Lucene search
K

14 matches found

CVE
CVE
added 7 hours ago8 views

CVE-2026-57869

CVE-2026-57869 affects MicroRealEstate up to version 1.0.0-alpha3. The vulnerability stems from broken object-level access controls and a deterministic pattern used in random ID generation, enabling attackers to access documents uploaded by landlords or tenants without authorization. The availabl...

7.1CVSS6AI score
Exploits0References2
EUVD
EUVD
added 2026/06/22 12:17 p.m.8 views

EUVD-2026-38227

MISP core contained multiple broken access-control flaws where authorization checks were performed against the wrong entity, or where ownership/editability checks were missing on write paths. In affected subsystems, a lower-privileged authenticated user with the relevant feature permission could...

7.1CVSS5.9AI score0.00361EPSS
Exploits0References5
Rhino Security Labs
Rhino Security Labs
added 2024/08/06 12:0 p.m.12 views

Vestaboard: Exploring Broken Access Controls and Privilege Escalation

The post Vestaboard: Exploring Broken Access Controls and Privilege Escalation appeared first on Rhino Security Labs...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2023/05/10 12:0 a.m.12 views

OpenEMR < 7.0.1 Multiple Vulnerabilities

OpenEMR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:open-emr:openemr"; ifdescription...

8.8CVSS6.1AI score0.96731EPSS
Exploits11References10
WPVulnDB
WPVulnDB
added 2023/05/08 12:0 a.m.17 views

Download Manager < 3.2.71 - Broken Access Controls

The plugin does not adequately validate passwords for password-protected files. Upon validation, a master key is generated and exposed to the user, which may be used to download any password-protected file on the server, allowing a user to download any file with the knowledge of any one file's...

6.5CVSS9AI score0.00737EPSS
Exploits2Affected Software1
Huntr
Huntr
added 2022/12/26 9:7 a.m.19 views

Broken Access Controls in Pratice settings

Description We observed that a receptionist user can add a Pharmacy in the Pratice Settings section, although this area is restricted to receptionist users. Proof of Concept REQUEST: POST /openemr/controller.php?practicesettings&pharmacy&action=edit HTTP/1.1 Host: demo.openemr.io Cookie: OpenEMR=...

4CVSS6.4AI score0.0061EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2022/12/19 12:0 a.m.21 views

OpenEMR < 7.0.0.2 Multiple Vulnerabilities

OpenEMR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:open-emr:openemr"; ifdescription...

8.8CVSS6.2AI score0.01057EPSS
Exploits7References8
OSV
OSV
added 2022/10/31 9:15 p.m.5 views

CVE-2022-39019

Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server...

7.5CVSS5.8AI score0.00369EPSS
Exploits0References1
CVE
CVE
added 2022/10/31 8:9 p.m.73 views

CVE-2022-39018

The vulnerability CVE-2022-39018 affects M-Files Hubshare prior to 3.3.11.3, where broken access controls on PDFtron data allow unauthenticated users to access restricted PDF files via a known URL. Affected component: PDFtron data within Hubshare; root cause: inadequate access control enforcement...

8.2CVSS7.7AI score0.00384EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/10/31 8:9 p.m.22 views

CVE-2022-39018 Broken access controls on PDFtron data in M-Files Hubshare

Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL...

8.2CVSS8.3AI score0.00384EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/10/31 8:9 p.m.9 views

CVE-2022-39019 Broken access controls on PDFtron WebviewerUI in M-Files Hubshare

Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server...

6.3CVSS7.6AI score0.00369EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/10/31 12:0 a.m.3 views

PT-2022-24675 · M Files +1 · M-Files Hubshare +1

Name of the Vulnerable Software and Affected Versions: M-Files Hubshare versions prior to 3.3.11.3 Description: The issue concerns broken access controls on PDFtron WebviewerUI in M-Files Hubshare, allowing unauthenticated attackers to upload malicious files to the application server...

7.5CVSS7.6AI score0.00369EPSS
Exploits0References2
Hacker One
Hacker One
added 2020/03/29 6:17 a.m.22 views

Acronis: Broken Access Controls

The End Point notary.acronis.com Blocks access to the panel if you are not an authenticated user. More is possible to access some functions of the panel by adding the .html at the end See Poc From Video Below Impact Broken access control vulnerabilities exist when a user can in fact access some...

2.9AI score
Exploits0
Packet Storm
Packet Storm
added 2010/08/24 12:0 a.m.37 views

VWar Cross Site Scripting / SQL Injection / Broken Access Controls

Back in April 2008 I found a bunch of vulnerabilities in PHP clan management system, however the project had just changed hands. Since then the new project leader has been assuring me that new secure release which fixed all the found issues was just around the corner. Over two years later I...

0.4AI score
Exploits0
Rows per page
Query Builder