Lucene search
K

182 matches found

EUVD
EUVD
added 2026/05/19 1:23 p.m.17 views

EUVD-2025-209895

A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags through the sync. When a victim views the affected remo...

6.5CVSS5.8AI score0.00186EPSS
Exploits0References1
NVD
NVD
added 2026/05/18 5:16 p.m.19 views

CVE-2026-41085

Thermo Fisher Scientific Torrent Suite Dx through 5.14.2 has a privilege escalation vulnerability that may allow an authenticated user with limited access privileges to gain unauthorized administrator-level privileges through exploitation of specific system interfaces...

8.8CVSS0.0026EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/18 12:0 a.m.6 views

CVE-2026-41085

Thermo Fisher Scientific Torrent Suite Dx through 5.14.2 has a privilege escalation vulnerability that may allow an authenticated user with limited access privileges to gain unauthorized administrator-level privileges through exploitation of specific system interfaces...

5.8AI score0.0026EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.5 views

Subnet Solutions PowerSYSTEM Center 安全漏洞

Subnet Solutions PowerSYSTEM Center is a power solution offered by Subnet Solutions Corporation. There is a security vulnerability present in Subnet Solutions PowerSYSTEM Center, which allows authenticated users with limited privileges to perform unauthorized project group deletions...

7CVSS5.8AI score0.00154EPSS
Exploits0References1
CVE
CVE
added 2026/04/27 6:10 p.m.18 views

CVE-2026-25908

Affected product: Dell Alienware Command Center (AWCC). Versions prior to 6.13.8.0 are vulnerable to an Execution with Unnecessary Privileges flaw that can allow a local, low-privilege attacker to achieve Elevation of Privileges. Several connected sources corroborate the issue and reference the D...

7.8CVSS5.3AI score0.00093EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/04/08 4:41 p.m.36 views

CVE-2026-33461

Kibana Fleet contains an Incorrect Authorization (CWE-863) flaw that allows a user with limited Fleet privileges to call an internal API endpoint and obtain full configuration objects, bypassing authorization checks in the dedicated settings APIs. The endpoint assembles a response by fetching com...

7.7CVSS5.9AI score0.00282EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/08 4:41 p.m.3 views

CVE-2026-33461 Incorrect Authorization in Kibana Fleet Leading to Information Disclosure

Incorrect Authorization CWE-863 in Kibana can lead to information disclosure via Privilege Abuse CAPEC-122. A user with limited Fleet privileges can exploit an internal API endpoint to retrieve sensitive configuration data, including private keys and authentication tokens, that should only be...

7.7CVSS5.9AI score0.00282EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/30 6:31 p.m.4 views

EUVD-2026-17115

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

6CVSS5.9AI score0.00203EPSS
Exploits0References2
NVD
NVD
added 2026/03/30 4:16 p.m.8 views

CVE-2026-5170

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

6CVSS0.00203EPSS
Exploits0References1
OSV
OSV
added 2026/03/30 4:16 p.m.2 views

UBUNTU-CVE-2026-5170

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

6CVSS5.8AI score0.00203EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/03/30 4:16 p.m.7 views

CVE-2026-5170

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

6CVSS5.9AI score0.00203EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/30 3:28 p.m.4 views

CVE-2026-5170

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

6CVSS5.9AI score0.00203EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/30 3:28 p.m.27 views

CVE-2026-5170

CVE-2026-5170 – summary : MongoDB Server is affected by a vulnerability where a user with limited privileges can cause a mongod crash during the window when a cluster is promoted from a replica set to a sharded cluster, resulting in a denial of service on the primary. Affected versions are MongoD...

6CVSS5.9AI score0.00203EPSS
Exploits0References1Affected Software1
FreeBSD
FreeBSD
added 2026/03/30 12:0 a.m.6 views

MongoDB Server -- CWE-617: Reachable Assertion

https://jira.mongodb.org/browse/SERVER-101758 reports: A user with access to the cluster with a limited set of privilege actions can trigger a crash of amongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may...

6CVSS5.9AI score0.00203EPSS
Exploits0References1
CVE
CVE
added 2026/03/10 8:26 a.m.7 views

CVE-2025-41710

CVE-2025-41710 describes an unauthenticated remote access issue where an attacker may use hard-coded credentials to reach a previously activated FTP server with limited read/write privileges. The CVSSv3.1 base score is 6.5 (Medium) with network attack vector, low attack complexity, and no user in...

6.5CVSS5.8AI score0.00387EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/10 8:26 a.m.25 views

CVE-2025-41710 Use of Hard-coded Credentials in power analyzer

An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges...

6.5CVSS0.00387EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/10 8:26 a.m.2 views

CVE-2025-41710 Use of Hard-coded Credentials in power analyzer

An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges...

6.5CVSS5.8AI score0.00387EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/02/25 9:16 p.m.8 views

CVE-2026-1747

GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packag...

4.3CVSS5.9AI score0.00229EPSS
Exploits0References4
OSV
OSV
added 2026/02/25 9:16 p.m.4 views

UBUNTU-CVE-2026-1747

GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packag...

4.3CVSS5.8AI score0.00229EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.7 views

PT-2026-7258

Name of the Vulnerable Software and Affected Versions SINEC NMS versions prior to 4.0 SP2 Description The application allows unauthorized modification of a configuration file by a user with limited privileges. This could enable an attacker to load malicious DLLs, potentially resulting in arbitrar...

8.5CVSS6.2AI score0.00238EPSS
Exploits0References8
Rows per page
Query Builder