Lucene search
K

9 matches found

NVD
NVD
added 2026/02/07 10:16 p.m.13 views

CVE-2026-25565

WeKan versions prior to 8.19 contain an authorization vulnerability where certain card update API paths validate only board read access rather than requiring write permission. This can allow users with read-only roles to perform card updates that should require write access...

7.1CVSS0.00277EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/07 9:58 p.m.4 views

CVE-2026-25565 WeKan < 8.19 Read-only Board Roles Can Update Cards

WeKan versions prior to 8.19 contain an authorization vulnerability where certain card update API paths validate only board read access rather than requiring write permission. This can allow users with read-only roles to perform card updates that should require write access...

7.1CVSS5.4AI score0.00277EPSS
Exploits0References3
CVE
CVE
added 2026/02/07 9:58 p.m.15 views

CVE-2026-25565

CVE-2026-25565 affects WeKan versions prior to 8.19. Affected component: card update API paths. Root cause: authorization check only validates board read access, not write permission, enabling users with read-only roles to perform card updates that should require write access. Impact: unauthorize...

7.1CVSS5.3AI score0.00277EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/26 4:56 p.m.4 views

CVE-2025-64483

Wazuh is a security detection, visibility, and compliance open source project. From version 4.9.0 to before 4.13.0, the Wazuh API – Agent Configuration in certain configurations allows authenticated users with read-only API roles to retrieve agent enrollment credentials through the...

5.3CVSS6.6AI score0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/21 5:55 p.m.3 views

CVE-2025-64483 Wazuh API – Agent Configuration Has Improper Access Control in Agent Enrollment Endpoint

Wazuh is a security detection, visibility, and compliance open source project. From version 4.9.0 to before 4.13.0, the Wazuh API – Agent Configuration in certain configurations allows authenticated users with read-only API roles to retrieve agent enrollment credentials through the...

5.3CVSS6.3AI score0.00224EPSS
Exploits0References2
OSV
OSV
added 2025/11/21 5:55 p.m.5 views

CVE-2025-64483 Wazuh API – Agent Configuration Has Improper Access Control in Agent Enrollment Endpoint

Wazuh is a security detection, visibility, and compliance open source project. From version 4.9.0 to before 4.13.0, the Wazuh API – Agent Configuration in certain configurations allows authenticated users with read-only API roles to retrieve agent enrollment credentials through the...

5.3CVSS6.6AI score0.00224EPSS
Exploits0References4
CVE
CVE
added 2025/11/21 5:55 p.m.11 views

CVE-2025-64483

CVE-2025-64483 affects Wazuh (4.9.0–before 4.13.0) via the Wazuh API – Agent Configuration endpoint. In certain configurations, authenticated users with read-only API roles could retrieve agent enrollment credentials through the /utils/configuration endpoint, enabling registration of new agents w...

5.3CVSS6.3AI score0.00224EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/31 12:30 a.m.8 views

EUVD-2013-7288

Nagios XI versions prior to 2012R1.6 contain an authorization flaw in the Auto-Discovery functionality. Users with read-only roles could directly reach Auto-Discovery endpoints and pages that should require elevated permissions, exposing discovery results and allowing unintended access to discove...

7.2CVSS6.3AI score0.00688EPSS
Exploits0References3
CVE
CVE
added 2025/10/30 9:32 p.m.11 views

CVE-2013-10072

Summary: CVE-2013-10072 affects Nagios XI versions before 2012R1.6, with an authorization flaw in the Auto-Discovery feature. The issue allows users with read-only roles to directly access Auto-Discovery endpoints and pages that should require elevated permissions, exposing discovery results and ...

7.2CVSS6.4AI score0.00688EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder