Lucene search
K

72077 matches found

EUVD
EUVD
added yesterday4 views

EUVD-2026-43060

Missing Authorization vulnerability in Drupal AI Agents allows Forceful Browsing. This issue affects AI Agents versions: from 0.0.0 to 1.1.4, from 1.2.0 to 1.2.5, from 1.3.0 to 1.3.1...

6.1AI score0.00142EPSS
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-43063

Missing Authorization vulnerability in Drupal WissKI allows Forceful Browsing. This issue affects WissKI versions: from 0.0.0 to 4.2.0...

6.1AI score0.00132EPSS
Exploits0References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-43114

Missing Authorization vulnerability in Drupal LocalGov Workflows allows Forceful Browsing. This issue affects LocalGov Workflows versions: from 0.0.0 to 1.6.0...

6.1AI score0.00142EPSS
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-43050

Missing Authorization vulnerability in Drupal Examples for Developers allows Forceful Browsing. This issue affects Examples for Developers versions: from 0.0.0 to 4.0.6...

6.1AI score0.00142EPSS
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-43059

Missing Authorization vulnerability in Drupal AI Artificial Intelligence allows Forceful Browsing. This issue affects AI Artificial Intelligence versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3...

6.1AI score0.00142EPSS
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-43056

Incorrect Authorization vulnerability in Drupal Advanced Content Feedback aka adminfeedback allows Forceful Browsing. This issue affects Advanced Content Feedback aka adminfeedback versions: from 0.0.0 to 2.8.0...

6.1AI score0.00142EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday119 views

MinIO Cluster Deployment - Information Disclosure

MinIO is susceptible to information disclosure. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIOSECRETKEY and MINIOROOTPASSWORD. An attacker can potentially obtain sensitive...

7.5CVSS7.1AI score0.83957EPSS
Exploits13References5
Nuclei
Nuclei
added yesterday11 views

Bonita Web 2021.2 - Authentication/Authorization Bypass

Bonita Web 2021.2 contains an authentication/authorization bypass vulnerability caused by an overly broad exclude pattern in RestAPIAuthorizationFilter, allowing unauthenticated users to access privileged API endpoints by appending ;i18ntranslation or /../i18ntranslation/ to the URL. id:...

9.8CVSS7AI score0.56222EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday78 views

Modoboa < 2.1.0 - Improper Authorization

Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0. id: CVE-2023-2227 info: name: Modoboa 2.1.0 - Improper Authorization author: ritikchaddha,princechaddha severity: critical description: | Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0. impact:...

9.1CVSS7AI score0.43756EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday43 views

QNAP HBS 3 - Broken Access Control

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 Hybrid Backup Sync. If exploited, the vulnerability allows remote attackers to log in to a device. This issue affects: QNAP Systems Inc. HBS 3 versions prior to v16.0.0415 on QTS 4.5.2; versions prior to...

10CVSS7.1AI score0.78395EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday93 views

Keycloak - Open Redirect

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially...

6.1CVSS6.1AI score0.01959EPSS
Exploits0References2
CVE
CVE
added 2 days ago12 views

CVE-2026-58590

FlowDrop (Drupal module) has a Missing Authorization vulnerability that allows Forceful Browsing, affecting FlowDrop versions 0.0.0 through 1.6.0. The Drupal SA-CONTRIB-2026-068 advisory and related records describe an access-bypass weakness involving workflow administration permissions (Administ...

6.1AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2 days ago13 views

CVE-2026-58589

CVE-2026-58589 concerns the Drupal FlowDrop module, where a missing authorization vulnerability enables forceful browsing/bypass of access controls. Affected are FlowDrop versions 0.0.0 through 1.6.0. The connected documents identify the issue as an access-bypass through inadequate permission enf...

6.1AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2 days ago5 views

CVE-2026-13241

The CVE-2026-13241 entry concerns Drupal Paragraphs with a Missing Authorization vulnerability that enables Forceful Browsing. Affected product/version: Paragraphs modules from 0.0.0 up to 1.21.0. Root cause: insufficient access control on direct child paragraphs, enabling unauthorized access to ...

6.1AI score0.00132EPSS
Exploits0References1
CVE
CVE
added 2 days ago5 views

CVE-2026-13239

CVE-2026-13239 is a Missing Authorization vulnerability in Drupal WissKI affecting WissKI versions 0.0.0 through 4.2.0. The issue permits Forceful Browsing due to insufficient access checks in the wisski_mirador submodule, which also enables image annotation features via the Mirador viewer. Publi...

6.1AI score0.00132EPSS
Exploits0References1
CVE
CVE
added 2 days ago7 views

CVE-2026-13237

The CVE-2026-13237 entry describes an Incorrect Authorization vulnerability in Drupal AI Agents that enables forceful browsing and potential information disclosure. Affected are Drupal AI Agents versions: 0.0.0–1.1.4, 1.2.0–1.2.5, and 1.3.0–1.3.1. Root cause is improper access control within the ...

6.1AI score0.00142EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-13236

CVE-2026-13236 affects the Drupal AI Agents module. The issue is a Missing Authorization vulnerability that permits forceful browsing due to insufficient permission checks when a tool loads content entities. Affected versions are: 0.0.0–1.1.4, 1.2.0–1.2.5, and 1.3.0–1.3.1. The root cause is inade...

6.1AI score0.00142EPSS
Exploits0References1
CVE
CVE
added 2 days ago10 views

CVE-2026-13235

The CVE-2026-13235 entry concerns Drupal AI (Artificial Intelligence) module with Missing Authorization allowing forceful browsing. Affected versions are 0.0.0–1.2.17, 1.3.0–1.3.8, and 1.4.0–1.4.3. Connected sources (NVD, CVE listings, and Drupal SA) confirm a product/component level exposure whe...

6.1AI score0.00142EPSS
Exploits0References1
CVE
CVE
added 2 days ago17 views

CVE-2026-11909

CVE-2026-11909 concerns a missing authorization vulnerability in the Drupal Examples for Developers project, specifically in the file handling behavior exposed by the file_example submodule. The issue enables forceful browsing by allowing access to files PHP can reach, across Examples for Develop...

6.1AI score0.00142EPSS
Exploits0References1
CVE
CVE
added 2 days ago16 views

CVE-2026-10768

CVE-2026-10768 describes a Missing Authorization vulnerability in Drupal LocalGov Workflows that allows forceful browsing. Affected are LocalGov Workflows versions 0.0.0 to 1.6.0. The root cause is insufficient access controls that expose a view of Service Contacts, leading to potential informati...

6.1AI score0.00142EPSS
Exploits0References1
Rows per page
Query Builder