219416 matches found
CVE-2026-7251
Eppendorf BioFlo 320 is vulnerable due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain full control of the user interface by using this password. Once connected, the attacker would have ful...
CVE-2026-44730
OpenCTI (open-source platform for threat intel) has a privilege-escalation vulnerability affecting the GraphQL API prior to version 6.9.7. An organization admin can elevate privileges by adding a user from a different organization with higher privileges to their own organization due to an incorre...
CVE-2026-48899
The CVE-2026-48899 entry concerns Joomla! Core and related sample-data plugins where an improper access check allows privilege escalation via the com_users batch task. The affected surface is core components handling sample data and batch tasks; root cause is insufficient authorization checks ena...
CVE-2026-48899 Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins
An improper access check allows privilege escalation through the comusers batch task...
CVE-2026-48900
CVE-2026-48900 affects Joomla! Core (com_scheduler). An improper access check allows low-privileged users to edit the task types of existing scheduler tasks, indicating a privilege-escalation in the scheduler component. The CVE details indicate a CVSS v4 score of 6.4 (MEDIUM) with network attack ...
CVE-2026-48900 Joomla! Core - [20260516] - Incorrect Access Control in com_scheduler
An improper access check allowed low privileged users to edit the task types of existing scheduler tasks...
CVE-2026-48900 Joomla! Core - [20260516] - Incorrect Access Control in com_scheduler
An improper access check allowed low privileged users to edit the task types of existing scheduler tasks...
CVE-2026-48898
CVE-2026-48898 affects Joomla! Core via the com_users batch task. The root cause is an improper access check, enabling privilege escalation. Impact is described as high/critical in the provided metrics, with high confidentiality, integrity, and availability implications. The connected sources con...
CVE-2026-46431 Algernon: Auto-refresh SSE event server sets Access-Control-Allow-Origin: *
Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, the SSE event server's Access-Control-Allow-Origin response header was hardcoded to the wildcard regardless of the caller's Origin. Because EventSource does not preflight and does not send cookies, the wildcard is sufficient ...
CVE-2026-48692
FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism. The server is initialized with grpc::InsecureServerCredentials src/fastnetmon.cpp line 477 and a source code comment explicitly acknowledges 'Listen on the given address without an...
DEBIAN-CVE-2026-48692
FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism. The server is initialized with grpc::InsecureServerCredentials src/fastnetmon.cpp line 477 and a source code comment explicitly acknowledges 'Listen on the given address without an...
CVE-2026-48692
FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism. The server is initialized with grpc::InsecureServerCredentials src/fastnetmon.cpp line 477 and a source code comment explicitly acknowledges 'Listen on the given address without an...
UBUNTU-CVE-2026-48692
FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism. The server is initialized with grpc::InsecureServerCredentials src/fastnetmon.cpp line 477 and a source code comment explicitly acknowledges 'Listen on the given address without an...
CVE-2026-9562 sambitraj STUDENT-MANAGEMENT-SYSTEM Dashboard access control
A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM up to 56ba287f2e9031523ccb4244cb6e3fe530e4e5d5. The affected element is an unknown function of the component Dashboard. Such manipulation leads to improper access controls. The attack may be launched remotely. The exploit has...
CVE-2026-9562 sambitraj STUDENT-MANAGEMENT-SYSTEM Dashboard access control
A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM up to 56ba287f2e9031523ccb4244cb6e3fe530e4e5d5. The affected element is an unknown function of the component Dashboard. Such manipulation leads to improper access controls. The attack may be launched remotely. The exploit has...
CVE-2026-9562
CVE-2026-9562 affects Sambitraj STUDENT-MANAGEMENT-SYSTEM, specifically an unknown function in the Dashboard component. The vulnerability is described as enabling improper access controls and may be exploited remotely, with public exploit disclosure. The product uses a rolling release, and no ver...
CVE-2026-43934
CVE-2026-43934 affects the e107 CMS prior to version 2.3.4, where a Broken Access Control existed in the comment edit feature. The issue stems from server-side validation that relied on a predictable identifier in the request and did not verify the editing user’s ownership of the comment, allowin...
CVE-2026-43934
e107 is a content management system CMS. Prior to 2.3.4, a Broken Access Control vulnerability exists in the application, allowing an unauthorized authenticated user to edit comments posted by others. This stems from inadequate server-side access control validation, where the application depends...
CVE-2026-43934 e107: Broken Access Control in e107 comment edit allows cross-user comment modification
e107 is a content management system CMS. Prior to 2.3.4, a Broken Access Control vulnerability exists in the application, allowing an unauthorized authenticated user to edit comments posted by others. This stems from inadequate server-side access control validation, where the application depends...
CVE-2026-43934 e107: Broken Access Control in e107 comment edit allows cross-user comment modification
e107 is a content management system CMS. Prior to 2.3.4, a Broken Access Control vulnerability exists in the application, allowing an unauthorized authenticated user to edit comments posted by others. This stems from inadequate server-side access control validation, where the application depends...