Lucene search
K

387 matches found

Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.16 views

PT-2026-37299

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions prior to 29.1 Description An authorization gap exists in the PayPalYPT plugin where the endpoint 'plugin/PayPalYPT/agreementCancel.json.php' cancels a PayPal billing agreement using an attacker-supplied agreement parameter...

4.2CVSS5.8AI score0.00167EPSS
Exploits0References7
NVD
NVD
added 2026/05/04 2:16 p.m.29 views

CVE-2026-6266

A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider IDP identity to an existing AAP user account based on email matching without verifying email ownership. This allows a remote attacker to potentially hijack a...

8.3CVSS0.00397EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.6 views

PT-2026-36161

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew allows authenticated users with access to one project to update or delete a SharePolicy record that belongs to a different project. The affect...

8.1CVSS5.3AI score0.00232EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/23 3:54 a.m.7 views

EUVD-2026-25186

Froxlor is open source server administration software. Prior to version 2.3.6, in EmailSender::add, the domain ownership validation for full email sender aliases uses the wrong array index when splitting the email address, passing the local part instead of the domain to...

5CVSS5.8AI score0.00231EPSS
Exploits1References3
OSV
OSV
added 2026/04/21 3:20 p.m.46 views

GHSA-665X-PPC4-685W OpenMage LTS: Cross-user wishlist import leads to private option & file disclosure

Cross-user wishlist item import via shared wishlist code, leading to private option disclosure and file-disclosure variant Summary The shared wishlist add-to-cart endpoint authorizes access with a public sharingcode, but loads the acted-on wishlist item by a separate global wishlistitemid and nev...

5.4CVSS5.7AI score0.00176EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/04/21 3:20 p.m.12 views

OpenMage LTS: Cross-user wishlist import leads to private option & file disclosure

Cross-user wishlist item import via shared wishlist code, leading to private option disclosure and file-disclosure variant Summary The shared wishlist add-to-cart endpoint authorizes access with a public sharingcode, but loads the acted-on wishlist item by a separate global wishlistitemid and nev...

5.4CVSS5.7AI score0.00176EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/20 7:22 p.m.6 views

CVE-2026-35603

Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded the system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without validating directory ownership or access permissions. Because the ProgramData directory is writable ...

7.3CVSS5.7AI score0.00108EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.7 views

PT-2026-33802

Cross-user wishlist item import via shared wishlist code, leading to private option disclosure and file-disclosure variant Summary The shared wishlist add-to-cart endpoint authorizes access with a public sharing code, but loads the acted-on wishlist item by a separate global wishlist item id and...

5.3CVSS5.7AI score0.00176EPSS
Exploits1References7
CVE
CVE
added 2026/04/17 11:51 p.m.15 views

CVE-2026-40337

The Sentry kernel vulnerability (CVE-2026-40337) affects tasks with DEV/IO capabilities that can interact with another task’s IRQ line via the _sys_int * syscall family. Before version 0.4.7, this enables DoS and covert-channels to the outside world. A patch exists in 0.4.7; workaround: limit DEV...

5.1CVSS5.8AI score0.00155EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/17 11:51 p.m.38 views

CVE-2026-40337 Sentry kernel has incomplete ownership check for IRQ line manipulation

The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capability is able to interact with another task's IRQ line through the sysint syscall familly. Prior to version 0.4.7, this can lead to DoS and...

5.1CVSS0.00155EPSS
Exploits0References3
NVD
NVD
added 2026/04/17 10:16 p.m.6 views

CVE-2026-40304

zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the unaccess handler controller/unaccess.go contains a logical error in its ownership guard: when a frontend record has environmentid = NULL the marker for admin-created global frontends, the conditio...

5.3CVSS0.00286EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/17 9:4 p.m.3 views

CVE-2026-40304

zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the unaccess handler controller/unaccess.go contains a logical error in its ownership guard: when a frontend record has environmentid = NULL the marker for admin-created global frontends, the conditio...

5.3CVSS5.7AI score0.00286EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/17 9:4 p.m.14 views

CVE-2026-40304

CVE-2026-40304 affects the zrok controller, where the unaccess handler (controller/unaccess.go) uses a faulty ownership guard. If a frontend record has environment_id = NULL (global admin-created frontends), the guard may short-circuit to false, letting a non-admin with a valid global frontend to...

5.3CVSS5.7AI score0.00286EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/17 3:31 p.m.42 views

Mattermost doesn't validate whether users were correctly owned by the correct Connected Workspace

Mattermost versions 10.11.x = 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Workspaces feature to change the displayed status of local users via the Connected Workspaces API...

2.7CVSS5.3AI score0.00167EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/13 7:31 p.m.2 views

GHSA-P5W6-75F9-CC2P Note Mark has Broken Access Control on Asset Download

Summary A broken access control vulnerability allows unauthenticated users to retrieve note assets directly from the asset download endpoint when they know both the note UUID and asset UUID. This exposes the full contents of private note assets without authentication, even when the associated boo...

5.9CVSS5.8AI score0.00409EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/13 7:24 p.m.3 views

CVE-2026-4057

The Download Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the makeMediaPublic and makeMediaPrivate functions in all versions up to, and including, 3.3.51. This is due to the functions only checking for editposts capability...

4.3CVSS5.8AI score0.00373EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/13 7:23 p.m.5 views

CVE-2026-32894

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the gradebook result view page allows any authenticated teacher to delete any student's grade result across the entire platform by manipulating the deletemark or...

7.1CVSS5.8AI score0.0028EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/11 1:25 a.m.3 views

CVE-2026-3371 Tutor LMS <= 3.9.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Course Content Modification

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authorization checks in the savecoursecontentorder private method, which is called unconditionally by the...

4.3CVSS5.8AI score0.00358EPSS
Exploits0References5
NVD
NVD
added 2026/04/10 9:16 p.m.4 views

CVE-2026-40252

FastGPT is an AI Agent building platform. Prior to 4.14.10.4, Broken Access Control vulnerability IDOR/BOLA allows any authenticated team to access and execute applications belonging to other teams by supplying a foreign appId. While the API correctly validates the team token, it does not verify...

8.1CVSS0.00342EPSS
Exploits0References2
CVE
CVE
added 2026/04/10 5:48 p.m.17 views

CVE-2026-32930

Chamilo LMS -- IDOR in the gradebook evaluation edit page affects prior to 1.11.38 and 2.0.0-RC.3. Authenticated teachers could view and modify evaluation settings (name, max score, weight) for other courses by manipulating the editeval GET parameter. The issue is fixed in 1.11.38 and 2.0.0-RC.3....

7.1CVSS5.8AI score0.00193EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder