Lucene search
K

16 matches found

Vulnrichment
Vulnrichment
added 2026/05/12 9:2 p.m.7 views

CVE-2026-26289 Subnet Solutions PowerSYSTEM Center Incorrect Authorization

PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only...

8.4CVSS5.8AI score0.00135EPSS
Exploits0References2
NVD
NVD
added 2026/01/15 1:16 p.m.6 views

CVE-2026-22914

An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation...

6.5CVSS0.00284EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/01/15 1:6 p.m.3 views

CVE-2026-22914

An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation...

4.3CVSS6.6AI score0.00284EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/09 12:41 p.m.6 views

CVE-2023-25195

Server-Side Request Forgery SSRF vulnerability in Apache Software Foundation Apache Fineract. Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic. This issue affects Apache Fineract: from 1.4 through 1.8.3...

8.1CVSS7AI score0.00982EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/21 8:12 p.m.5 views

Security Bulletin: Terraform state versions can be created by users with specific permissions without sufficient write access

Summary Terraform state versions can be created by a user with specific but insufficient permissions in a Terraform Enterprise workspace. This may allow for the alteration of infrastructure if a subsequent plan operation is approved by a user with approval permission or is auto-applied. This...

4.3CVSS6.5AI score0.00158EPSS
Exploits0Affected Software1
NVD
NVD
added 2025/11/21 3:15 p.m.4 views

CVE-2025-13432

Terraform state versions can be created by a user with specific but insufficient permissions in a Terraform Enterprise workspace. This may allow for the alteration of infrastructure if a subsequent plan operation is approved by a user with approval permission or auto-applied. This vulnerability,...

4.3CVSS0.00158EPSS
Exploits0References1
NVD
NVD
added 2025/10/23 4:16 a.m.5 views

CVE-2025-47699

Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE-497 in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical changes to local Morpho devices. This issue affects Command Centre Server: 9.30 prior to...

9.9CVSS0.00309EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/19 6:33 p.m.27 views

CVE-2023-45809 Disclosure of user names via admin bulk action views in wagtail

Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from making any change...

2.7CVSS4.1AI score0.00454EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/08/31 12:0 a.m.23 views

FreeBSD : py-wagtail -- stored XSS vulnerability (17efbe19-4e72-426a-8016-2b4e001c1378)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 17efbe19-4e72-426a-8016-2b4e001c1378 advisory. - Wagtail is an open source content management system built on Django. Starting in version 1.5 and prio...

6.4CVSS5.7AI score0.00772EPSS
Exploits0References3
OSV
OSV
added 2023/04/03 5:25 p.m.51 views

GHSA-5286-F2RF-35C2 Wagtail vulnerable to stored Cross-site Scripting attack via ModelAdmin views

Impact A stored cross-site scripting XSS vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft pages and documents that, when viewed by a user with higher privileges, could perform...

7.5CVSS5.8AI score0.00772EPSS
Exploits0References12
Prion
Prion
added 2023/04/03 5:15 p.m.20 views

Cross site scripting

Wagtail is an open source content management system built on Django. Starting in version 1.5 and prior to versions 4.1.4 and 4.2.2, a stored cross-site scripting XSS vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for th...

4.9CVSS5.3AI score0.00772EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2023/04/03 12:0 a.m.45 views

CVE-2023-28836 Wagtail vulnerable to stored Cross-site Scripting attack via ModelAdmin views

Wagtail is an open source content management system built on Django. Starting in version 1.5 and prior to versions 4.1.4 and 4.2.2, a stored cross-site scripting XSS vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for th...

6.4CVSS6.3AI score0.00772EPSS
Exploits0References8
OSV
OSV
added 2023/04/03 12:0 a.m.39 views

CVE-2023-28836 Wagtail vulnerable to stored Cross-site Scripting attack via ModelAdmin views

Wagtail is an open source content management system built on Django. Starting in version 1.5 and prior to versions 4.1.4 and 4.2.2, a stored cross-site scripting XSS vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for th...

6.4CVSS5.1AI score0.00772EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2020/04/24 12:0 a.m.27 views

FreeBSD : Wagtail -- XSS vulnerability (8d85d600-84a9-11ea-97b9-08002728f74c)

Wagtail release notes : CVE-2020-11001: Possible XSS attack via page revision comparison view This release addresses a cross-site scripting XSS vulnerability on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail...

6.8CVSS6.1AI score0.01273EPSS
Exploits1References4
Prion
Prion
added 2020/04/14 11:15 p.m.11 views

Cross site scripting

In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting XSS vulnerability exists on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft a page revision history that, when...

3.5CVSS6.3AI score0.01273EPSS
Exploits1References3Affected Software1
PyPA
PyPA
added 2020/04/14 11:15 p.m.5 views

PYSEC-2020-152

In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting XSS vulnerability exists on the page revision comparison view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft a page revision history that, when...

6.8CVSS5.8AI score0.01273EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder