Lucene search
K

14 matches found

NVD
NVD
added 2026/04/01 11:15 a.m.6 views

CVE-2026-24096

Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 beta before version 2.5.0b2 and 2.4.0 before version 2.4.0p25 allows low-privileged users to perform unauthorized actions or obtain sensitive information...

8.8CVSS0.00236EPSS
Exploits0References1
Veracode
Veracode
added 2025/09/25 5:30 a.m.6 views

Improper Access Control

contao/contao is vulnerable to Improper Access Control. The vulnerability is due to insufficient permission validation in certain conditions, which allows an attacker to edit fields of pages and articles without the necessary permissions...

4.3CVSS6.9AI score0.00225EPSS
Exploits0References5Affected Software2
Veracode
Veracode
added 2025/05/05 2:15 a.m.10 views

Improper Authorization

github.com/mattermost/mattermost-server is vulnerable to improper authorization. The vulnerability is due to insufficient permission validation for the API endpoint /plugins/playbooks/api/v0/signal/keywords/ignore-thread, allowing any user or attacker to delete posts created by the Playbooks bot...

4.3CVSS6.6AI score0.0023EPSS
Exploits0References4Affected Software2
RedhatCVE
RedhatCVE
added 2025/02/05 3:57 a.m.10 views

CVE-2024-27923

Grav is a content management system CMS. Prior to version 1.7.43, users who may write a page may use the frontmatter feature due to insufficient permission validation and inadequate file name validation. This may lead to remote code execution. Version 1.7.43 fixes this issue...

8.8CVSS7.6AI score0.01357EPSS
Exploits1References1
Veracode
Veracode
added 2024/12/13 5:28 a.m.11 views

Improper Permission Validation

github.com/goharbor/harbor is vulnerable to Improper Permission Validation. The vulnerability is due to insufficient permission validation when processing requests to update p2p preheat policies, allowing attackers to modify policies in projects they do not have access to...

7.7CVSS7AI score0.00296EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/03/21 2:52 a.m.41 views

CVE-2024-27923

Grav is a content management system CMS. Prior to version 1.7.43, users who may write a page may use the frontmatter feature due to insufficient permission validation and inadequate file name validation. This may lead to remote code execution. Version 1.7.43 fixes this issue...

8.8CVSS9AI score0.01357EPSS
Exploits1References2
Veracode
Veracode
added 2024/03/07 10:30 a.m.14 views

Insufficient Permission Validation

getgrav/grav is vulnerable to Insufficient Permission Validation. The vulnerability is due to enabling regular users with page creation privileges to access the Frontmatter feature when the datajsonheaderform parameter is included in the POST body while creating a page. The vulnerability is also...

8.8CVSS7.4AI score0.01357EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/12/21 3:15 p.m.6 views

CVE-2023-7047

Inadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. This affects only SQL dat...

4.4CVSS5.9AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2023/12/11 1:58 p.m.46 views

CVE-2023-6186

An insufficient permission validation vulnerability was found in LibreOffice. In versions that support running commands in hyperlinks, an attacker can execute built-in macros without warning the user...

8.3CVSS8.4AI score0.00772EPSS
Exploits0References4
NVD
NVD
added 2023/12/11 12:15 p.m.22 views

CVE-2023-6186

Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning th...

8.8CVSS0.00772EPSS
Exploits0References4
Prion
Prion
added 2023/10/30 7:15 a.m.15 views

Input validation

In MLSoft TCO!stream versions 8.0.22.1115 and below, a vulnerability exists due to insufficient permission validation. This allows an attacker to make the victim download and execute arbitrary files...

7.5CVSS9.4AI score0.00268EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/10/30 6:17 a.m.18 views

CVE-2023-45799 MLSoft TCO!stream Remote Code Execution Vulnerability

In MLSoft TCO!stream versions 8.0.22.1115 and below, a vulnerability exists due to insufficient permission validation. This allows an attacker to make the victim download and execute arbitrary files...

7.2CVSS9.7AI score0.00268EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/04/05 12:0 a.m.3 views

PT-2023-16651 · Bhima · Bhima

Name of the Vulnerable Software and Affected Versions: Bhima version 1.27.0 Description: The application is vulnerable to IDOR, which allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the...

6.5CVSS6.8AI score0.00669EPSS
Exploits1References7
Cvelist
Cvelist
added 2022/03/02 9:20 p.m.23 views

CVE-2021-46270

JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation...

2.7CVSS3.9AI score0.00631EPSS
Exploits0References2
Rows per page
Query Builder