Lucene search
K

2494 matches found

Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.20 views

PT-2026-39190

Name of the Vulnerable Software and Affected Versions Data Space Portal versions 2.1.1 through 7.3.1 Description Data Space Portal is an open-source Software as a Service SaaS solution for Dataspace management. The backend contains insufficient authorization regarding self-registered organization...

10CVSS5.8AI score0.00249EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/05 6:15 p.m.8 views

webkitgtk: A maliciously crafted webpage may be able to fingerprint the user

A flaw was found in WebKitGTK. A maliciously crafted web page can cause an authorization issue due to improper state management and may be able to fingerprint the user...

4.3CVSS5.7AI score0.00276EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/05 1:35 p.m.12 views

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization via the Microsoft Teams SSO invoke handler. An attacker can gain unauthorized access to Teams SSO signin functionality by sending specially crafted SSO invoke reques...

6.3CVSS5.8AI score0.00231EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.10 views

NextChat 安全漏洞

NextChat is an open-source project developed by NextChat for quickly deploying private ChatGPT web applications. Versions of NextChat 2.16.1 and earlier contained a security vulnerability. This vulnerability stemmed from the improper authorization in the addMcpServer function within the...

7.5CVSS7.2AI score0.00309EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/01 9:30 a.m.9 views

OpenStack Keystone has an Incorrect Authorization Issue

An issue was discovered in OpenStack Keystone 13 through 29. POST /v3/credentials did not validate that the caller-supplied projectid for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credentia...

8CVSS5.8AI score0.00446EPSS
Exploits1References5Affected Software1
Amazon
Amazon
added 2026/04/30 12:0 a.m.15 views

Medium: webkitgtk4

Issue Overview: A memory initialization issue was addressed with improved memory handling. This issue is fixed in tvOS 26.2, Safari 26.2, watchOS 26.2, visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may disclose internal states of the app...

6.5CVSS5.6AI score0.0072EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2026/04/29 4:17 p.m.5 views

webkitgtk: A maliciously crafted webpage may be able to fingerprint the user

A flaw was found in WebKitGTK. A maliciously crafted web page can cause an authorization issue due to improper state management and may be able to fingerprint the user...

4.3CVSS5.1AI score0.00276EPSS
Exploits0References5
CVE
CVE
added 2026/04/29 8:26 a.m.10 views

CVE-2026-42516

The CVE-2026-42516 entry concerns e-Sushrut HMIS with improper authorization checks during resource access. An authenticated attacker could exploit encoded parameters in the request URL to gain unauthorized access to patient accounts. The connected records confirm the vulnerability is a Broken Ac...

7.1CVSS5.4AI score0.00226EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/04/28 7:40 a.m.8 views

webkitgtk: A maliciously crafted webpage may be able to fingerprint the user

A flaw was found in WebKitGTK. A maliciously crafted web page can cause an authorization issue due to improper state management and may be able to fingerprint the user...

4.3CVSS5.1AI score0.00276EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/27 6:0 a.m.32 views

CVE-2026-7093 code-projects Invoice System in Laravel Invoice Endpoint invoice improper authorization

A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to b...

6.5CVSS0.00201EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/27 6:0 a.m.5 views

CVE-2026-7093 code-projects Invoice System in Laravel Invoice Endpoint invoice improper authorization

A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to b...

6.5CVSS6.1AI score0.00201EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/27 2:0 a.m.6 views

webkitgtk: A maliciously crafted webpage may be able to fingerprint the user

A flaw was found in WebKitGTK. A maliciously crafted web page can cause an authorization issue due to improper state management and may be able to fingerprint the user...

4.3CVSS5.1AI score0.00276EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.7 views

PT-2026-35388

A vulnerability was detected in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /item of the component API Endpoint. Performing a manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit is now public and...

6.9CVSS5.4AI score0.00286EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.10 views

ProjeQtOr 安全漏洞

ProjeQtOr is a project management software developed by the French company ProjeQtOr. Versions 7.0 to 12.4.3 of ProjeQtOr contain security vulnerabilities. These vulnerabilities stem from a lack of authorization verification at the objectDetail.php endpoint, which may lead to the retrieval of...

7.1CVSS5.8AI score0.00304EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/24 10:56 a.m.8 views

EUVD-2026-25413

Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution. This issue affects Apache DolphinScheduler versions prior to 3.4.1. Users are recommended to...

8.1CVSS5.2AI score0.00446EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.13 views

Axios 授权问题漏洞

Axios is an open-source HTTP client developed by Axios. Versions prior to Axios 1.15.1 and 0.31.1 have a vulnerability related to authorization. This vulnerability stems from the use of the mergeDirectKeys merging strategy in validateStatus. This strategy uses the in operator to traverse the...

6.5CVSS5.8AI score0.00611EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.7 views

Duplicate Advisory: uutils coreutils has an Incorrect Authorization issue

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-47c7-qrm7-mqw7. This link is maintained to preserve external references. Original Description The id utility in uutils coreutils miscalculates the groups= section of its output. The implementation uses a user's...

4.4CVSS5.9AI score0.00108EPSS
Exploits1References3Affected Software1
RedHat Linux
RedHat Linux
added 2026/04/22 11:49 a.m.7 views

webkitgtk: A maliciously crafted webpage may be able to fingerprint the user

A flaw was found in WebKitGTK. A maliciously crafted web page can cause an authorization issue due to improper state management and may be able to fingerprint the user...

4.3CVSS5.6AI score0.00276EPSS
Exploits0References5
NVD
NVD
added 2026/04/22 12:16 a.m.7 views

CVE-2026-41133

pyLoad is a free and open-source download manager written in Python. Versions up to and including 0.5.0b3.dev97 cache role and permission in the session at login and continues to authorize requests using these cached values, even after an admin changes the user's role/permissions in the database...

8.8CVSS0.00325EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.9 views

oxia 授权问题漏洞

Oxia is a distributed metadata storage and coordination system developed by Oxia OpenSource. Versions of Oxia prior to 0.16.2 had an authorization issue vulnerability. This vulnerability stemmed from the OIDC authentication provider setting the SkipClientIDCheck: true unconditionally in the go-oi...

9.2CVSS5.8AI score0.00255EPSS
Exploits0References1
Rows per page
Query Builder