Lucene search
K

32 matches found

Cvelist
Cvelist
added 2026/06/30 10:8 p.m.23 views

CVE-2026-56249 Capgo - Unauthorized Channel Overwrite and Ownership Takeover via POST /channel Name Collision

Capgo before 12.128.2 contains an authorization bypass vulnerability in the channel creation endpoint that allows authenticated users to overwrite existing channels by reusing their names. Attackers with app.createchannel permission can exploit a logic mismatch between existence validation and...

7.6CVSS0.00257EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:8 p.m.11 views

CVE-2026-56249

Capgo before 12.128.2 has an authorization bypass in the channel creation endpoint that lets authenticated users overwrite existing channels by reusing names. Attackers with app.create_channel permission can exploit a logic mismatch between existence validation and upsert operations to reassign c...

7.6CVSS5.8AI score0.00257EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 9:48 a.m.37 views

CVE-2026-54475 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Temporary destination ownership takeover

Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic temporary destinations are expected to be isolated to the connection that created them. The isolation can be broken as this is only checked in the client, allowing...

0.00589EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/23 3:52 a.m.34 views

CVE-2026-41231 Froxlor has Incomplete Symlink Validation in DataDump.add() that Allows Arbitrary Directory Ownership Takeover via Cron

Froxlor is open source server administration software. Prior to version 2.3.6, DataDump.add constructs the export destination path from user-supplied input without passing the $fixedhomedir parameter to FileDir::makeCorrectDir, bypassing the symlink validation that was added to all other...

7.5CVSS0.00414EPSS
Exploits1References3
NVD
NVD
added 2026/03/21 4:17 a.m.4 views

CVE-2026-3651

The Build App Online plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.23. This is due to the plugin registering the 'build-app-online-update-vendor-product' AJAX action via wpajaxnopriv without proper authentication checks, capability verificatio...

5.3CVSS0.00305EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/12/19 11:25 a.m.14 views

CVE-2025-10910

A flaw in the binding process of Govee’s cloud platform and devices allows a remote attacker to bind an existing, online Govee device to the attacker’s account, resulting in full control of the device and removal of the device from its legitimate owner’s account. The server‑side API allows device...

9.3CVSS6.7AI score0.00358EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-2775

Malware in sbrugna...

7.5CVSS7.6AI score0.01109EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2018-3366

Malware in sbrugna...

7.5CVSS7.5AI score0.00882EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-14507

Malicious code in bioql PyPI...

8.8CVSS9.1AI score0.00972EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/07/29 12:0 a.m.20 views

Apache Superset < 4.1.2 Multiple Vulnerabilities

According to its self-reported version, the Apache Superset is prior to 4.1.2. It is, therefore, affected by multiple vulnerabilities. - Improper Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions...

8.8CVSS8.9AI score0.00972EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2025/05/22 10:20 a.m.9 views

CVE-2019-15080

An issue was discovered in a smart contract implementation for MORPH Token through 2019-06-05, an Ethereum token. A typo in the constructor of the Owned contract which is inherited by MORPH Token allows attackers to acquire contract ownership. A new owner can subsequently obtain MORPH Tokens for...

7.5CVSS7AI score0.01581EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:25 a.m.7 views

CVE-2019-13143

An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3. With the user ID, user name, and the lock's MAC address, anyone can unbind the existing owner of the lock, and bind themselves instead. This leads to complete takeover of the...

9.8CVSS6.6AI score0.03061EPSS
Exploits1References1
OSV
OSV
added 2025/05/16 6:13 a.m.7 views

BIT-SUPERSET-2025-27696 Apache Superset: Incorrect authorization leading to resource ownership takeover

Incorrect Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions. This issue affects Apache Superset: through 4.1.1. Users are recommended to upgrade to version 4.1.2 or above, which fixes the issue...

8.8CVSS8.7AI score0.00972EPSS
Exploits0References3
OSV
OSV
added 2025/05/13 9:31 a.m.9 views

GHSA-W6C7-J32F-RQ8J Apache Superset Allows Ownership Takeover

Improper Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions. This issue affects Apache Superset: through 4.1.1. Users are recommended to upgrade to version 4.1.2 or above, which fixes the issue...

8.8CVSS6.5AI score0.00972EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/05/13 9:31 a.m.14 views

Apache Superset Allows Ownership Takeover

Improper Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions. This issue affects Apache Superset: through 4.1.1. Users are recommended to upgrade to version 4.1.2 or above, which fixes the issue...

8.8CVSS6.6AI score0.00972EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/05/13 9:15 a.m.27 views

CVE-2025-27696

Incorrect Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions. This issue affects Apache Superset: through 4.1.1. Users are recommended to upgrade to version 4.1.2 or above, which fixes the issue...

8.8CVSS0.00972EPSS
Exploits0References2
OSV
OSV
added 2025/05/13 8:21 a.m.4 views

CVE-2025-27696 Apache Superset: Incorrect authorization leading to resource ownership takeover

Incorrect Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions. This issue affects Apache Superset: through 4.1.1. Users are recommended to upgrade to version 4.1.2 or above, which fixes the issue...

5.3CVSS6.1AI score0.00972EPSS
Exploits0References4
CVE
CVE
added 2025/05/13 8:21 a.m.73 views

CVE-2025-27696

The CVE-2025-27696 entry concerns Apache Superset up to version 4.1.1, where an Incorrect Authorization vulnerability lets authenticated users with read permissions take ownership of dashboards, charts, or datasets. A fix is available in 4.1.2 and later. The public details consistently describe t...

8.8CVSS8.7AI score0.00972EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/11/24 12:0 a.m.18 views

Debian dla-3963 : ansible - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3963 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3963-1 [email protected]...

6.3CVSS6.6AI score0.00269EPSS
Exploits0References6
Amazon
Amazon
added 2023/10/03 12:0 a.m.6 views

Medium: pmix

Issue Overview: OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0. CVE-2023-41915 Affected Packages: pmix Issue Correction: Run dnf update pmix --releasever 2023.2.20231002 or...

8.1CVSS8.2AI score0.01121EPSS
Exploits0
Rows per page
Query Builder