14 matches found
CVE-2026-24096
Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 beta before version 2.5.0b2 and 2.4.0 before version 2.4.0p25 allows low-privileged users to perform unauthorized actions or obtain sensitive information...
Improper Access Control
contao/contao is vulnerable to Improper Access Control. The vulnerability is due to insufficient permission validation in certain conditions, which allows an attacker to edit fields of pages and articles without the necessary permissions...
Improper Authorization
github.com/mattermost/mattermost-server is vulnerable to improper authorization. The vulnerability is due to insufficient permission validation for the API endpoint /plugins/playbooks/api/v0/signal/keywords/ignore-thread, allowing any user or attacker to delete posts created by the Playbooks bot...
CVE-2024-27923
Grav is a content management system CMS. Prior to version 1.7.43, users who may write a page may use the frontmatter feature due to insufficient permission validation and inadequate file name validation. This may lead to remote code execution. Version 1.7.43 fixes this issue...
Improper Permission Validation
github.com/goharbor/harbor is vulnerable to Improper Permission Validation. The vulnerability is due to insufficient permission validation when processing requests to update p2p preheat policies, allowing attackers to modify policies in projects they do not have access to...
CVE-2024-27923
Grav is a content management system CMS. Prior to version 1.7.43, users who may write a page may use the frontmatter feature due to insufficient permission validation and inadequate file name validation. This may lead to remote code execution. Version 1.7.43 fixes this issue...
Insufficient Permission Validation
getgrav/grav is vulnerable to Insufficient Permission Validation. The vulnerability is due to enabling regular users with page creation privileges to access the Frontmatter feature when the datajsonheaderform parameter is included in the POST body while creating a page. The vulnerability is also...
CVE-2023-7047
Inadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. This affects only SQL dat...
CVE-2023-6186
An insufficient permission validation vulnerability was found in LibreOffice. In versions that support running commands in hyperlinks, an attacker can execute built-in macros without warning the user...
CVE-2023-6186
Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning th...
Input validation
In MLSoft TCO!stream versions 8.0.22.1115 and below, a vulnerability exists due to insufficient permission validation. This allows an attacker to make the victim download and execute arbitrary files...
CVE-2023-45799 MLSoft TCO!stream Remote Code Execution Vulnerability
In MLSoft TCO!stream versions 8.0.22.1115 and below, a vulnerability exists due to insufficient permission validation. This allows an attacker to make the victim download and execute arbitrary files...
PT-2023-16651 · Bhima · Bhima
Name of the Vulnerable Software and Affected Versions: Bhima version 1.27.0 Description: The application is vulnerable to IDOR, which allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the...
CVE-2021-46270
JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation...