Lucene search
K

150 matches found

Cvelist
Cvelist
added yesterday28 views

CVE-2026-40138 Critical Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance...

9.2CVSS
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-55950

Name of the Vulnerable Software and Affected Versions BeyondTrust Remote Support and Privileged Remote Access affected versions not specified Description A critical pre-authentication issue exists in the authentication subsystem. Improper validation of authentication data allows a...

9.2CVSS6.2AI score
Exploits0References7
NVD
NVD
added 2026/06/12 10:16 p.m.10 views

CVE-2026-53825

OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature that allows authenticated Gateway operators with operator.write scope to read local files outside intended ingest sources. Attackers with operator.write access can specify arbitrary local file...

7.1CVSS0.00375EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.11 views

CVE-2026-24724

An incorrect authorization vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass intended access restrictions. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.52...

8.6CVSS5.5AI score0.00259EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

CyberArk Idira Endpoint Privilege Manager 信任管理问题漏洞

CyberArk Idira Endpoint Privilege Manager is a terminal privilege management agent developed by the American company CyberArk. Versions of CyberArk Idira Endpoint Privilege Manager prior to version 26.5 contained vulnerabilities related to trust management. These vulnerabilities stemmed from...

8.5CVSS5.4AI score0.00128EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 3:15 a.m.10 views

EUVD-2026-35980

An incorrect authorization vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass intended access restrictions. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.52...

8.6CVSS5.5AI score0.00259EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.19 views

PT-2026-48370

Name of the Vulnerable Software and Affected Versions File Station versions prior to 5.5.6.5243 Description An incorrect authorization issue allows a remote attacker with a user account to bypass intended access restrictions. Recommendations Update to version 5.5.6.5243 or later...

8.6CVSS5.3AI score0.00259EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/08 11:44 a.m.13 views

EUVD-2026-35058

A flaw was found in Keycloak. A limited administrator can exploit an improper access control vulnerability in the POST /admin/realms/realm/partialImport endpoint. This allows them to bypass Fine-Grained Admin Permissions FGAP and escalate their privileges to a full realm administrator by importin...

7.2CVSS5.5AI score0.00329EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.11 views

Open XDMoD 访问控制错误漏洞

Open XDMoD is an open-source tool developed by the Center for Computational Research for managing high-performance computing resources. Versions of Open XDMoD prior to 11.0.3 contained a access control vulnerability. This vulnerability stemmed from a flaw in the access control logic, allowing...

5.3CVSS5.4AI score0.00236EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.9 views

PT-2026-43540

Name of the Vulnerable Software and Affected Versions Query Shortcode versions prior to 0.2.2 Description The Query Shortcode plugin for WordPress contains a Local File Inclusion issue within the shortcode function. Authenticated attackers with contributor-level access or higher can exploit this ...

7.5CVSS6.1AI score0.00495EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/26 8:58 p.m.12 views

EUVD-2025-209937

Missing Authorization vulnerability in AA-Team Woocommerce Envato Affiliates allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Woocommerce Envato Affiliates: from n/a through 1.2.1...

7.1CVSS5.8AI score0.00248EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/26 12:0 a.m.41 views

CVE-2026-9517 hemant6488 CodeIgniter-StudentManagementSystem Student Management addStudentView access control

A vulnerability was determined in hemant6488 CodeIgniter-StudentManagementSystem. The affected element is an unknown function of the file /index.php/students/addStudentView of the component Student Management Handler. Executing a manipulation can lead to improper access controls. The attack can b...

7.5CVSS0.0039EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/25 1:0 a.m.18 views

EUVD-2026-31613

A vulnerability was determined in SourceCodester Indian Invoicing System 1.0. Impacted is an unknown function of the component Backend Endpoint. Executing a manipulation can lead to improper access controls. The attack can be launched remotely. The exploit has been publicly disclosed and may be...

6.5CVSS6.3AI score0.00201EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/13 7:1 p.m.7 views

CVE-2026-0241

Incorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass access controls and perform unauthorized actions on restricted resources...

7.2CVSS5.8AI score0.00277EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.16 views

PT-2026-40766

Incorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass access controls and perform unauthorized actions on restricted resources...

7.2CVSS5.8AI score0.00277EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/27 6:37 a.m.6 views

EUVD-2026-25784

OPPO Wallet APP contains a trusted domain validation flaw that allows attackers to bypass protected interface access restrictions, which may lead to account token hijacking and sensitive information disclosure...

5.6CVSS5.2AI score0.00078EPSS
Exploits0References1
NVD
NVD
added 2026/04/13 7:16 a.m.10 views

CVE-2026-5936

An attacker can control a server-side HTTP request by supplying a crafted URL, causing the server to initiate requests to arbitrary destinations. This behavior may be exploited to probe internal network services, access otherwise unreachable endpoints e.g., cloud metadata services, or bypass...

8.5CVSS0.00188EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/03 10:10 p.m.1 views

CVE-2017-20238

Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains an improper authorization vulnerability that allows read-only users to gain write access to managed devices by bypassing access control mechanisms. Attackers can exploit alternative interfaces such a...

7.1CVSS5.9AI score0.00237EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.7 views

PT-2026-30261

Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains an improper authorization vulnerability that allows read-only users to gain write access to managed devices by bypassing access control mechanisms. Attackers can exploit alternative interfaces such a...

7.1CVSS5.9AI score0.00237EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/18 7:36 a.m.5 views

CVE-2026-22730

A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands. The vulnerability exists due to missing input sanitization...

8.8CVSS6.1AI score0.00522EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder