Lucene search
+L

55 matches found

Positive Technologies
Positive Technologies
added 2 days ago6 views

PT-2026-60774

Incorrect access control in Proxmox Virtual Environment PVE 9.x qemu-server before 9.1.8 and 8.x before 8.4.8 allows users within limited privileges to obtain hashed passwords via the cloudinit/dump API...

5.3AI score0.00201EPSS
Exploits0References1
NVD
NVD
added 5 days ago12 views

CVE-2026-44770

SAP Create Single Payment does not perform necessary authorization checks for an authenticated user, a restricted user could access specific entity set keys resulting in disclosure of information. This has low impact on confidentiality, with no impact on integrity and availability of the...

4.3CVSS0.00168EPSS
Exploits0References2
CVE
CVE
added 5 days ago8 views

CVE-2026-44771

Technical details about CVE-2026-44771 are not publicly available in the provided documents; monitor for updates as new information may be released.

4.3CVSS6.1AI score0.00172EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.10 views

MISP 安全漏洞

MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics. It also includes functions for analyzing threats to network security and malware analysis. MISP has a security vulnerability that...

5.3CVSS5.3AI score0.00176EPSS
Exploits0References1
OSV
OSV
added 2026/05/27 5:23 p.m.12 views

GHSA-39VQ-49QM-R2MC Kirby CMS's content locks disclose IDs and emails of inaccessible users from `users.access/list` permissions

TL;DR This vulnerability affects all Kirby sites that restrict the visibility of users for certain roles via the users.access or users.list permissions. A site is affected if users of a particular role are not allowed to see other users in the Panel, for example because the role's blueprint sets...

5.3CVSS5.6AI score0.00365EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/03/25 12:25 a.m.10 views

SUSE CVE-2026-30233

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authorization flaw in OliveTin allows authenticated users with view: false permission to enumerate action bindings and metadata via dashboard and API endpoints. Although execution exec may be...

6.5CVSS5.9AI score0.00417EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/08 1:44 a.m.6 views

CVE-2026-30233

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authorization flaw in OliveTin allows authenticated users with view: false permission to enumerate action bindings and metadata via dashboard and API endpoints. Although execution exec may be...

6.5CVSS5.8AI score0.00417EPSS
Exploits1References1
NVD
NVD
added 2026/03/06 9:16 p.m.11 views

CVE-2026-30233

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authorization flaw in OliveTin allows authenticated users with view: false permission to enumerate action bindings and metadata via dashboard and API endpoints. Although execution exec may be...

6.5CVSS0.00417EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/06 9:5 p.m.2 views

CVE-2026-30233 OliveTin: View permission not being checked when returning dashboards

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authorization flaw in OliveTin allows authenticated users with view: false permission to enumerate action bindings and metadata via dashboard and API endpoints. Although execution exec may be...

6.5CVSS5.8AI score0.00417EPSS
Exploits1References3
CVE
CVE
added 2026/03/06 9:5 p.m.22 views

CVE-2026-30233

Technical details for CVE-2026-30233 are not publicly available in the provided connected documents. Monitor for updates.

6.5CVSS5.8AI score0.00417EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/06 9:5 p.m.22 views

CVE-2026-30233 OliveTin: View permission not being checked when returning dashboards

OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authorization flaw in OliveTin allows authenticated users with view: false permission to enumerate action bindings and metadata via dashboard and API endpoints. Although execution exec may be...

6.5CVSS0.00417EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.11 views

PT-2026-23617

Name of the Vulnerable Software and Affected Versions OliveTin versions prior to 3000.11.1 Description OliveTin has an authorization issue where authenticated users with insufficient permissions view: false can access metadata related to actions through the dashboard and API endpoints...

9.9CVSS5.9AI score0.22162EPSS
Exploits70References140
OSV
OSV
added 2026/03/03 12:49 p.m.8 views

CVE-2026-3351 Authorization Bypass in LXD GET /1.0/certificates Endpoint

Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd server...

5.3CVSS7.1AI score0.00141EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/01/09 12:41 p.m.28 views

CVE-2023-25407

Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have read access to administrator credentials...

7.2CVSS6.7AI score0.0078EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/10/30 11:19 p.m.7 views

CVE-2025-54548

On affected platforms, restricted users could view sensitive portions of the config database via a debug API e.g., user password hashes...

4.3CVSS6.8AI score0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/30 11:19 p.m.8 views

CVE-2025-54546

On affected platforms, restricted users could use SSH port forwarding to access host-internal services...

7.5CVSS6.8AI score0.00221EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/30 12:31 a.m.6 views

EUVD-2025-36725

On affected platforms, restricted users could view sensitive portions of the config database via a debug API e.g., user password hashes...

4.3CVSS6.3AI score0.00205EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/30 12:31 a.m.5 views

EUVD-2025-36727

On affected platforms, restricted users could use SSH port forwarding to access host-internal services...

7.5CVSS6.3AI score0.00221EPSS
Exploits0References2
NVD
NVD
added 2025/10/29 11:16 p.m.5 views

CVE-2025-54548

On affected platforms, restricted users could view sensitive portions of the config database via a debug API e.g., user password hashes...

4.3CVSS0.00205EPSS
Exploits0References1
NVD
NVD
added 2025/10/29 11:16 p.m.6 views

CVE-2025-54546

On affected platforms, restricted users could use SSH port forwarding to access host-internal services...

7.5CVSS0.00221EPSS
Exploits0References1
Rows per page
Query Builder