Lucene search
K

3624 matches found

CNNVD
CNNVD
added 2026/05/05 12:0 a.m.11 views

Eclipse Equinox OSGi 访问控制错误漏洞

Eclipse Equinox OSGi is a modular runtime framework developed by the Eclipse Foundation. Versions 3.8 to 3.18 of Eclipse Equinox OSGi contain access control vulnerability issues. This vulnerability stems from a remote code execution flaw in the console interface, allowing unauthenticated attacker...

9.8CVSS6.7AI score0.00455EPSS
Exploits0References1
Veracode
Veracode
added 2026/05/04 8:19 p.m.8 views

Arbitrary Command Injection

Claude Code is vulnerable to Arbitrary Command Injection. The vulnerability is due to lack of validation of the git worktree commondir file when determining folder trust, which allows an attacker to bypass trust checks and execute malicious hooks...

8.8CVSS5.9AI score0.00281EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.9 views

Nginx UI 访问控制错误漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Version 2.3.5 of Nginx UI contains an access control vulnerability, which stems from unauthenticated privilege escalation during the initial installation process via the POST /api/install endpoint...

9.8CVSS5.8AI score0.00339EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.9 views

Rdiffweb 访问控制错误漏洞

Rdiffweb is a web application personally developed by Patrik Dufresne from the United States. It allows for quick access to your files through an efficient web interface. Versions of Rdiffweb prior to 2.10.5 contained a security vulnerability related to access control. This vulnerability stemmed...

8.1CVSS5.8AI score0.00245EPSS
Exploits0References2
AlmaLinux
AlmaLinux
added 2026/05/04 12:0 a.m.26 views

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Denial of Service in libceph OSD client due to unreset sparse-read state CVE-2026-23136 kernel: Linux kernel: Use-after-free in traffic control actct may lead to denial of...

9.8CVSS5.9AI score0.96775EPSS
Exploits228References10
Vulnrichment
Vulnrichment
added 2026/04/29 7:27 a.m.5 views

CVE-2026-42377 WordPress SureForms Pro plugin <= 2.8.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Brainstorm Force SureForms Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SureForms Pro: from n/a through 2.8.0...

7.3CVSS5.1AI score0.00229EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.9 views

SonicWALL SonicOS 访问控制错误漏洞

SonicWALL SonicOS is an operating system developed by the American company SonicWALL, specifically for use with SonicWall firewall devices. There is a security vulnerability in SonicWall SonicOS related to access control mechanisms. This vulnerability may allow certain management interfaces to be...

8CVSS6AI score0.00417EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.8 views

OpenClaw 访问控制错误漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained a access control vulnerability, which was caused by a wide-area discovery vulnerability. This vulnerability allowed arbitrary tailnet peers to be accepted as DNS...

5.9CVSS5.9AI score0.00117EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.10 views

deskflow 访问控制错误漏洞

Deskflow is an open-source tool for sharing keyboards and mice across devices. Versions of Deskflow such as 1.20.0, 1.26.0.134, and earlier had access control vulnerabilities. These vulnerabilities stemmed from the Deskflow daemon running as the SYSTEM account, exposing IPC named pipes that have...

7.8CVSS6.1AI score0.00218EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.8 views

ClassroomIO.com 访问控制错误漏洞

ClassroomIO.com is an educational platform developed by ClassroomIO as open source. Version 0.1.13 of ClassroomIO.com contains a vulnerability related to access control. This vulnerability arises from ineffective access control, allowing low-privilege student users who are authenticated to access...

6.5CVSS5.8AI score0.00212EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.11 views

SenseLive X3050 访问控制错误漏洞

The SenseLive X3050 is a data collection and environmental monitoring device designed for IoT scenarios by SenseLive Corporation. The SenseLive X3050 has a access control vulnerability. This vulnerability stems from the Web management interface, which allows modification of critical configuration...

9.2CVSS5.8AI score0.00518EPSS
Exploits0References1
CNVD
CNVD
added 2026/04/24 12:0 a.m.6 views

Microsoft Partner Center Access Control Vulnerability

Microsoft Partner Center is a Microsoft partner management platform for partners to manage customers, subscriptions and billing. An access control vulnerability exists in Microsoft Partner Center. The vulnerability stems from a failure to properly validate user privileges, resulting in improper...

9.6CVSS5.4AI score0.00389EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.9 views

SenseLive X3050 访问控制错误漏洞

The SenseLive X3050 is a data collection and environmental monitoring device designed for IoT scenarios by SenseLive Corporation. The SenseLive X3050 has a access control vulnerability, which stems from the exposure of management protocols via the discovery function. This vulnerability could allo...

8.7CVSS5.8AI score0.00462EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.10 views

Microsoft Partner Center 访问控制错误漏洞

Microsoft Partner Center is a Microsoft partner management platform for partners to manage customers, subscriptions and billing. An access control vulnerability exists in Microsoft Partner Center. The vulnerability stems from a failure to properly validate user privileges, resulting in improper...

9.6CVSS5.8AI score0.00389EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/21 6:16 p.m.4 views

EUVD-2026-24235

Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, a broken access control vulnerability in the helpdesk attachment viewer allows any authenticated user to view attachments from other tickets by changing the attachment ID. This can expose sensitive support files an...

7.1CVSS5.8AI score0.00207EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.11 views

NVIDIA KAI Scheduler 访问控制错误漏洞

NVIDIA KAI Scheduler is an AI-based computing task scheduling system developed by NVIDIA Corporation. NVIDIA KAI Scheduler has a vulnerability related to access control, which stems from unauthorized access to API endpoints, potentially leading to information leakage...

7.7CVSS5.8AI score0.00235EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/15 10:21 a.m.2 views

CVE-2026-40730

Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer themegrill-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeGrill Demo Importer: from n/a through = 2.0.0.6...

5.8AI score0.00195EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/15 8:18 a.m.8 views

CVE-2025-40897

An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform...

8.1CVSS5.8AI score0.00325EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.6 views

PT-2026-33014

An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform...

8.1CVSS5.8AI score0.00325EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.8 views

WordPress plugin ThemeGrill Demo Importer 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00195EPSS
Exploits0References1
Rows per page
Query Builder