2496 matches found
CVE-2026-41133
pyLoad is a free and open-source download manager written in Python. Versions up to and including 0.5.0b3.dev97 cache role and permission in the session at login and continues to authorize requests using these cached values, even after an admin changes the user's role/permissions in the database...
oxia 授权问题漏洞
Oxia is a distributed metadata storage and coordination system developed by Oxia OpenSource. Versions of Oxia prior to 0.16.2 had an authorization issue vulnerability. This vulnerability stemmed from the OIDC authentication provider setting the SkipClientIDCheck: true unconditionally in the go-oi...
CVE-2026-38533
An improper authorization vulnerability in the /api/v1/users/id endpoint of Snipe-IT v8.4.0 allows authenticated attackers with the users.edit permission to modify sensitive authentication and account-state fields of other non-admin users via supplying a crafted PUT request...
PT-2026-32415
GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user with auditor privileges to modify vulnerability flag data in private projects due to...
go-fastdfs-web 授权问题漏洞
go-fastdfs-web is a web management platform for a distributed file storage system developed by Perfree’s individual developers. Versions of go-fastdfs-web prior to 1.3.7 have vulnerabilities related to authorization. These vulnerabilities stem from improper authorization practices and could lead ...
EUVD-2026-21364
Juju: CloudSpec method leaking cloud credentials...
CVE-2026-5412
In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This...
CVE-2026-5412 Juju CloudSpec API could leak senstive information
In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This...
Juju 安全漏洞
Juju is a open-source application orchestration engine developed by Canonical Juju. Vulnerabilities existed in versions prior to Juju 2.9.57 and 3.6.21. These vulnerabilities were due to authorization issues, which could allow low-privilege users to access sensitive credentials...
Discourse authorization issue vulnerability (CNVD-2026-17259)
Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an authorization issue vulnerability that stems from a category group moderator being able to perform privileged...
EUVD-2026-20797
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to access confidential issues assigned to other users via CSV export due to insufficient authorization checks...
UBUNTU-CVE-2026-1752
GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in t...
CVE-2026-39409
CVE-2026-39409 affects the Hono web application framework. The vulnerability lies in ipRestriction() not canonicalizing IPv4-mapped IPv6 addresses (e.g. ::ffff:127.0.0.1) before applying IPv4 allow/deny rules, which can cause IPv4 rules to fail to match in dual-stack environments (e.g., Node.js)....
PT-2026-31424
Name of the Vulnerable Software and Affected Versions Zammad versions prior to 7.0.1 Description Zammad, a web-based open-source helpdesk system, has an authorization failure in the REST endpoint POST /api/v1/ai assistance/text tools/:id. Context data provided for use in the AI prompt was not...
monetr 授权问题漏洞
Monetr is an open-source personal budget management application developed by Monetr. Versions of Monetr prior to 1.12.3 had an authorization issue vulnerability. This vulnerability stemmed from a transaction integrity flaw, which could lead to bypassing deletion protection...
CVE-2026-5384
An issue that could allow a credential to be updated and used for a task from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. This...
CVE-2026-5382 runZero Platform MCP endpoint information leak
An issue that could expose records outside of the authorized organization scope through the MCP endpoints has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N 3.0 Low. This issue was fixed in...
CVE-2026-5382
The CVE-2026-5382 entry concerns the runZero Platform, specifically the MCP endpoint information leak. The underlying issue is CWE-863 (Incorrect Authorization), allowing records to be exposed outside the authorized organization scope via MCP endpoints. The CVSS v3.1 impact is low (3.0) with vect...
CVE-2026-5379
An issue that allowed MCP agents to access certificate information from outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N 3.0 Low. This issue wa...
CVE-2026-5374 runZero Platform MCP information leak
An issue that allowed MCP agents to access remediation and asset information from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. Th...