2215 matches found
CVE-2026-16072
A flaw was found in the organization management component of Keycloak. A delegated administrator with permission to manage organizations can create an invitation for a non-existent email address and then retrieve the secret registration link directly through the application programming interface...
CVE-2026-15379
The Altiris WMI provider exposes a class AltirisAgentStream that allows any local standard user to read the contents of any file accessible to the SYSTEM account, bypassing filesystem ACLs. No admin privileges required. The provider reverts to the LocalSystem context when servicing WMI queries...
CVE-2026-15379 Arbitrary File Read as SYSTEM in Symantec ITMS
The Altiris WMI provider exposes a class AltirisAgentStream that allows any local standard user to read the contents of any file accessible to the SYSTEM account, bypassing filesystem ACLs. No admin privileges required. The provider reverts to the LocalSystem context when servicing WMI queries...
Symfony HttpFoundation - Access Control Bypass via PATH_INFO
Symfony HttpFoundation component = 2.0.0 and prior to versions 5.4.50, 6.4.29, and 7.3.7 contains an access control bypass vulnerability. The Request class improperly interprets some PATHINFO values, producing URL paths without a leading /. This allows bypassing access control rules that are buil...
EUVD-2026-45007
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. The LOCALDELETE command bypassed ACL checks. An authenticated but non-admin user could invoke the admin-only LOCALDELETE IMAP command and delete mailboxes for which they had no permissions...
EUVD-2026-44960
Yamcs is a mission control framework. Prior to 5.12.8 and 5.13.2, the PacketsApi.exportPackets endpoint in yamcs-core/src/main/java/org/yamcs/http/api/PacketsApi.java failed to enforce object-level ReadPacket privileges when a request omitted specific packet names: with an empty name list the...
CVE-2026-46485 Dash: Users can write to config despire permissions (OIDC tested)
Dashy is a self-hostable personal dashboard. Prior to 4.0.8, Dashy deployments using OIDC can allow unauthenticated users or non-admin authenticated users to write changes to the main config.yaml through the config-saving functionality despite configured permissions, allowing unauthorized...
CVE-2026-62947 OpenWrt: ACL bypass and arbitrary root file read via cgi-io cgi-download
OpenWrt is a Linux operating system targeting embedded devices. Prior to 25.12.5, the cgi-download handler in cgi-io authorizes the requested path against the caller's ubus session file ACL before canonicalization, and rpcd session.c uses fnmatch without FNMPATHNAME, allowing traversal such as an...
CVE-2026-62947
CVE-2026-62947 affects OpenWrt prior to 25.12.5 through the cgi-download handler in cgi-io, where the requested path is validated against the caller’s ubus session file ACL before canonicalization. The rpcd session.c uses fnmatch() without FNM_PATHNAME, enabling traversal such as an allowed wildc...
CVE-2026-58408
ChurchCRM is an open-source church management system. Prior to version 7.4.0, a low-privileged user can bypass the /admin/export UI and exfiltrate the entire member directory. The POST /CSVCreateFile.php endpoint generates and streams a CSV containing the full Personally Identifiable Information...
CVE-2026-57774
Missing Authorization vulnerability in vowelweb VW Food Corner vw-food-corner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Food Corner: from n/a through = 1.1.0...
CVE-2026-57412
The CVE-2026-57412 entry concerns the WordPress Gift Vouchers plugin (versions up to 4.6.9). The vulnerability is described as a Missing Authorization issue caused by Incorrectly Configured Access Control Security Levels, i.e., a Broken Access Control vulnerability. Affected component: gift-vouch...
CVE-2026-57694 WordPress Tutor LMS plugin <= 3.9.13 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through = 3.9.13...
CVE-2026-57364
The CVE-2026-57364 entry concerns the WordPress plugin WordPress Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More (better-payment) up to version 2.2.0. It describes improper validation of a specified quantity in input, leading to access to functionality not prop...
CVE-2026-54423
In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the sendraw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control...
EUVD-2026-42781
In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the sendraw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control...
CVE-2026-54423
OpenStack Ironic (before 37.0.1) is vulnerable: a user capable of deploying nodes via IPMI can abuse the IPMI send_raw step to send arbitrary IPMI commands to a node, bypassing Ironic’s access control. Impact is high (CVE-2026-54423). The root cause is the exposure of IPMI send_raw in deployment ...
CVE-2026-59225 Open WebUI: Arena task endpoints can bypass underlying model access controls
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.12 before 0.10.0, an authenticated non-admin user with read access to an arena wrapper model can reach a restricted underlying model through task endpoints such as /api/v1/tasks/moa/completions. The...
CVE-2026-61474 MISP: Improper sharing group authorization check when adding attributes
An improper authorization check in MISP’s attribute creation endpoint allowed an authenticated user with permission to add attributes to submit a sharinggroupid without triggering the corresponding sharing group authorization check, as long as the attribute distribution value was not explicitly s...
CVE-2026-61474
An improper authorization check in MISP’s attribute creation endpoint allowed an authenticated user with permission to add attributes to submit a sharinggroupid without triggering the corresponding sharing group authorization check, as long as the attribute distribution value was not explicitly s...