Lucene search
K

77 matches found

NVD
NVD
added 6 days ago8 views

CVE-2026-8472

GitLab has remediated an issue in GitLab EE affecting all versions from 18.9 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with minimal access permissions to read work item metadata from private projects due to...

4.3CVSS0.00243EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago5 views

PT-2026-56621

Name of the Vulnerable Software and Affected Versions CAXperts UPVWebServices versions 2.4.2212.603 through 2.7.6 UDiTH Portal versions 2026.0.0 through 2026.2.0 Description An authenticated remote user can invoke an administrative API endpoint intended for privileged users. Due to missing...

8.1CVSS6.1AI score0.00276EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.23 views

PT-2026-47536

Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belonging to another user, resulting in escalation of privileges. This has high impact on integrity with...

7.1CVSS5.6AI score0.00207EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 6:46 a.m.13 views

EUVD-2026-32107

The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lvcaadminajax AJAX action in all versions up to, and including, 3.9.4 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce b...

6.4CVSS5.8AI score0.00223EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/27 6:46 a.m.12 views

EUVD-2026-32101

The Livemesh Addons for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the labbadminajax AJAX action in all versions up to, and including, 3.9.2 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce but doe...

6.4CVSS5.8AI score0.00223EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.13 views

PT-2026-43547

The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lvca admin ajax AJAX action in all versions up to, and including, 3.9.4 due to missing authorization checks and insufficient input sanitization. The AJAX handler verifies a nonce...

6.4CVSS5.8AI score0.00223EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/14 5:33 a.m.18 views

EUVD-2026-30241

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with project membership to enumerate private group members due to missing authorization checks...

4.3CVSS5.8AI score0.00181EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/13 10:7 p.m.48 views

CVE-2026-32991

Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account...

7.1CVSS0.00227EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 10:39 p.m.13 views

EUVD-2026-29881

GoJobs is a REST API for a Job Board platform. The application exposes a job retrieval endpoint that allows unauthenticated users to access job details by directly manipulating object identifiers. The endpoint lacks proper authentication and authorization checks, resulting in unauthorized access ...

5.3CVSS5.8AI score0.00239EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 3:31 a.m.23 views

EUVD-2026-29363

Due to insufficient authorization checks in the SAP Incentive and Commission Management application, authenticated users could invoke a remote-enabled function module to perform table update operations. This vulnerability has a low impact on integrity with no impact on confidentiality and...

4.3CVSS5.8AI score0.00198EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/04 12:0 a.m.8 views

WordPress plugin Listeo Core 代码问题漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin Listeo Core, which stems from a lack of...

5.3CVSS5.8AI score0.00304EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/03/28 6:28 p.m.5 views

SUSE CVE-2026-2461

Mattermost Plugins versions =11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-00559...

4.3CVSS5.9AI score0.00162EPSS
Exploits1References3
CVE
CVE
added 2026/03/16 12:0 a.m.9 views

CVE-2025-69727

CVE-2025-69727 affects INDEX-EDUCATION PRONOTE

5.3CVSS5.8AI score0.00243EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/10 6:31 p.m.5 views

EUVD-2026-10448

SAP Solution Tools Plug-In ST-PI contains a function module that does not perform the necessary authorization checks for authenticated users, allowing system information to be disclosed. This vulnerability has a low impact on confidentiality and does not affect integrity or availability...

5CVSS5.8AI score0.00209EPSS
Exploits0References3
NVD
NVD
added 2026/03/10 5:35 p.m.5 views

CVE-2026-24313

SAP Solution Tools Plug-In ST-PI contains a function module that does not perform the necessary authorization checks for authenticated users, allowing system information to be disclosed. This vulnerability has a low impact on confidentiality and does not affect integrity or availability...

5CVSS0.00209EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.9 views

SAP S/4HANA HCM Portugal和SAP ERP HCM Portugal 安全漏洞

SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal are both human capital management modules developed by the German company SAP. Both systems have security vulnerabilities; these vulnerabilities stem from the lack of authorization checks, which may allow users with high privileges to access...

5.8CVSS5.8AI score0.00262EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.7 views

SAP NetWeaver Application Server for ABAP 安全漏洞

SAP NetWeaver Application Server for ABAP is a core application server platform developed by the German company SAP. There is a security vulnerability in SAP NetWeaver Application Server for ABAP, which stems from the lack of authorization checks. This vulnerability may lead to the reading,...

6.4CVSS5.8AI score0.00205EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/03 1:37 p.m.8 views

CVE-2025-58402

The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users...

7.5CVSS5.9AI score0.00215EPSS
Exploits0References1
CVE
CVE
added 2026/03/02 11:16 a.m.12 views

CVE-2025-58402

CVE-2025-58402 affects the CGM CLININET application, where direct, sequential MessageID parameters enable unauthorized access to messages and attachments across users due to missing authorization checks. The issue is an Insecure Direct Object Reference (IDOR) that allows modification of GET param...

7.5CVSS5.9AI score0.00215EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.9 views

GFI Archiver 安全漏洞

GFI Archiver is an email archiving software developed by GFI Corporation. It is used to protect, store, and retrieve your electronic communications. GFI Archiver has a security vulnerability that stems from a lack of authorization checks in the configuration of the Marc.Store.Remoting.exe process...

9.8CVSS7.1AI score0.00673EPSS
Exploits0References1
Rows per page
Query Builder