167 matches found
CVE-2026-48008
Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, a non-admin API user with integration:create ACL privilege can escalate to full administrator by creating an integration with admin: true through the Sync API POST /api/action/sync; the regular integration endpoint POST...
EUVD-2026-45237
Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, a non-admin API user with integration:create ACL privilege can escalate to full administrator by creating an integration with admin: true through the Sync API POST /api/action/sync; the regular integration endpoint POST...
CVE-2026-62233
grav-plugin-api before 1.0.6 fails to validate super-admin status in createApiKey, generate2fa, and disable2fa endpoints, allowing non-super api.users.write managers to escalate to super-admin. Attackers can mint API keys bound to super-admin accounts or strip 2FA from super-admin users to achiev...
Improper Privilege Management
github.com/coder/coder is vulnerable to Improper Privilege Management. The vulnerability is due to insufficient authorization checks in the PUT /api/v2/users/user/password endpoint, which allows a privileged user-admin attacker to reset the password of an owner account without requiring the curre...
PYSEC-2026-2035 Weave server API vulnerable to arbitrary file leak
The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin...
Keycloak < 26.6.4 Multiple Vulnerabilities
The version of Keycloak installed on the remote host is prior to 26.6.4. It is, therefore, affected by multiple vulnerabilities, including the following: - A user with group-admin privileges can escalate to realm-admin, gaining full administrative control over the realm. CVE-2026-9099 - An...
CVE-2026-59093
Weaviate before 1.38.0 does not verify that a principal performing an RBAC role assignment holds the permissions granted by the assigned role. The assignRoleToUser and assignRoleToGroup handlers POST /authz/users/id/assign and /authz/groups/id/assign authorize only that the caller may assign role...
CVE-2026-59093
Weaviate before 1.38.0 does not verify that a principal performing an RBAC role assignment holds the permissions granted by the assigned role. The assignRoleToUser and assignRoleToGroup handlers POST /authz/users/id/assign and /authz/groups/id/assign authorize only that the caller may assign role...
PT-2026-53086
Name of the Vulnerable Software and Affected Versions MyBB version 1.8.40 Description An issue exists where users with limited Admin Control Panel ACP access can assign any usergroup to an account during creation or editing. This occurs because the verify usergroup function in the user module...
Important: Red Hat Security Advisory: Red Hat build of Keycloak 26.4.13 Images Security Update
New images are available for Red Hat build of Keycloak 26.4.13 and Red Hat build of Keycloak 26.4.13 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Ha...
PT-2026-52093
🚨 CVE-2026-45688 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's CAS login handler forwards the client-supplied options.cas.credentialToken value straight into a MongoDB findOn...
CVE-2026-7165
The vulnerability is present in the ‘/addJugador’ endpoint: The 'keyJugador' and 'keyJugadorObjectiu' parameters allow the modification of other users’ information without requiring prior authorization validation. This could enable an authenticated attacker to alter any user’s ID and change their...
CVE-2026-7387
Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Mattermost fails to require role-management authorization when setting the schemeadmin flag on group syncable link and patch endpoints, which allows a user with group-link permissions to escalate themselv...
EUVD-2026-36503
Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 Mattermost fails to require role-management authorization when setting the schemeadmin flag on group syncable link and patch endpoints, which allows a user with group-link permissions to escalate themselv...
CVE-2026-47744
Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/Index had no mount authorization. Any authenticated user could load the page and use its public...
PT-2026-46864
Summary A non-admin API user with integration:create ACL privilege can escalate to full administrator by creating an integration with admin: true through the Sync API POST /api/ action/sync. The regular integration endpoint POST /api/integration correctly blocks this, but the Sync API bypasses th...
CVE-2026-47179
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.4, ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation runs. Because...
Incorrect Authorization
Overview praisonai-platform is a Platform layer for PraisonAI — workspace, auth, issues, projects Affected versions of this package are vulnerable to Incorrect Authorization via improper authorization checks in the requireworkspacemember process. An attacker can gain unauthorized access to...
CVE-2026-47179 Arcane: Authenticated Arbitrary Host File Read via Docker Compose Include Directives in Arcane
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.4, ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation runs. Because...
Linux Distros Unpatched Vulnerability : CVE-2026-43000
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the memb...