Lucene search
K

346 matches found

EUVD
EUVD
added 6 days ago8 views

EUVD-2026-39974

MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when creating or editing users; the user module offers the Administrators group gid 4 and its datahandler's verifyusergroup unconditionally returns true. An admin holding only the delegated user-management...

8.6CVSS5.8AI score0.00272EPSS
Exploits0References2
CVE
CVE
added 6 days ago30 views

CVE-2026-58054

MyBB 1.8.40 is affected: the limited Admin Control Panel user management can assign the Administrators group (gid 4) because verify_usergroup() unconditionally returns true. This enables escalation from delegated user-management to full Administrator permissions. The issue comes from the user mod...

8.6CVSS5.8AI score0.00272EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 10:11 p.m.5 views

CVE-2026-48493

Snipe-IT is an IT asset/license management system. In versions prior to 8.6.0, a user with only users.edit can send a PATCH to /api/v1/users/theirownid and grant themselves any permission except admin and superuser — for example assets.view, assets.create, reports.view, import, etc. The issue is...

5.5CVSS5.8AI score0.00182EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/20 12:36 p.m.26 views

CVE-2026-12673

Liquidfiles versions before 4.2.12 are affected by a broken access control vulnerability resulting in privilege escalation from an Admin in a secondary domain to a Sysadmin by modifying a group in their managed secondary non-default group...

5.9CVSS0.0026EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.30 views

PT-2026-50134

Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description A scope escalation issue exists in the web archive download endpoint. A personal access token with any non-repository scope, such as read:issue or read:misc, can be used to download full...

5.3CVSS5.8AI score0.00024EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/06/12 2:27 a.m.7 views

CVE-2026-47366

Improper verification of access permissions when modifying permissions through the Administration Control Panel ACP allowed an authenticated administrator to grant permissions beyond the level authorized for their account, resulting in privilege escalation within the administrative interface...

7.2CVSS7.1AI score0.00299EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

OpenClaw 权限许可和访问控制问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.20 contained security vulnerabilities. These vulnerabilities were caused by permission escalation issues, where hooks triggered proxy operations that incorrectly received MCP...

8.7CVSS5.8AI score0.00281EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.11 views

OpenClaw 授权问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.7 contained security vulnerabilities. These vulnerabilities stemmed from a permission escalation issue in the Matrix allowFrom function, which allowed authenticated accounts to...

8.8CVSS5.8AI score0.00309EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.14 views

TYPO3 CMS SQL注入漏洞

TYPO3 CMS is a content management system developed under the TYPO3 open source framework. Versions of TYPO3 CMS from 14.0.0 to 14.3.3 contain SQL injection vulnerabilities. These vulnerabilities stem from backend users who have database table writing privileges and can directly create, update, or...

8.7CVSS5.8AI score0.00244EPSS
Exploits0References2
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Important: kmod-nvidia-open-dkms

Issue Overview: NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service...

8.8CVSS6AI score0.00206EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.10 views

CVE-2026-40968

When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions:...

8.8CVSS5.5AI score0.00171EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.9 views

Nextcloud 授权问题漏洞

Nextcloud is an open-source, self-hosted communication platform for file synchronization and sharing developed by the German company Nextcloud. Versions of Nextcloud prior to 2.7.2 contained an authorization vulnerability. This vulnerability stemmed from permission escalation, which could...

6.5CVSS5.2AI score0.00358EPSS
Exploits0References3
NVD
NVD
added 2026/05/29 7:16 p.m.15 views

CVE-2026-47744

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/Index had no mount authorization. Any authenticated user could load the page and use its public...

9.9CVSS0.00321EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.12 contained security vulnerabilities. These vulnerabilities stemmed from a permission escalation flaw in Slack plugin approval processes, allowing authorized users with exec...

4.3CVSS5.8AI score0.00173EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

rustfs 访问控制错误漏洞

RustFS is a high-performance object storage system developed by RustFS. Versions prior to RustFS 1.0.0-beta.2 contained an access control vulnerability. This vulnerability stemmed from improper validation of the PUT /rustfs/admin/v3/import-iam endpoint, allowing users with the ImportIAMAction...

9.3CVSS5.8AI score0.00226EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

Snipe-IT 安全漏洞

Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT prior to 8.4.1 contained security vulnerabilities. These vulnerabilities stemmed from the API controller, which only removed the superuser key from the permission array, potentially...

8.8CVSS5.8AI score0.00314EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/25 2:15 p.m.9 views

CVE-2018-25370 Admidio 3.3.5 Cross-Site Request Forgery via roles_function.php

Admidio 3.3.5 contains a cross-site request forgery vulnerability that allows low-privilege users to increase their permissions by exploiting improper origin checking. Attackers can craft malicious HTML forms targeting rolesfunction.php with parameters like rolassignroles, rolapproveusers, and...

6.9CVSS5.7AI score0.00192EPSS
Exploits0References4
NVD
NVD
added 2026/05/21 10:16 a.m.12 views

CVE-2026-45254

In the case of the capnet service, when a key present in the old limit was omitted from the new limit, the missing key was treated as "allow any" instead of being rejected. In certain scenarios, an application that had previously restricted a subset of network operations could ask for a new limit...

6.5CVSS0.00194EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

Palo Alto Networks Prisma Access Agent 安全漏洞

Palo Alto Networks Prisma Access Agent is a zero-trust network access client agent developed by Palo Alto Networks. There is a security vulnerability in the Palo Alto Networks Prisma Access Agent, which stems from issues with the permission management mechanism. This vulnerability allows...

8.5CVSS6.1AI score0.00144EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

Dell ECS 安全漏洞

Dell ECS is an enterprise-level object storage solution from the American company Dell. Versions 3.8.1.0 to 3.8.1.7 of Dell ECS, as well as versions prior to 4.3.0.0 of Dell ObjectScale, have security vulnerabilities. These vulnerabilities stem from improper management of operating system...

6.7CVSS5.8AI score0.00104EPSS
Exploits0References1
Rows per page
Query Builder