Lucene search
K

170 matches found

CVE
CVE
added 2 days ago8 views

CVE-2026-9820

Mattermost versions 11.7.x <= 11.7.2 and 10.11.x

3.8CVSS6.1AI score0.00152EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/07/02 2:13 p.m.4 views

PYSEC-2026-735 Improper Restriction of XML External Entity Reference in Plone

Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata therefore, only available to the Manager role...

8.8CVSS6AI score0.01066EPSS
Exploits0References7
OSV
OSV
added 2026/07/02 2:13 p.m.4 views

PYSEC-2026-737 SSRF attacks via tracebacks in Plone

Plone before 5.2.3 allows SSRF attacks via the tracebacks feature only available to the Manager role...

8.8CVSS5.9AI score0.01066EPSS
Exploits0References7
OSV
OSV
added 2026/07/02 2:13 p.m.3 views

PYSEC-2026-736 Improper Restriction of XML External Entity Reference in Plone

Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role...

8.8CVSS6AI score0.01066EPSS
Exploits0References7
NVD
NVD
added 2026/06/30 7:16 a.m.12 views

CVE-2026-9576

The Fluent Booking WordPress plugin before 2.1.2 does not verify ownership of the requested groupid before exporting attendee data via the export endpoint, allowing users with at least the Calendar Manager role to retrieve attendees' PII name, email, phone, address, payment information from...

4.9CVSS0.00234EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 1:37 p.m.37 views

CVE-2026-8074 Improper Permission Check Allows User Manager to Deactivate Bot Accounts

Mattermost versions 11.7.x = 11.7.0, 10.11.x = 10.11.17 fail to enforce bot-specific permission checks on the user active status endpoint, which allows a User Manager with user management write access but no Integrations access to deactivate bot accounts via the PUT /api/v4/users/id/active API...

3.8CVSS0.00192EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.11 views

CVE-2026-41225

A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

9.1CVSS5.7AI score0.00272EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.9 views

CVE-2026-42406

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...

8.7CVSS5.7AI score0.0015EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.10 views

CVE-2026-39459

A vulnerability exists in iControl REST and the TMOS Shell tmsh where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...

8.6CVSS5.6AI score0.00257EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/25 3:39 p.m.28 views

CVE-2026-27768

SQL Injection affecting the Access Manager role...

6.6CVSS0.0034EPSS
Exploits0References3
CVE
CVE
added 2026/05/25 3:39 p.m.41 views

CVE-2026-27768

CVE-2026-27768 is a SQL Injection vulnerability affecting the Access Manager role. The CVSS 3.1 vector (NETWORK, HIGH complexity, HIGH privileges required, NONE user interaction) yields a base score of 6.6 (MEDIUM). The provided documents do not specify affected products/versions beyond attributi...

6.6CVSS5.9AI score0.0034EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/25 3:39 p.m.12 views

EUVD-2026-31705

SQL Injection affecting the Access Manager role...

6.6CVSS5.9AI score0.0034EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/21 12:0 a.m.35 views

F5 Networks BIG-IP : iControl REST vulnerability (K000160916)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160916 advisory. A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at leas...

9.1CVSS6AI score0.00272EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/21 12:0 a.m.15 views

F5 Networks BIG-IP : iControl REST and tmsh vulnerability (K000160863)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.2 / 17.5.1.6 / 21.0.0.2. It is, therefore, affected by a vulnerability as referenced in the K000160863 advisory. A vulnerability exists in iControl REST and the TMOS Shell tmsh where a highly privileged, authenticat...

8.6CVSS5.8AI score0.00257EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/19 12:0 a.m.8 views

CVE-2026-31069

BillaBear all versions prior to Jan 2026 contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using sprintf without proper sanitization or identifier quoting. Although...

6.1AI score0.00365EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/13 6:30 p.m.15 views

EUVD-2026-29986

A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

9.1CVSS5.9AI score0.00272EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/13 6:30 p.m.10 views

EUVD-2026-29961

A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...

8.7CVSS5.9AI score0.00156EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/13 6:30 p.m.11 views

EUVD-2026-29968

A vulnerability exists in iControl REST and the TMOS Shell tmsh where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...

8.6CVSS5.9AI score0.00257EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 4:16 p.m.10 views

CVE-2026-41225

A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

9.1CVSS0.00272EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:16 p.m.11 views

CVE-2026-39459

A vulnerability exists in iControl REST and the TMOS Shell tmsh where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands. Note: Software versions which have reached End of Technical Support EoTS are not...

8.6CVSS0.00257EPSS
Exploits0References1
Rows per page
Query Builder