Lucene search
K

5692 matches found

Snyk
Snyk
added 5 days ago5 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the PUT /api/v2/users/user/password endpoint. An attacker can gain unauthorized access to owner-level accounts by resetting their passwords without knowing the current password, allowing privilege escalation a...

8.6CVSS6AI score0.00615EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago4 views

EUVD-2026-41892

An improper authorization vulnerability in the Plesk XML API allows an authenticated user to inject arbitrary configuration directives, resulting in arbitrary file write as root and full privilege escalation on the underlying server...

9.9CVSS6.1AI score0.00294EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-48614

An improper authorization vulnerability in the Plesk XML API allows an authenticated user to inject arbitrary configuration directives, resulting in arbitrary file write as root and full privilege escalation on the underlying server...

9.9CVSS6.1AI score0.00294EPSS
Exploits0References2
OSV
OSV
added 5 days ago4 views

BIT-TOMCAT-2026-55956 Apache Tomcat: Security constraints for default servlet ignored method

Improper Authorization vulnerability in Apache Tomcat leads to security constraints specified for the default servlet ignoring any method or method omission configured as part of the constraint. This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.0...

6.5CVSS5.9AI score0.0041EPSS
Exploits0References3
OSV
OSV
added 5 days ago4 views

BIT-ACTIVEMQ-2026-49877 Apache ActiveMQ: Authenticated web users retain admin access by default in the Web Console

Improper Authorization vulnerability in Apache ActiveMQ. An authenticated low-privilege Web Console user by default can access /admin/ paths in the Web Console. The default Jetty settings incorrectly did not limit those paths to only admins. This issue affects Apache ActiveMQ: before 5.19.8, from...

8.1CVSS5.9AI score0.0051EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-14794 Craft CMS Charts Endpoint ChartsController.php actionGetNewUsersData improper authorization

A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the component Charts Endpoint. This manipulation of the argument userGroupId causes improper authorization. The attack is...

5.3CVSS0.00222EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-14794

A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the component Charts Endpoint. This manipulation of the argument userGroupId causes improper authorization. The attack is...

5.3CVSS5.5AI score0.00222EPSS
Exploits0References7Affected Software1
CVE
CVE
added 5 days ago12 views

CVE-2026-14794

Craft CMS vulnerability CVE-2026-14794 affects the Charts Endpoint (ChartsController.php, actionGetNewUsersData). The issue arises from input manipulation of userGroupId causing improper authorization, enabling a remote attack. Affected versions are Craft CMS up to 4.18.0.1; a fix is available in...

5.3CVSS5.5AI score0.00222EPSS
Exploits0References6
NVD
NVD
added 5 days ago9 views

CVE-2026-14778

A security vulnerability has been detected in SourceCodester Onlne Examination & Learning Management System 1.0. This affects an unknown part of the file /ajaxenroll.php of the component Enrollment Management. The manipulation of the argument studentid/scheduleid/action leads to improper...

7.5CVSS0.00294EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-55960

An improper authorization vulnerability in the Plesk XML API allows an authenticated user to inject arbitrary configuration directives, resulting in arbitrary file write as root and full privilege escalation on the underlying server...

9.9CVSS6.1AI score0.00294EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago38 views

CVE-2026-14778 SourceCodester Onlne Examination & Learning Management System Enrollment Management ajax_enroll.php improper authorization

A security vulnerability has been detected in SourceCodester Onlne Examination & Learning Management System 1.0. This affects an unknown part of the file /ajaxenroll.php of the component Enrollment Management. The manipulation of the argument studentid/scheduleid/action leads to improper...

7.5CVSS0.00294EPSS
Exploits0References6
CVE
CVE
added 6 days ago12 views

CVE-2026-14778

The CVE concerns SourceCodester Onlne Examination & Learning Management System 1.0. The vulnerability is in the Enrollment Management component, specifically the /ajax_enroll.php file, where manipulation of the arguments student_id, schedule_id, or action leads to improper authorization. This all...

7.5CVSS6.6AI score0.00294EPSS
Exploits0References6
NVD
NVD
added 6 days ago10 views

CVE-2026-14690

A weakness has been identified in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This affects the function saveusers of the file classes/Users.php. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been made availabl...

7.5CVSS0.00288EPSS
Exploits0References6
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-41716

A flaw has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this vulnerability is the function cancelorder of the file classes/Master.php. Executing a manipulation can lead to improper authorization. The attack may be performed from remote. The exploit h...

5.5CVSS5.6AI score0.0023EPSS
Exploits0References6
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-14693 SourceCodester Multi-Vendor Online Grocery Management System Master.php cancel_order improper authorization

A flaw has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this vulnerability is the function cancelorder of the file classes/Master.php. Executing a manipulation can lead to improper authorization. The attack may be performed from remote. The exploit h...

5.5CVSS0.0023EPSS
Exploits0References6
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-14690 SourceCodester Multi-Vendor Online Grocery Management System Users.php save_users improper authorization

A weakness has been identified in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This affects the function saveusers of the file classes/Users.php. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been made availabl...

7.5CVSS0.00288EPSS
Exploits0References6
EUVD
EUVD
added 6 days ago9 views

EUVD-2026-41712

A weakness has been identified in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This affects the function saveusers of the file classes/Users.php. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been made availabl...

7.5CVSS6.8AI score0.00288EPSS
Exploits0References6
CVE
CVE
added 6 days ago18 views

CVE-2026-14690

Affected product: SourceCodester Multi-Vendor Online Grocery Management System 1.0. Vulnerable component: function save_users in classes/Users.php. Root cause: manipulation leads to improper authorization. Impact described: remote exploitation is possible and the exploit has been made publicly av...

7.5CVSS6.8AI score0.00288EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-55835

Name of the Vulnerable Software and Affected Versions SourceCodester Onlne Examination & Learning Management System version 1.0 Description Improper authorization occurs in the Enrollment Management component within the /ajax enroll.php endpoint. A remote attacker can manipulate the student id,...

7.5CVSS7.1AI score0.00294EPSS
Exploits0References9
Veracode
Veracode
added last week5 views

Improper Authorization

Craft CMS is vulnerable to Improper Authorization. The vulnerability is due to missing authorization checks when deleting asset folders, where the folder deletion operation does not enforce peer asset delete permissions, allowing low-privilege users to delete assets uploaded by other users in...

7.1CVSS6AI score0.00249EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder