CVE-2026-28553

Vulnerability of improper permission control in the theme setting module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2026-49374

In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters...

CVE-2026-49374

CVE-2026-49374 affects JetBrains TeamCity before 2026.1, where improper permission checks exposed build configuration parameters. The CVSS 3.1 base score is 7.6 (HIGH) with Network attack vector, Low attack complexity, Privileges Required: LOW, and UI none. Impact: Confidentiality HIGH, Integrity...

CVE-2026-49374

In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters...

CVE-2026-42280 Improper Permission Checking in Auth.js SDK

Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0...

kvf-admin 安全漏洞

kvf-admin is a set of rapid development frameworks, scaffolding, backend management systems, and permission systems developed by KalvinGit’s individual developers. Version 1.1.0 of kvf-admin contains a security vulnerability. This vulnerability stems from improper permission settings in the...

ROS-20260524-73-0047

Vulnerability in grafana related to improper saving of permissions. Exploitation of the vulnerability could allow an attacker to escalate privileges...

Mesalvo Meona Client Launcher Component和Mesalvo Meona Server Component 安全漏洞

The Mesalvo Meona Client Launcher Component and the Mesalvo Meona Server Component are both products of the Mesalvo company. The Mesalvo Meona Client Launcher Component is a component designed for launching clients of medical information systems and facilitating application access. The Mesalvo...

Mattermost Plugins 安全漏洞

Mattermost Plugins is a plugin provided by the American company Mattermost, offering powerful feature extensions and tight integration with servers and network/desktop applications. Versions 11.5, 11.1.5, 10.13.11, and 11.3.4.0 of Mattermost Plugins contain security vulnerabilities. These...

CVE-2026-21022

Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information...

SAMSUNG SMR 安全漏洞

SAMSUNG SMR is a system patch package developed by Samsung Electronics of South Korea. It provides patches for Samsung mobile applications. Versions prior to SAMSUNG SMR May-2026 Release 1 contained security vulnerabilities, which were caused by improper handling of insufficient permissions. Thes...

Wagtail has improper permission handling when comparing revisions

Impact A CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in disclosure of sensitive information. Patches Patched versions have been released as Wagtail 7.0...

NPM: Auth.js SDK has Improper Permission Checking

NPM: Auth.js SDK has Improper Permission Checking vulnerability discovered by ? in WordPress Npm auth0-js versions = 8.11.0, = 9.32.0...

runZero Platform 安全漏洞

runZero Platform is an asset discovery and attack surface management platform developed by the US company runZero. Versions of runZero Platform prior to v4.0.260416.0 contained security vulnerabilities. These vulnerabilities were due to improper permission management, which could allow dashboard...

AVEVA Pipeline Simulation 安全漏洞

AVEVA Pipeline Simulation is a pipeline simulation software developed by AVEVA, a British company. AVEVA Pipeline Simulation has a security vulnerability. This vulnerability stems from improper permission verification, which may allow unverified attackers to perform privileged operations, resulti...

Lenovo Software Fix 安全漏洞

Lenovo Software Fix is a system repair tool developed by the Chinese company Lenovo. Lenovo Software Fix has a security vulnerability, which stems from improper permission verification. This vulnerability may allow locally authenticated users to execute arbitrary code with elevated privileges...

Lenovo Software Fix 安全漏洞

Lenovo Software Fix is a system repair tool developed by the Chinese company Lenovo. Lenovo Software Fix has a security vulnerability, which stems from improper permission verification during the installation process. This vulnerability may allow locally authenticated users to execute write...

EUVD-2026-21791

Vulnerability of improper permission control in the theme setting module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2026-28553

Vulnerability of improper permission control in the theme setting module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2026-28553

Vulnerability of improper permission control in the theme setting module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...