Lucene search
K

171 matches found

Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.12 views

PT-2026-55549

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description An issue in the administrative interface occurs when Fine-Grained Admin Permissions FGAP v2 are enabled. An administrator with permission to view a specific role can access a list of all...

4.3CVSS6.1AI score0.00172EPSS
Exploits0References6
NVD
NVD
added 2026/06/30 11:17 p.m.10 views

CVE-2026-57995

phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in GroupController::updatePermissions that allows GROUPEDIT administrators to grant arbitrary rights to groups without verifying they hold those rights themselves. A delegated administrator can exploit this by assigning high-valu...

8.8CVSS0.00325EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/30 10:8 p.m.4 views

CVE-2026-57995

phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in GroupController::updatePermissions that allows GROUPEDIT administrators to grant arbitrary rights to groups without verifying they hold those rights themselves. A delegated administrator can exploit this by assigning high-valu...

8.8CVSS5.8AI score0.00325EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 10:8 p.m.24 views

CVE-2026-57995

phpMyFAQ

8.8CVSS5.8AI score0.00325EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.10 views

PT-2026-54050

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.1.5 Description An issue exists in the updatePermissions function within the GroupController that allows administrators with GROUP EDIT privileges to grant arbitrary rights to groups without verifying if they posse...

8.8CVSS6.2AI score0.00325EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.17 views

PT-2026-52204

Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.6 through 18.11.5 GitLab EE versions 19.0 through 19.0.2 GitLab EE versions 19.1 through 19.1.0 Description An authorization bypass exists that allows an authenticated user to read or modify the virtual registry cleanup...

5.4CVSS5.8AI score0.00171EPSS
Exploits0References7
Veracode
Veracode
added 2026/06/19 11:22 a.m.11 views

Information Disclosure

Keycloak is vulnerable to Information Disclosure. The vulnerability is due to insufficient enforcement of user profile permissions in the group members endpoint, allowing an administrator with delegated access to read group memberships and users to view user attributes that are explicitly...

2.7CVSS5.8AI score0.00348EPSS
Exploits0References7Affected Software2
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.9 views

CVE-2026-6341

Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to have API-level checks on which groups the user can create issues or attach comments to which allows a user that is member of multiple groups to create issues to a locked group via direct API requests. Mattermost Advisory ID:...

4.3CVSS5.5AI score0.00152EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.14 views

PT-2026-42827

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.12.5 authentik versions 2026.2.0-rc1 through 2026.2.2 Description The 'PATCH /api/v3/core/users/pk/' API allows a caller with change user permissions on a target user to assign arbitrary groups via...

8.1CVSS6AI score0.00535EPSS
Exploits0References10
NVD
NVD
added 2026/05/18 8:16 a.m.12 views

CVE-2026-6341

Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to have API-level checks on which groups the user can create issues or attach comments to which allows a user that is member of multiple groups to create issues to a locked group via direct API requests. Mattermost Advisory ID:...

4.3CVSS0.00152EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/18 7:5 a.m.17 views

EUVD-2026-30746

Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to have API-level checks on which groups the user can create issues or attach comments to which allows a user that is member of multiple groups to create issues to a locked group via direct API requests. Mattermost Advisory ID:...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References1
NVD
NVD
added 2026/04/17 9:16 p.m.9 views

CVE-2026-40196

HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned to a user after being invited to a group, even after their access to that group was revoked. While the web interface correctly enforced the...

8.1CVSS0.00247EPSS
Exploits0References2
NVD
NVD
added 2026/04/08 11:17 p.m.7 views

CVE-2026-4916

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom role permissions to demote or remove higher-privileged group members due to improper authorization...

2.7CVSS0.00348EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.3 views

CVE-2026-33302

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the module ACL function AclMain::zhAclCheck only checks for the presence of any "allow" user or group. It never checks for explicit "deny" allowed=0. As a result,...

8.6CVSS5.8AI score0.00315EPSS
Exploits1References1
CVE
CVE
added 2026/03/23 4:28 p.m.13 views

CVE-2026-33501

Summary (CVE-2026-33501 in WWBN AVideo) : Versions up to 26.0 expose an unauthenticated information disclosure via the Permissions plugin. The endpoint plugin/Permissions/View/Users_groups_permissions/list.json.php returns the full users_groups_permissions table without any authentication/authori...

5.3CVSS5.7AI score0.0043EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/20 8:57 p.m.9 views

AVideo has Unauthenticated Information Disclosure of User Group Permission Mappings via Permissions Plugin

Summary The endpoint plugin/Permissions/View/Usersgroupspermissions/list.json.php lacks any authentication or authorization check, allowing unauthenticated users to retrieve the complete permission matrix mapping user groups to plugins. All sibling endpoints in the same directory add.json.php,...

5.3CVSS5.9AI score0.0043EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.6 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.26 contained security vulnerabilities. These vulnerabilities stemmed from an authorization bypass in the Signal group permission list policy, which could allow unauthorized acce...

4.6CVSS5.8AI score0.00152EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/16 3:30 p.m.7 views

EUVD-2017-18930

Serviio PRO 1.8 contains an unquoted search path vulnerability in the Windows service that allows local users to execute arbitrary code with elevated privileges by placing malicious executables in the system root path. Additionally, improper directory permissions with full access for the Users...

8.5CVSS6.2AI score0.00141EPSS
Exploits1References8
CVE
CVE
added 2026/03/15 6:34 p.m.8 views

CVE-2017-20218

CVE-2017-20218 affects Serviio PRO 1.8 on Windows. The vulnerability is twofold: (1) an unquoted search path in the Windows service allows local attackers to run arbitrary code with elevated privileges by dropping malicious executables in the system root, and (2) overly permissive directory ACLs ...

8.5CVSS6.2AI score0.00141EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/02/26 9:23 p.m.8 views

CVE-2026-28218

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, fail-open access control in Data Explorer plugin allows any authenticated user to execute SQL queries that have no explicit group assignments, including built-in system queries. Versions 2025.12....

5.4CVSS6AI score0.00151EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder