Lucene search
K

41 matches found

Vulnrichment
Vulnrichment
added 2026/07/06 4:13 p.m.6 views

CVE-2026-40141 High-Severity Vulnerability In Web Application Component of BeyondTrust Remote Support and Privileged Remote Access

A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to acces...

8.5CVSS6AI score0.00478EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 4:13 p.m.5 views

CVE-2026-40141

A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to acces...

9.9CVSS6AI score0.00478EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.7 views

PT-2026-55953

A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to acces...

9.9CVSS6AI score0.00478EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.26 views

Broadcom Symantec Endpoint Protection CleanWipe Removal Tool 权限许可和访问控制问题漏洞

The Broadcom CleanWipe Removal Tool is an enterprise-level security software uninstallation tool developed by Broadcom Corporation. Versions of the Broadcom CleanWipe Removal Tool prior to version 16.0.0.65 contained security vulnerabilities. These vulnerabilities could allow attackers with limit...

5.4CVSS5.8AI score0.00107EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 9:2 p.m.37 views

CVE-2026-26289 Subnet Solutions PowerSYSTEM Center Incorrect Authorization

PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only...

8.4CVSS0.00135EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Subnet Solutions PowerSYSTEM Center 安全漏洞

Subnet Solutions PowerSYSTEM Center is a power solution offered by Subnet Solutions. There is a security vulnerability present in Subnet Solutions PowerSYSTEM Center. This vulnerability stems from insufficient permission restrictions on the REST API endpoints exported by device accounts. As a...

8.4CVSS5.8AI score0.00135EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/31 5:0 p.m.3 views

CVE-2026-5170

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

6CVSS5.9AI score0.00203EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/30 3:28 p.m.1 views

CVE-2026-5170 Users could trigger a crash of mongod primaries during promotion to sharded

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

6CVSS5.9AI score0.00203EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/30 3:28 p.m.24 views

CVE-2026-5170 Users could trigger a crash of mongod primaries during promotion to sharded

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

6CVSS0.00203EPSS
Exploits0References1
MongoDB
MongoDB
added 2026/03/30 3:28 p.m.11 views

Users could trigger a crash of mongod primaries during promotion to sharded

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

6CVSS5.2AI score0.00203EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.5 views

PT-2026-29047

Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 8.2.2 MongoDB Server versions 8.0.18 through 8.0.18 MongoDB Server versions 7.0.31 through 7.0.31 Description A user with limited privileges within a cluster can cause a mongod process to crash when the cluster...

6CVSS5.9AI score0.00203EPSS
Exploits0References15
Veracode
Veracode
added 2026/02/03 9:39 a.m.9 views

Information Disclosure

Keycloak is vulnerable to sensitive Information Disclosure. The vulnerability is due to insufficient enforcement of User Profile visibility controls in the Admin API, where a limited-privilege administrator can access sensitive custom user attributes via the /unmanagedAttributes endpoint, bypassi...

2.7CVSS5.5AI score0.00364EPSS
Exploits0References7Affected Software2
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.29 views

PT-2026-1876

Name of the Vulnerable Software and Affected Versions TIM BPM Suite/ TIM FLOW versions through 9.1.2 Description The software contains multiple Hibernate Query Language injection flaws. A user with limited privileges can exploit these to obtain passwords of other users and access sensitive data...

5.4CVSS6.9AI score0.00195EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.3 views

FreeBSD : MongoDB -- Missing Authorization (eda92945-ced4-11f0-a958-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the eda92945-ced4-11f0-a958-b42e991fc52e advisory. https://jira.mongodb.org/browse/SERVER-103582 reports: A user with access to the cluster with a limited...

6.5CVSS5.4AI score0.00192EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/25 5:16 a.m.3 views

CVE-2025-13643 MongoDB Server may allow queries to be terminated by unauthorized users

A user with access to the cluster with a limited set of privilege actions may be able to terminate queries that are being executed by other users. This may cause a denial of service by preventing a fraction of queries from successfully completing. This issue affects MongoDB Server v7.0 versions...

3.1CVSS6.5AI score0.00192EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/15 8:25 a.m.6 views

EUVD-2025-34553

The Binary MLM Plan plugin for WordPress is vulnerable to limited Privilege Escalation in all versions up to, and including, 3.0. This is due to bmpuser role granting all users with the managebmp capability by default upon registration through the plugin's form. This makes it possible for...

6.5CVSS5.4AI score0.00317EPSS
Exploits0References3
NVD
NVD
added 2025/10/07 1:15 p.m.5 views

CVE-2025-3719

An access control vulnerability was discovered in the CLI functionality due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can issue administrative CLI commands, altering the device configuration, and/o...

8.1CVSS0.0025EPSS
Exploits0References1
NOZOMI
NOZOMI
added 2025/10/07 12:0 a.m.5 views

Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0

Summary A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. Impact An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing...

6.5CVSS8.1AI score0.00223EPSS
Exploits0Affected Software2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-46781

Malicious code in bioql PyPI...

6.3CVSS6.6AI score0.00165EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-27682

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00192EPSS
Exploits0References1
Rows per page
Query Builder