Lucene search
K

2496 matches found

NVD
NVD
added 2026/04/22 12:16 a.m.7 views

CVE-2026-41133

pyLoad is a free and open-source download manager written in Python. Versions up to and including 0.5.0b3.dev97 cache role and permission in the session at login and continues to authorize requests using these cached values, even after an admin changes the user's role/permissions in the database...

8.8CVSS0.00325EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.9 views

oxia 授权问题漏洞

Oxia is a distributed metadata storage and coordination system developed by Oxia OpenSource. Versions of Oxia prior to 0.16.2 had an authorization issue vulnerability. This vulnerability stemmed from the OIDC authentication provider setting the SkipClientIDCheck: true unconditionally in the go-oi...

9.2CVSS5.8AI score0.00255EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/16 1:22 p.m.9 views

CVE-2026-38533

An improper authorization vulnerability in the /api/v1/users/id endpoint of Snipe-IT v8.4.0 allows authenticated attackers with the users.edit permission to modify sensitive authentication and account-state fields of other non-admin users via supplying a crafted PUT request...

6.5CVSS5.8AI score0.00311EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.5 views

PT-2026-32415

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user with auditor privileges to modify vulnerability flag data in private projects due to...

4.3CVSS5.8AI score0.00333EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/11 12:0 a.m.8 views

go-fastdfs-web 授权问题漏洞

go-fastdfs-web is a web management platform for a distributed file storage system developed by Perfree’s individual developers. Versions of go-fastdfs-web prior to 1.3.7 have vulnerabilities related to authorization. These vulnerabilities stem from improper authorization practices and could lead ...

7.5CVSS7.2AI score0.00309EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/10 9:0 p.m.6 views

EUVD-2026-21364

Juju: CloudSpec method leaking cloud credentials...

9.9CVSS5.8AI score0.00445EPSS
Exploits1References4
NVD
NVD
added 2026/04/10 1:16 p.m.11 views

CVE-2026-5412

In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This...

9.9CVSS0.00445EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/10 12:22 p.m.29 views

CVE-2026-5412 Juju CloudSpec API could leak senstive information

In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This...

9.9CVSS0.00445EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.10 views

Juju 安全漏洞

Juju is a open-source application orchestration engine developed by Canonical Juju. Vulnerabilities existed in versions prior to Juju 2.9.57 and 3.6.21. These vulnerabilities were due to authorization issues, which could allow low-privilege users to access sensitive credentials...

9.9CVSS5.8AI score0.00445EPSS
Exploits1References3
CNVD
CNVD
added 2026/04/10 12:0 a.m.3 views

Discourse authorization issue vulnerability (CNVD-2026-17259)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an authorization issue vulnerability that stems from a category group moderator being able to perform privileged...

5.4CVSS5.8AI score0.00153EPSS
Exploits0
EUVD
EUVD
added 2026/04/09 12:32 a.m.4 views

EUVD-2026-20797

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to access confidential issues assigned to other users via CSV export due to insufficient authorization checks...

4.3CVSS5.9AI score0.00308EPSS
Exploits0References4
OSV
OSV
added 2026/04/08 11:16 p.m.6 views

UBUNTU-CVE-2026-1752

GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in t...

4.3CVSS5.8AI score0.00311EPSS
Exploits0References5
CVE
CVE
added 2026/04/08 2:43 p.m.26 views

CVE-2026-39409

CVE-2026-39409 affects the Hono web application framework. The vulnerability lies in ipRestriction() not canonicalizing IPv4-mapped IPv6 addresses (e.g. ::ffff:127.0.0.1) before applying IPv4 allow/deny rules, which can cause IPv4 rules to fail to match in dual-stack environments (e.g., Node.js)....

6.3CVSS5.9AI score0.00342EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.7 views

PT-2026-31424

Name of the Vulnerable Software and Affected Versions Zammad versions prior to 7.0.1 Description Zammad, a web-based open-source helpdesk system, has an authorization failure in the REST endpoint POST /api/v1/ai assistance/text tools/:id. Context data provided for use in the AI prompt was not...

5.3CVSS5.9AI score0.0018EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.8 views

monetr 授权问题漏洞

Monetr is an open-source personal budget management application developed by Monetr. Versions of Monetr prior to 1.12.3 had an authorization issue vulnerability. This vulnerability stemmed from a transaction integrity flaw, which could lead to bypassing deletion protection...

5.7CVSS5.8AI score0.00292EPSS
Exploits0References2
NVD
NVD
added 2026/04/07 3:17 p.m.4 views

CVE-2026-5384

An issue that could allow a credential to be updated and used for a task from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. This...

5.8CVSS0.00208EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/07 2:12 p.m.3 views

CVE-2026-5382 runZero Platform MCP endpoint information leak

An issue that could expose records outside of the authorized organization scope through the MCP endpoints has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N 3.0 Low. This issue was fixed in...

3CVSS5.8AI score0.00174EPSS
Exploits0References2
CVE
CVE
added 2026/04/07 2:12 p.m.12 views

CVE-2026-5382

The CVE-2026-5382 entry concerns the runZero Platform, specifically the MCP endpoint information leak. The underlying issue is CWE-863 (Incorrect Authorization), allowing records to be exposed outside the authorized organization scope via MCP endpoints. The CVSS v3.1 impact is low (3.0) with vect...

3CVSS5.8AI score0.00174EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/07 2:11 p.m.1 views

CVE-2026-5379

An issue that allowed MCP agents to access certificate information from outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N 3.0 Low. This issue wa...

3CVSS5.8AI score0.00118EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/07 2:10 p.m.24 views

CVE-2026-5374 runZero Platform MCP information leak

An issue that allowed MCP agents to access remediation and asset information from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. Th...

5.8CVSS0.00208EPSS
Exploits0References2
Rows per page
Query Builder