Lucene search
+L

3167 matches found

NVD
NVD
added yesterday7 views

CVE-2026-12694

Missing Authorization vulnerability in Vimesoft Inc. Enterprise Video Platform allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0...

9.1CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-12694 Missing Authorization in Vimesoft's Enterprise Video Platform

Missing Authorization vulnerability in Vimesoft Inc. Enterprise Video Platform allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0...

9.1CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday9 views

CVE-2026-12693 IDOR in Vimesoft's Enterprise Video Platform

Authorization bypass through User-Controlled key vulnerability in Vimesoft Inc. Enterprise Video Platform allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0...

9.4CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-63097 Dendrite 0.13.8 syncapi /context Endpoint Post-Leave State Exposure

Dendrite through 0.13.8 contains an improper access control vulnerability in the syncapi /context endpoint syncapi/routing/context.go that allows authenticated local users to access post-leave room state events by exploiting a flawed membership check that evaluates only the RoomExists field while...

5.3CVSS
Exploits0References2
NVD
NVD
added yesterday6 views

CVE-2026-51083

Incorrect access control in Proxmox Virtual Environment PVE 9.x qemu-server before 9.1.8 and 8.x before 8.4.8 allows users within limited privileges to obtain hashed passwords via the cloudinit/dump API...

6.5CVSS
Exploits0References1
NVD
NVD
added yesterday7 views

CVE-2026-7189

Insertion of sensitive information into sent data vulnerability in Proliz Software Ltd. Co. Proliz's OBS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Proliz's OBS: before v3.6.0...

7.5CVSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-7189

CVE-2026-7189 affects Proliz OBS prior to v3.6.0. The issue is an insertion of sensitive information into sent data caused by functionality not being properly constrained by ACLs, enabling a network-remote impact with high confidentiality risk and low integrity impact. Affected component: Proliz ...

7.5CVSS5.2AI score
Exploits0References1
Cvelist
Cvelist
added yesterday12 views

CVE-2026-7189 Sensitive Data Exposure in Proliz's OBS

Insertion of sensitive information into sent data vulnerability in Proliz Software Ltd. Co. Proliz's OBS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Proliz's OBS: before v3.6.0...

7.5CVSS
Exploits0References1
Nuclei
Nuclei
added yesterday82 views

AntD Admin - Sensitive Information Disclosure

AntD Admin has a security vulnerability that stems from Antd-admin 5.5.0 being affected by an incorrect access control vulnerability. Attackers can exploit this vulnerability to gain unauthorized access to some front-end interfaces, resulting in the leakage of sensitive information such as user...

7.5CVSS7.3AI score0.04305EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added yesterday4 views

CVE-2026-51083

Incorrect access control in Proxmox Virtual Environment PVE 9.x qemu-server before 9.1.8 and 8.x before 8.4.8 allows users within limited privileges to obtain hashed passwords via the cloudinit/dump API...

5.3AI score
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-60774

Incorrect access control in Proxmox Virtual Environment PVE 9.x qemu-server before 9.1.8 and 8.x before 8.4.8 allows users within limited privileges to obtain hashed passwords via the cloudinit/dump API...

5.3AI score
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-51083

Proxmox VE is affected: incorrect access control in Proxmox Virtual Environment (PVE) 9.x qemu-server before 9.1.8 and 8.x before 8.4.8 allows users with limited privileges to obtain hashed passwords via the cloudinit/dump API. The root cause is an access-control issue in the cloudinit/dump endpo...

6.5CVSS5.3AI score
Exploits0References1
NVD
NVD
added 2 days ago8 views

CVE-2026-1609

A flaw was found in Keycloak. When the JSON Web Token JWT authorization grant preview feature is enabled and a user account is disabled, Keycloak fails to validate the user’s disabled status during JWT authorization grant processing. A remote attacker with low privileges can exploit this improper...

8.1CVSS0.00506EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago12 views

EUVD-2026-44841

A flaw was found in Keycloak. When the JSON Web Token JWT authorization grant preview feature is enabled and a user account is disabled, Keycloak fails to validate the user’s disabled status during JWT authorization grant processing. A remote attacker with low privileges can exploit this improper...

8.1CVSS6.1AI score0.00506EPSS
Exploits0References4
CVE
CVE
added 3 days ago7 views

CVE-2026-59258

CVE-2026-59258 affects Immich before 3.0.3. A broken access control on PUT /albums/:id/user/:userId lets shared album editors modify member roles, enabling an editor to demote the owner to editor and promote themselves to owner via sequential requests, yielding full control including deletion and...

8.3CVSS6.1AI score0.00315EPSS
Exploits0References5
CVE
CVE
added 3 days ago10 views

CVE-2026-58556

Technical details (affected product/version/root cause/remediation) are not publicly available in the provided documents. Monitor for updates.

5.1CVSS6.1AI score0.0008EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 4 days ago6 views

DNS Client Tampering Vulnerability

Improper access control in Microsoft Windows DNS allows an authorized attacker to perform tampering locally...

6.1CVSS6.1AI score0.00279EPSS
Exploits0
NVD
NVD
added 4 days ago6 views

CVE-2026-15389

A vulnerability relating to insufficient access control has been identified in the session management of the Sesame Time web application and its REST v3 API. The flaw lies in the fact that the system uses the session identifier USID as the sole validation mechanism, without verifying whether that...

8.7CVSS0.00275EPSS
Exploits0References1
NVD
NVD
added 5 days ago7 views

CVE-2026-57799

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in uxper Nuss nuss allows PHP Local File Inclusion.This issue affects Nuss: from n/a through = 1.3.6...

7.5CVSS0.00496EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-43292

The WP Job Portal WordPress plugin before 2.5.5 does not verify ownership when returning an employer's contact email for a given job, allowing authenticated users with a subscriber-level self-registerable account to read other employers' private account email addresses by enumerating job...

4.3CVSS6.1AI score0.00162EPSS
Exploits0References2
Rows per page
Query Builder