Lucene search
K

12 matches found

Vulnrichment
Vulnrichment
added 2026/05/09 3:39 a.m.10 views

CVE-2026-42174 Kirby: User avatar creation, replacement and deletion are not gated by user update permissions

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, user avatar creation, replacement and deletion are not gated by user update permissions. This issue has been patched in versions 4.9.0 and 5.4.0...

5.3CVSS5.7AI score0.00237EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/04 7:58 p.m.9 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the process for managing user avatars due to insufficient authorization checks. An attacker can gain unauthorized access to create, replace, or delete user avatars by leveraging file permissions without the...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/30 6:23 p.m.4 views

CVE-2026-40603

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenticated member of the same team, even when that user does n...

6.5CVSS5.3AI score0.00241EPSS
Exploits0References3
NVD
NVD
added 2025/11/18 11:15 p.m.14 views

CVE-2025-64325

Emby Server is a personal media server. Prior to version 4.8.1.0 and prior to Beta version 4.9.0.0-beta, a malicious user can send an authentication request with a manipulated X-Emby-Client value, which gets added to the devices section of the admin dashboard without sanitization. This issue has...

9CVSS0.00369EPSS
Exploits1References1
OSV
OSV
added 2025/06/20 8:15 p.m.3 views

DEBIAN-CVE-2025-48945

pycares is a Python module which provides an interface to c-ares. c-ares is a C library that performs DNS requests and name resolutions asynchronously. Prior to version 4.9.0, pycares is vulnerable to a use-after-free condition that occurs when a Channel object is garbage collected while DNS...

8.2CVSS5.4AI score0.00389EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/04/16 2:35 a.m.7 views

SUSE CVE-2025-32780

BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.6.2 is vulnerable to a DLL Hijacking vulnerability. By placing a malicious DLL with the name uuid.dll in the folder C:\Users\AppData\Local\Microsoft\WindowsApps, an attacker can execute...

7.3CVSS7.8AI score0.00198EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/01/30 11:33 p.m.5 views

WordPress AI Infographic Maker plugin <= 4.9.0 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Infographic Maker – iList versions = 4.9.0...

6.5CVSS7.1AI score0.00463EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/09/01 12:0 a.m.4 views

ric-plt-lib-rmr security vulnerability

ric-plt-lib-rmr is an open source message router library from O-RAN Software Community. Applications can use it to send messages to other RMR-based applications. A security vulnerability exists in ric-plt-lib-rmr version v4.9.0, which originates from not verifying the source of a received routing...

7.5CVSS6.7AI score0.01244EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/02/15 12:0 a.m.4 views

SEO Panel SQL注入漏洞

SEO Panel is an open source panel for managing website SEO Search Engine Optimization. A security vulnerability exists in SEO Panel version 4.9.0, which was discovered to contain an SQL injection vulnerability via the username parameter of the getUserName function in the api/user.api.php file. An...

7.5CVSS7.6AI score0.00941EPSS
Exploits1References4
CNVD
CNVD
added 2017/02/22 12:0 a.m.2 views

tcpdump buffer overflow vulnerability (CNVD-2017-02243)

tcpdump is a set of sniffing tools developed by the Tcpdump team that run under the command line. The tool allows users to intercept and display TCP/IP and other packets sent or received over a network connection to that computer. A buffer overflow vulnerability exists in the juniperparseheader...

9.8CVSS9.8AI score0.03172EPSS
Exploits0References1
OSV
OSV
added 2017/01/28 1:59 a.m.2 views

ALPINE-CVE-2016-7932

The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print-pim.c:pimv2checkchecksum...

9.8CVSS7.7AI score0.03086EPSS
Exploits0References1
OSV
OSV
added 2017/01/28 1:59 a.m.1 views

DEBIAN-CVE-2016-7985

The CALM FAST parser in tcpdump before 4.9.0 has a buffer overflow in print-calm-fast.c:calmfastprint...

9.8CVSS7.7AI score0.03086EPSS
Exploits0References1
Rows per page
Query Builder