Lucene search
K

80 matches found

RedHat Linux
RedHat Linux
added 5 days ago5 views

foreman: Foreman: Unauthorized modification of host configurations via broken access control

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing...

6.5CVSS5.7AI score0.00262EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.8 views

PT-2026-51620

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.5.0 Description A missing authorization issue allows a user with permissions to edit other users to reset the two-factor authentication 2FA of a superadmin. Recommendations Update to version 8.5.0...

5.8CVSS5.9AI score0.00019EPSS
Exploits0References4
OSV
OSV
added 2026/06/10 5:7 p.m.9 views

DRUPAL-CONTRIB-2026-043

This module integrates the Tagify JavaScript library to enhance entity reference selection in entity reference widgets. The module does not properly sanitise the name of parent taxonomy terms when rendering suggestions in the Tagify dropdown. This results in a cross-site scripting vulnerability...

5.6AI score
Exploits0References1
NVD
NVD
added 2026/06/09 11:16 a.m.11 views

CVE-2026-47350

Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions 13.0.0-13.4.31 and 14.0.0-14.3.3...

5.3CVSS0.00238EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.10 views

PT-2026-47743

Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions 13.0.0 through 13.4.31 TYPO3 CMS versions 14.0.0 through 14.3.3 Description Backend users can move records to a different page even if they lack the necessary edit permissions on the source page. Recommendations Update TYPO3...

5.3CVSS5.2AI score0.00238EPSS
Exploits0References9
NVD
NVD
added 2026/06/08 5:16 p.m.17 views

CVE-2026-48507

Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular users.edit permission to lock every admin out of the instance by editing the activated flag which determines whether or not a user can login and the...

7.1CVSS0.00194EPSS
Exploits0References2
CVE
CVE
added 2026/06/08 3:41 p.m.27 views

CVE-2026-48507

Snipe-IT (IT asset/license management system) has a vulnerability affecting versions before 8.6.0. A non-admin user with only the granular users.edit permission can lock out admins by editing the activated flag (login eligibility) and the ldap_import flag (password reset requests). The issue is f...

7.1CVSS5.5AI score0.00194EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.10 views

CVE-2026-42839

An authenticated ERPNext user with Item record edit permissions can persist arbitrary HTML/JavaScript in the itemname, description, or image fields of an Item and trigger unescaped rendering in the Point of Sale POS cart interface for every operator who adds that item to a transaction.This issue...

4.8CVSS5.6AI score0.00261EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.18 views

PT-2026-46858

Summary AVideo stores category descriptions from user input and later renders category description as raw HTML in the Gallery view. A user who can create or edit categories can store JavaScript in a category description, which executes when another user views the affected Gallery/category page...

5.4CVSS5.9AI score0.00162EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/01 10:3 p.m.13 views

CVE-2026-48810

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, while investigating the ThreadPolicy::delete issue reported previously, the same missing mailbox membership check was found in the sibling ThreadPolicy::edit method. A user with the...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 7:48 p.m.27 views

CVE-2026-48810

FreeScout (Laravel PHP) contains a vulnerability where ThreadPolicy::edit allows a user with PERM_EDIT_CONVERSATIONS who created a message in Mailbox A to rewrite the thread after being removed from the mailbox, due to a missing mailbox membership check (the same issue observed in ThreadPolicy::d...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 7:48 p.m.9 views

CVE-2026-48810 FreeScout: Thread Edit Authorization Bypass via Missing Mailbox Check

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, while investigating the ThreadPolicy::delete issue reported previously, the same missing mailbox membership check was found in the sibling ThreadPolicy::edit method. A user with the...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 7:29 p.m.15 views

EUVD-2026-31962

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/id with permissionsadmin=1. The API controller only strips the superuser key from the...

8.8CVSS5.8AI score0.00314EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

Snipe-IT 安全漏洞

Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT prior to 8.4.1 contained security vulnerabilities. These vulnerabilities stemmed from the API controller, which only removed the superuser key from the permission array, potentially...

8.8CVSS5.8AI score0.00314EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/18 6:53 a.m.39 views

CVE-2026-3637 Mattermost fails to enforce create_post permission when editing posts

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check the createpost channel permission during post edit operations which allows an authenticated attacker with revoked posting privileges to modify their existing posts via direct API requests to the post update and...

4.3CVSS0.00152EPSS
Exploits0References1
OSV
OSV
added 2026/05/15 9:31 p.m.8 views

GHSA-P26V-FX3X-R2RP Duplicate Advisory: phpMyFAQ's Missing CONFIGURATION_EDIT Permission Check on 12 Admin API Configuration Tab Endpoints Allows Information Disclosure by Any Authenticated User

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pqh6-8fxf-jx22. This link is maintained to preserve external references. Original Description phpMyFAQ before 4.1.2 contains missing permission checks in ConfigurationTabController.php where 12 endpoints use...

5.3CVSS5.3AI score0.00221EPSS
Exploits0References3
NVD
NVD
added 2026/05/15 7:17 p.m.21 views

CVE-2026-46360

phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in SvgSanitizer::decodeAllEntities that limits recursive entity decoding to 5 iterations, allowing attackers to bypass sanitization. Authenticated users with FAQEDIT permission can upload malicious SVG files with deeply...

5.4CVSS0.00153EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 9:16 p.m.14 views

CVE-2026-45708

CubeCart is an ecommerce software solution. Prior to 6.7.3, an admin with documents edit permission can save raw into the Invoice Editor. The next time any admin clicks Print on any order, the rendered template is written to files/print..php. files/.htaccess ships an explicit allow from all...

7.2CVSS0.00306EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/08 3:30 a.m.12 views

EUVD-2026-28495

Kimai is an open-source time tracking application. Prior to version 2.54.0, the Team API endpoints use IsGranted'editteam' instead of IsGranted'edit', 'team', causing Symfony TeamVoter to abstain from voting. This removes entity-level ownership checks on team operations, allowing any user with th...

3.3CVSS5.8AI score0.00247EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/08 3:30 a.m.8 views

CVE-2026-41498 Kimai: Team API Missing Object-Level Authorization

Kimai is an open-source time tracking application. Prior to version 2.54.0, the Team API endpoints use IsGranted'editteam' instead of IsGranted'edit', 'team', causing Symfony TeamVoter to abstain from voting. This removes entity-level ownership checks on team operations, allowing any user with th...

3.3CVSS5.7AI score0.00247EPSS
Exploits1References2
Rows per page
Query Builder