Lucene search
K

36 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.9 views

CVE-2026-4286

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to check if teamid was being changed when updating playbooks, allowing users with only Manage Playbook Configurations permission to change a playbook's team, bypassing manage members restriction via PUT api. Mattermost Advisory ID:...

4.3CVSS5.4AI score0.00143EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 12:28 p.m.32 views

CVE-2026-40914

CVE-2026-40914 describes a vulnerability in Apache Artemis (and Apache ActiveMQ Artemis) where a STOMP-authenticated user with either consume or send permission on an address can augment the address routing-type without having createAddress permission for that address. This allows sending or cons...

4.3CVSS5.8AI score0.00372EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/28 10:16 a.m.6 views

UBUNTU-CVE-2026-46150

In the Linux kernel, the following vulnerability has been resolved: fanotify: fix false positive on permission events fsnotifygetmarksafe may return false for a mark on an unrelated group, which results in bypassing the permission check. Fix by skipping over detached marks that are not in the...

7.1CVSS5.7AI score0.00142EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/21 7:13 a.m.11 views

EUVD-2026-31221

Mattermost versions 11.5.x = 11.5.1 fail to validate team-level runcreate permission against the target team when creating a playbook run which allows an authenticated team member to create runs in teams where they lack permission via specifying a different team ID in the run creation API request...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/11 12:31 p.m.3 views

EUVD-2026-11127

The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct Object Reference in versions 8.6.0 through 9.0.2. This is due to the storesettings method in the ExactMetricsOnboarding class accepting a user-supplied triggeredby parameter that is used instead of...

8.8CVSS5.9AI score0.00631EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-13092

Malware in sbrugna...

7.9CVSS6.4AI score0.00149EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-18752

Malware in sbrugna...

3.3CVSS5.3AI score0.00131EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-41553

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.00566EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/03/26 6:39 a.m.15 views

CVE-2023-52972

Huawei PCs have a vulnerability that allows low-privilege users to bypass SDDL permission checks . Successful exploitation this vulnerability could lead to termination of some system processes...

5.5CVSS0.00095EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/17 12:0 a.m.4 views

vivo Permission manager module 安全漏洞

The vivo Permission manager module is a cell phone permission management module from the Chinese company Vivo. A security vulnerability exists in vivo Permission manager module, which originates from a locally installed application that can bypass permission checking and perform system operations...

7.9CVSS6.7AI score0.00149EPSS
Exploits0References1
CVE
CVE
added 2024/11/25 2:46 p.m.64 views

CVE-2024-11672

CVE-2024-11672 affects Devolutions Remote Desktop Manager, with incorrect authorization in the Add permission component prior to 2024.2.22 on Windows. An authenticated user could bypass the Add permission via the vault import feature, exposing integrity (LOW) but not confidentiality/availability ...

4.3CVSS6.9AI score0.00535EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/08/13 12:0 a.m.6 views

SAP NetWeaver Application Server 安全漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server. An unauthenticated attacker could exploit the vulnerability to craft URL links that bypass the permission list control...

5.4CVSS6.6AI score0.00302EPSS
Exploits0References4
NVD
NVD
added 2024/07/09 9:15 p.m.19 views

CVE-2024-31332

In multiple locations, there is a possible way to bypass a restriction on adding new Wi-Fi connections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.4CVSS0.00103EPSS
Exploits0References2
CVE
CVE
added 2024/06/26 4:20 p.m.55 views

CVE-2024-6354

CVE-2024-6354 affects Devolutions Remote Desktop Manager (Windows) 2024.2.11 and earlier. The issue is an improper access control in the PAM dashboard that allows an authenticated user to bypass the execute permission via the PAM dashboard. The vulnerability is reported with a high impact (C/H, I...

7.2CVSS7.1AI score0.00786EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/03/06 11:5 a.m.22 views

BIT-REDMINE-2021-31864

Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the addissuenotes permission requirement by leveraging the incoming mail handler...

5.3CVSS5.4AI score0.01192EPSS
Exploits0References4
OSV
OSV
added 2024/01/31 11:3 a.m.8 views

SUSE-SU-2024:0289-1 Security update for slurm_23_02

This update for slurm2302 fixes the following issues: Update to slurm 23.02.6: Security fixes: - CVE-2023-49933: Prevent message extension attacks that could bypass the message hash. bsc1218046 - CVE-2023-49935: Prevent message hash bypass in slurmd which can allow an attacker to reuse root-level...

9.8CVSS8.5AI score0.01386EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2023/10/30 12:0 a.m.5 views

PT-2023-18117 · Unknown · Permission Manager

Name of the Vulnerable Software and Affected Versions: Permission Manager affected versions not specified Description: In Permission Manager, there is a possible way to bypass required permissions due to a missing permission check. This could lead to local escalation of privilege with no addition...

7.8CVSS6.8AI score0.00098EPSS
Exploits0References6
Hacker One
Hacker One
added 2023/10/13 4:50 p.m.83 views

Internet Bug Bounty: CVE-2023-42663: Apache Airflow: Bypass permission verification to view task instances of other dags

In Apache Airflow versions before 2.7.2, a vulnerability existed that allowed authorized users with access to read specific DAGs to view task instance information from other DAGs by bypassing permission verification. Upgrading to Apache Airflow version 2.7.2 or newer addressed this issue...

6.5CVSS6AI score0.01551EPSS
Exploits0
NVD
NVD
added 2023/09/12 2:15 a.m.29 views

CVE-2023-32558

The use of the deprecated API process.binding can bypass the permission model through path traversal. This vulnerability affects all users using the experimental permission model in Node.js 20.x. Please note that at the time this CVE was issued, the permission model is an experimental feature of...

7.5CVSS8.5AI score0.01481EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2023/07/05 3:18 p.m.34 views

CVE-2023-30586

A vulnerability has been identified in the Node.js 20, allows loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model...

7.5CVSS7.3AI score0.01348EPSS
Exploits0References3
Rows per page
Query Builder