Lucene search
K

305 matches found

Snyk
Snyk
added 2026/04/01 9:6 p.m.2 views

Missing Authorization

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authorization via the test.php endpoint and the retrieveSubscriptions process. An attacker can terminate active Stripe subscriptions belonging to other use...

7.1CVSS5.8AI score0.00281EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/26 11:37 p.m.1 views

CVE-2026-28786

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an unsanitized filename field in the speech-to-text transcription endpoint allows any authenticated non-admin user to trigger a FileNotFoundError whose message — including th...

4.3CVSS5.8AI score0.00427EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/26 6:55 a.m.2 views

CVE-2026-32680

The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation folder. If the installation folder is customized to some non-default one, the folder may be left with un-secure ACLs and non-administrative users can alter contents of that folder. It may allow a...

8.5CVSS6.1AI score0.00145EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.13 views

RATOC RAID Monitoring Manager for Windows 安全漏洞

RATOC RAID Monitoring Manager for Windows is a software developed by RATOC RAID in Japan, designed for monitoring and managing the RAID hard drive boxes it supports. RATOC RAID Monitoring Manager for Windows has a security vulnerability; this vulnerability stems from the installation program’s...

8.5CVSS7.5AI score0.00145EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/03/25 8:26 a.m.6 views

WordPress WP DSGVO Tools (GDPR) plugin <= 3.1.38 - Missing Authorization to Unauthenticated Account Destruction of Non-Admin Users vulnerability

Missing Authorization to Unauthenticated Account Destruction of Non-Admin Users vulnerability discovered by shark3y in WordPress Plugin WP DSGVO Tools GDPR versions = 3.1.38...

9.1CVSS5.8AI score0.00431EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/03/24 8:16 p.m.7 views

CVE-2026-33509

pyLoad is a free and open-source download manager written in Python. From version 0.4.0 to before version 0.5.0b3.dev97, the setconfigvalue API endpoint allows users with the non-admin SETTINGS permission to modify any configuration option without restriction. The reconnect.script config option...

8.8CVSS0.00529EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/19 8:27 p.m.22 views

CVE-2026-33304 OpenEMR has Authorization Bypass in Dated Reminders Log

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, an authorization bypass in the dated reminders log allows any authenticated non-admin user to view reminder messages belonging to other users, including associated patient...

6.5CVSS0.00312EPSS
Exploits1References2
OSV
OSV
added 2026/03/19 8:27 p.m.5 views

CVE-2026-33304 OpenEMR has Authorization Bypass in Dated Reminders Log

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, an authorization bypass in the dated reminders log allows any authenticated non-admin user to view reminder messages belonging to other users, including associated patient...

6.5CVSS6AI score0.00312EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/01 1:22 a.m.7 views

INSATutorat has an authorization bypass vulnerability in its /api/admin/* endpoints

Impact An authorization bypass vulnerability was discovered in the administration pages of the tutoring application. When a standard user logged in but without administrator privileges attempts to access a resource under /api/admin/, the system detects the error but does not block the request. As...

6AI score
Exploits0References3Affected Software1
CVE
CVE
added 2026/02/26 5:39 a.m.28 views

CVE-2026-23703

The CVE-2026-23703 entry concerns the FinalCode Client installer from Digital Arts Inc. A flaw in the installer's default permissions allows a non-administrative user to escalate to SYSTEM by exploiting local permission settings (LOCAL, PR:L, UI:N). The issue is confirmed by both the CVE record a...

8.5CVSS5.8AI score0.0012EPSS
Exploits0References2
NVD
NVD
added 2026/02/20 12:16 a.m.5 views

CVE-2026-26964

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Versions 1.634.6 and below allow non-admin users to obtain Slack OAuth client secrets, which should only be accessible to workspace administrators. The GET...

2.7CVSS0.00274EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.10 views

WindMill 信息泄露漏洞

WindMill is a free open-source tool developed by Lukasavicus’ individual developer. It is used to control the execution of tasks in Python. Versions of WindMill prior to 1.634.6 contained a vulnerability known as “information leakage,” which occurred because the Slack OAuth client token was...

2.7CVSS5.9AI score0.00274EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/19 11:57 p.m.26 views

CVE-2026-26964 Windmill Exposes Workspace Slack OAuth Client Secrets to Non-Admin Workspace Members

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Versions 1.634.6 and below allow non-admin users to obtain Slack OAuth client secrets, which should only be accessible to workspace administrators. The GET...

2.7CVSS0.00274EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/18 4:45 p.m.7 views

CVE-2026-20141 Improper Access Control in Splunk Monitoring Console App

In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the "admin" Splunk role could access the Splunk Monitoring Console App endpoints due to an improper access control. This could lead to a sensitive information disclosure.The Monitoring...

4.3CVSS5.5AI score0.00187EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.7 views

Axis Camera Station Pro 安全漏洞

Axis Camera Station Pro is a video management software developed by the Swedish company Axis. There is a security vulnerability in Axis Camera Station Pro, which stems from insecure direct object references. This vulnerability may allow non-administrator users to modify or delete certain data...

5.7CVSS5.8AI score0.00186EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.6 views

Axis Camera Station Pro 安全漏洞

Axis Camera Station Pro is a video management software developed by the Swedish company Axis. There is a security vulnerability in Axis Camera Station Pro, which allows non-administrator users to execute privilege escalation attacks on the server...

7.8CVSS5.9AI score0.00148EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/19 8:47 p.m.7 views

EUVD-2026-3285

CrawlChat is an open-source, AI-powered platform that transforms technical documentation into intelligent chatbots. Prior to version 0.0.8, a non-existing permission check for the CrawlChat's Discord bot allows non-manage guild users to put malicious content onto the collection knowledge base...

7.1CVSS5.5AI score0.00196EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/19 8:47 p.m.9 views

CVE-2026-23875 CrawlChat's Discord Bot has a Knowledge Permission vulnerability

CrawlChat is an open-source, AI-powered platform that transforms technical documentation into intelligent chatbots. Prior to version 0.0.8, a non-existing permission check for the CrawlChat's Discord bot allows non-manage guild users to put malicious content onto the collection knowledge base...

7.1CVSS5.4AI score0.00196EPSS
Exploits1References3
OSV
OSV
added 2026/01/19 8:47 p.m.10 views

CVE-2026-23875 CrawlChat's Discord Bot has a Knowledge Permission vulnerability

CrawlChat is an open-source, AI-powered platform that transforms technical documentation into intelligent chatbots. Prior to version 0.0.8, a non-existing permission check for the CrawlChat's Discord bot allows non-manage guild users to put malicious content onto the collection knowledge base...

7.1CVSS5.5AI score0.00196EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/01/19 8:47 p.m.4 views

CVE-2026-23875

CrawlChat is an open-source, AI-powered platform that transforms technical documentation into intelligent chatbots. Prior to version 0.0.8, a non-existing permission check for the CrawlChat's Discord bot allows non-manage guild users to put malicious content onto the collection knowledge base...

7.1CVSS5.4AI score0.00196EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder