Lucene search
K

78 matches found

Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-53926

Name of the Vulnerable Software and Affected Versions RuoYi-Vue-Plus versions prior to 5.6.3 Description The software exposes workflow task management endpoints under '/workflow/task' FlwTaskController without proper permission checks. Because the controller lacks class-level or method-level...

7.1CVSS6AI score0.00264EPSS
Exploits0References8
NVD
NVD
added 2026/06/04 7:16 a.m.11 views

CVE-2026-49190

The system fails to evaluate instructional permissions over multiple internal operation codes opcodes, permitting unauthorized application installations or command executions...

9.4CVSS0.00426EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 5:28 a.m.7 views

CVE-2026-49190

The system fails to evaluate instructional permissions over multiple internal operation codes opcodes, permitting unauthorized application installations or command executions...

9.4CVSS5.8AI score0.00426EPSS
Exploits0References2
Veracode
Veracode
added 2026/05/16 5:4 a.m.6 views

Privilege Escalation

OpenClaw is vulnerable to Privilege Escalation. The vulnerability is due to improper permission enforcement in the gateway plugin HTTP authentication mechanism, where operator.read requests are incorrectly granted operator.write runtime permissions, allowing attackers to perform unauthorized writ...

7.1CVSS5.8AI score0.00239EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.13 views

PT-2026-40717

Name of the Vulnerable Software and Affected Versions Nautobot versions prior to 2.4.33 Nautobot versions prior to 3.1.2 Description Nautobot is a Network Source of Truth and Network Automation Platform. The REST API fails to enforce user view permissions when creating or updating objects that us...

5.4CVSS5.8AI score0.00177EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/05/06 8:12 p.m.11 views

phpMyFAQ's Missing Authorization on Tag Deletion Allows Any Authenticated User to Delete Tags

Summary The TagController::delete endpoint at DELETE /admin/api/content/tags/tagId only verifies that the user is logged in userIsAuthenticated, but does not check any permission. Any authenticated user — including regular non-admin frontend users — can delete any tag by ID. This contrasts with...

5.8AI score
Exploits0References2Affected Software2
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.12 views

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils. There is a security vulnerability in uutils coreutils, which stems from an information leakage race condition. This vulnerability could allow local attackers to open files before permission restrictions are...

4.7CVSS5.8AI score0.00091EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/21 3:32 p.m.10 views

EUVD-2026-24134

In Dolibarr ERP & CRM = 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page...

8.8CVSS5.8AI score0.00289EPSS
Exploits0References3
NVD
NVD
added 2026/04/20 9:16 p.m.4 views

CVE-2026-29647

In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling...

6.5CVSS0.00231EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.5 views

PT-2026-33840

In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling...

6.5CVSS5.8AI score0.00231EPSS
Exploits0References5
NVD
NVD
added 2026/04/07 6:16 p.m.4 views

CVE-2026-22682

OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inconsistent parameter handling in permission enforcement, allowing attackers who can influence agent tool execution to read arbitrary local files outside the intended repository...

8.4CVSS0.00127EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/07 5:9 p.m.17 views

CVE-2026-22682 OpenHarness Improper Access Control via File Tools

OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inconsistent parameter handling in permission enforcement, allowing attackers who can influence agent tool execution to read arbitrary local files outside the intended repository...

8.4CVSS0.00127EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-24097

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 EOL allows authenticated users to enumerate existing...

5.3CVSS5.9AI score0.00237EPSS
Exploits0References2
OSV
OSV
added 2026/03/13 7:54 p.m.4 views

CVE-2026-24097

Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 EOL allows authenticated users to enumerate existing hosts by observing different HTTP response codes in agent-receiver/registerexisting endpoint, which could lead to information disclosure...

4.3CVSS5.9AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/13 7:54 p.m.3 views

CVE-2026-24097

Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 EOL allows authenticated users to enumerate existing hosts by observing different HTTP response codes in agent-receiver/registerexisting endpoint, which could lead to information disclosure...

5.3CVSS5.9AI score0.00237EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/03/13 7:54 p.m.5 views

CVE-2026-2859

Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 EOL allows unauthenticated users to enumerate existing hosts by observing different HTTP response codes in deployagent endpoint, which could lead to information disclosure...

6.3CVSS5.9AI score0.0019EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/13 9:40 a.m.25 views

CVE-2026-2859 Unauthenticated Host Enumeration via Observable Response Discrepancy on Deploy Agent Endpoint

Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 EOL allows unauthenticated users to enumerate existing hosts by observing different HTTP response codes in deployagent endpoint, which could lead to information disclosure...

6.3CVSS0.0019EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/13 9:40 a.m.25 views

CVE-2026-24097 Authenticated Host Enumeration via Observable Response Discrepancy on Agent Register Existing Endpoint

Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 EOL allows authenticated users to enumerate existing hosts by observing different HTTP response codes in agent-receiver/registerexisting endpoint, which could lead to information disclosure...

5.3CVSS0.00237EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.7 views

PT-2026-25169

Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 EOL allows unauthenticated users to enumerate existing hosts by observing different HTTP response codes in deploy agent endpoint, which could lead to information disclosure...

6.3CVSS5.8AI score0.0019EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.4 views

PT-2026-25168

Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 EOL allows authenticated users to enumerate existing hosts by observing different HTTP response codes in agent-receiver/register existing endpoint, which could lead to information disclosur...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References1
Rows per page
Query Builder