Lucene search
K

2024 matches found

Snyk
Snyk
added 2026/03/26 10:32 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the provisioning contact points API. An attacker can modify protected webhook URLs without possessing the required permissions by sending crafted requests as a user with the Editor role. Remediation Upgrade...

5.4CVSS5.9AI score0.00238EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/26 10:32 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the provisioning contact points API. An attacker can modify protected webhook URLs without possessing the required permissions by sending crafted requests as a user with the Editor role. Remediation Upgrade...

5.4CVSS5.9AI score0.00238EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/26 10:32 p.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the provisioning contact points API. An attacker can modify protected webhook URLs without possessing the required permissions by sending crafted requests as a user with the Editor role. Remediation Upgrade...

5.4CVSS5.9AI score0.00238EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/26 10:32 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the provisioning contact points API. An attacker can modify protected webhook URLs without possessing the required permissions by sending crafted requests as a user with the Editor role. Remediation Upgrade...

5.4CVSS5.9AI score0.00238EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/26 9:31 p.m.8 views

EUVD-2026-16338

A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission...

5.4CVSS5.7AI score0.00238EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/26 9:31 p.m.10 views

Grafana OSS: Authorization bypass allows users with Editor role to modify protected webhook URLs without permissions

A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission. A patched version is available at...

5.4CVSS5.7AI score0.00238EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/03/26 9:17 p.m.4 views

CVE-2026-21724

A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission...

5.4CVSS0.00238EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/26 9:17 p.m.5 views

CVE-2026-21724

A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission...

5.4CVSS5.7AI score0.00238EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/26 8:6 p.m.3 views

CVE-2026-21724 Missing Protected-field Authorization in Provisioning Contact Points API

A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission...

5.4CVSS5.7AI score0.00238EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 8:6 p.m.7 views

CVE-2026-21724

A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission...

5.4CVSS5.7AI score0.00238EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/26 8:6 p.m.45 views

CVE-2026-21724

Grafana OSS vulnerability CVE-2026-21724: a flaw in the Provisioning Contact Points API allows users with Editor role to bypass authorization and modify protected webhook URLs without the alert.notifications.protected:write permission. Impact is limited to unauthorized changes to protected webhoo...

5.4CVSS5.7AI score0.00238EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/26 8:6 p.m.25 views

CVE-2026-21724 Missing Protected-field Authorization in Provisioning Contact Points API

A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission...

5.4CVSS0.00238EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.6 views

CVE-2026-32130

ZITADEL is an open source identity management platform. From 2.68.0 to before 3.4.8 and 4.12.2, Zitadel provides a System for Cross-domain Identity Management SCIM API to provision users from external providers into Zitadel. Request to the API with URL-encoded path values were correctly routed bu...

7.5CVSS5.8AI score0.00584EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.24 views

PT-2026-28321

Name of the Vulnerable Software and Affected Versions Grafana OSS affected versions not specified Description An authorization bypass exists in the provisioning contact points API. This allows users with the Editor role to modify protected webhook URLs without the necessary...

6.5CVSS5.9AI score0.00238EPSS
Exploits0References100
Cvelist
Cvelist
added 2026/03/25 4:2 p.m.30 views

CVE-2026-20086

A vulnerability in the processing of Control and Provisioning of Wireless Access Points CAPWAP packets of Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This...

8.6CVSS0.00354EPSS
Exploits0References1
Cisco
Cisco
added 2026/03/25 4:0 p.m.20 views

Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family CAPWAP Denial of Service Vulnerability

A vulnerability in the processing of Control and Provisioning of Wireless Access Points CAPWAP packets of Cisco IOS XE Wireless Controller Software for the Catalyst CW9800 Family could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This...

8.6CVSS5.9AI score0.00354EPSS
Exploits0References1
Grafana
Grafana
added 2026/03/25 12:0 a.m.11 views

Missing Protected-field Authorization in Provisioning Contact Points API

A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission...

5.4CVSS5.7AI score0.00238EPSS
Exploits0
EUVD
EUVD
added 2026/03/17 6:30 p.m.5 views

EUVD-2026-12604

The GL-iNet Comet GL-RM1 KVM connects to a GL-iNet site during boot-up to provision client and CA certificates. The GL-RM1 does not verify certificates used for this connection, allowing an attacker-in-the-middle to serve invalid client and CA certificates. The GL-RM1 will attempt to use the...

6.3CVSS5.7AI score0.00332EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.15 views

PT-2026-25915

The GL-iNet Comet GL-RM1 KVM connects to a GL-iNet site during boot-up to provision client and CA certificates. The GL-RM1 does not verify certificates used for this connection, allowing an attacker-in-the-middle to serve invalid client and CA certificates. The GL-RM1 will attempt to use the...

6.3CVSS5.7AI score0.00332EPSS
Exploits0References6
NVD
NVD
added 2026/03/11 10:16 p.m.7 views

CVE-2026-32130

ZITADEL is an open source identity management platform. From 2.68.0 to before 3.4.8 and 4.12.2, Zitadel provides a System for Cross-domain Identity Management SCIM API to provision users from external providers into Zitadel. Request to the API with URL-encoded path values were correctly routed bu...

7.5CVSS0.00584EPSS
Exploits0References3
Rows per page
Query Builder