Lucene search
K

4515 matches found

CNNVD
CNNVD
added 2026/03/26 12:0 a.m.8 views

Frigate 安全漏洞

Frigate is a complete native NVR developed by Blake Blackshear, designed specifically for home assistants with AI object detection capabilities. Version 0.17.0 of Frigate contains a security vulnerability caused by an authorization chain issue, which may allow low-privilege users to access...

6.5CVSS5.8AI score0.00305EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.11 views

Grafana MSSQL Data Source Plugin 安全漏洞

The Grafana MSSQL Data Source Plugin is an open-source plugin from Grafana that allows for connecting to Microsoft SQL Server. There is a security vulnerability in the Grafana MSSQL data source plugin. This vulnerability stems from a logical flaw that allows low-privilege users to bypass API...

6.5CVSS5.8AI score0.00434EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/25 11:53 p.m.4 views

CVE-2026-34056

OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access Control vulnerability in OpenEMR up to and including version 8.0.0.3 allows low-privilege users to view and download Ensora eRx error logs without proper authorization checks...

7.7CVSS5.8AI score0.00271EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.8 views

WordPress plugin WPGraphQL 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

4.3CVSS5.8AI score0.00177EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.5 views

Veeam Backup And Replication 安全漏洞

Veeam Backup and Replication is a backup and replication software developed by the American company Veeam. Veeam Backup and Replication has a security vulnerability that stems from allowing low-privilege users to extract stored SSH credentials...

7.7CVSS7.3AI score0.00401EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/11 6:30 p.m.5 views

EUVD-2026-11229

In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124, a user who holds a role that contains the high-privilege capability editcmd could execute arbitrary shell commands using the...

7.2CVSS6AI score0.00462EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/11 7:8 a.m.5 views

CVE-2026-30921

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed on the oneuptime-probe service. In the current implementation, this untrusted code is run inside...

9.9CVSS6AI score0.00445EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/11 6:0 a.m.4 views

EUVD-2026-11094

The DukaPress WordPress plugin through 3.2.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

5.8AI score0.00145EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.7 views

OliveTin 安全漏洞

OliveTin is an open-source web application developed by OliveTin. Versions of OliveTin 3000.10.2 and earlier have security vulnerabilities. These vulnerabilities stem from improper access control, which may allow low-privilege users to receive outputs from unauthorized operations, potentially...

7.1CVSS7.3AI score0.00431EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.3 views

PT-2026-24536

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.8AI score0.00167EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.5 views

PT-2026-24854

🚨 CVE-2026-32131 ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a vulnerability in Zitadel's Management API has been reported, which allowed authenticated users holding a valid low-privilege token e.g., project.read, project.grant.read, or project.app.read to...

7.7CVSS5.7AI score0.00393EPSS
Exploits0References8
Snyk
Snyk
added 2026/03/09 6:18 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the /api/block/appendHeadingChildren endpoint. An attacker can alter notebook content and compromise data integrity by sending crafted requests to this endpoint using a low-privilege authenticated account...

7.1CVSS5.8AI score0.00311EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/06 1:34 a.m.7 views

CVE-2025-70614

OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to access to arbitrary SMS messages via a crafted company or tenant identifier parameter...

8.1CVSS6AI score0.00261EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.6 views

OliveTin 安全漏洞

OliveTin is an open-source web application developed by OliveTin. Versions of OliveTin prior to 3.00.11.1 contained security vulnerabilities. These vulnerabilities were caused by authentication context confusion in the RestartAction, which could allow low-privilege verified users to perform...

5.3CVSS7.3AI score0.00414EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/03/05 1:40 p.m.6 views

CVE-2026-3103

A logic error in the removepassword function in Checkmk GmbH's Checkmk versions 2.4.0p23, 2.3.0p43, and 2.2.0 EOL allows a low-privileged user to cause data loss...

5.4CVSS5.9AI score0.00173EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.6 views

Checkmk 安全漏洞

Checkmk is an IT monitoring platform developed by Checkmk Corporation. Checkmk has a security vulnerability, which stems from a logical error in the removepassword function. This vulnerability could potentially lead to data loss for users with low privileges...

5.4CVSS5.8AI score0.00173EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/27 9:30 a.m.10 views

EUVD-2025-208131

n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass...

5CVSS5.9AI score0.00348EPSS
Exploits0References8
OSV
OSV
added 2026/02/27 8:17 a.m.2 views

UBUNTU-CVE-2025-9572

n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass...

6.5CVSS5.8AI score0.00348EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/27 7:28 a.m.30 views

CVE-2025-9572 Foreman: satellite: graphql api permission bypass leads to information disclosure

n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass...

5CVSS0.00348EPSS
Exploits0References7
OSV
OSV
added 2026/02/27 2:17 a.m.5 views

GO-2026-4560 Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users in github.com/fleetdm/fleet

Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users in github.com/fleetdm/fleet...

6.5CVSS5.8AI score0.00241EPSS
Exploits0References3
Rows per page
Query Builder