Lucene search
K

8 matches found

ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-56842

A malicious actor with access to the network and under certain conditions could exploit an Incorrect Authorization vulnerability found in UniFi Network Application to persist privileges within UniFi Network Application after such access had been removed...

7.5CVSS5.7AI score0.0019EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-56842

A malicious actor with access to the network and under certain conditions could exploit an Incorrect Authorization vulnerability found in UniFi Network Application to persist privileges within UniFi Network Application after such access had been removed...

7.5CVSS0.0019EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 6:16 p.m.14 views

CVE-2026-46424

Budibase is an open-source low-code platform. Prior to 3.38.2, the public API role unassignment endpoint POST /api/public/v1/roles/unassign updates user documents in CouchDB but does not invalidate the corresponding Redis user cache entries. Because the authentication middleware resolves user...

4.2CVSS0.00163EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/27 5:5 p.m.12 views

EUVD-2026-32597

Budibase is an open-source low-code platform. Prior to 3.38.2, the public API role unassignment endpoint POST /api/public/v1/roles/unassign updates user documents in CouchDB but does not invalidate the corresponding Redis user cache entries. Because the authentication middleware resolves user...

4.2CVSS5.7AI score0.00163EPSS
Exploits0References2
NVD
NVD
added 2026/04/20 9:16 p.m.10 views

CVE-2026-33031

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, a user who was disabled by an administrator can use previously issued API tokens for up to the token lifetime. In practice, disabling a compromised account does not actually terminate that user’s access, so an...

8.6CVSS0.00274EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/04/14 11:38 p.m.12 views

pyLoad has Stale Session Privilege After Role/Permission Change (Privilege Revocation Bypass)

Summary pyLoad caches role and permission in the session at login and continues to authorize requests using these cached values, even after an admin changes the user's role/permissions in the database. As a result, an already logged-in user can keep old revoked privileges until logout/session...

8.8CVSS6.9AI score0.00655EPSS
Exploits2References4Affected Software1
Hacker One
Hacker One
added 2025/04/27 1:35 p.m.1031 views

Dust: Privilege Persistence via Cloned Agent

The vulnerability allowed a member to clone an agent managed by the admin by modifying the agent's unique identifier sid. This resulted in the admin being unable to effectively disable the agent, as the cloned version could still be used by the member even after the original agent was disabled...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/04/15 12:0 a.m.21 views

IBM DB2 9.8 < Fix Pack 5 Multiple Vulnerabilities

Binary data 9196.prm...

4.3CVSS6.8AI score0.02062EPSS
Exploits0References6
Rows per page
Query Builder