The application does not properly enforce user role permissions, allowing a malicious user to modify or delete another user's role in the application...

4.9CVSS5.3AI score0.00917EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linux
added 2014/05/12 6:12 p.m.82 views

Important: Red Hat Security Advisory: cfme security, bug fix, and enhancement update

Updated cfme packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat CloudForms 3.0. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, whi...

6.5CVSS7.5AI score0.08245EPSS
Exploits7References13
Rows per page
Query Builder