50 matches found
GHSA-39VQ-49QM-R2MC Kirby CMS's content locks disclose IDs and emails of inaccessible users from `users.access/list` permissions
TL;DR This vulnerability affects all Kirby sites that restrict the visibility of users for certain roles via the users.access or users.list permissions. A site is affected if users of a particular role are not allowed to see other users in the Panel, for example because the role's blueprint sets...
SUSE CVE-2026-30233
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authorization flaw in OliveTin allows authenticated users with view: false permission to enumerate action bindings and metadata via dashboard and API endpoints. Although execution exec may be...
CVE-2026-30233
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authorization flaw in OliveTin allows authenticated users with view: false permission to enumerate action bindings and metadata via dashboard and API endpoints. Although execution exec may be...
CVE-2026-30233
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authorization flaw in OliveTin allows authenticated users with view: false permission to enumerate action bindings and metadata via dashboard and API endpoints. Although execution exec may be...
CVE-2026-30233
Technical details for CVE-2026-30233 are not publicly available in the provided connected documents. Monitor for updates.
CVE-2026-30233 OliveTin: View permission not being checked when returning dashboards
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authorization flaw in OliveTin allows authenticated users with view: false permission to enumerate action bindings and metadata via dashboard and API endpoints. Although execution exec may be...
CVE-2026-30233 OliveTin: View permission not being checked when returning dashboards
OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.11.1, an authorization flaw in OliveTin allows authenticated users with view: false permission to enumerate action bindings and metadata via dashboard and API endpoints. Although execution exec may be...
PT-2026-23617
Name of the Vulnerable Software and Affected Versions OliveTin versions prior to 3000.11.1 Description OliveTin has an authorization issue where authenticated users with insufficient permissions view: false can access metadata related to actions through the dashboard and API endpoints...
CVE-2026-3351
Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd server...
CVE-2023-25407
Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have read access to administrator credentials...
CVE-2025-54548
On affected platforms, restricted users could view sensitive portions of the config database via a debug API e.g., user password hashes...
CVE-2025-54546
On affected platforms, restricted users could use SSH port forwarding to access host-internal services...
EUVD-2025-36725
On affected platforms, restricted users could view sensitive portions of the config database via a debug API e.g., user password hashes...
EUVD-2025-36727
On affected platforms, restricted users could use SSH port forwarding to access host-internal services...
CVE-2025-54548
On affected platforms, restricted users could view sensitive portions of the config database via a debug API e.g., user password hashes...
CVE-2025-54546
On affected platforms, restricted users could use SSH port forwarding to access host-internal services...
CVE-2025-54548
CVE-2025-54548 involves a debug API that could let restricted users view parts of the config DB (including password hashes) in Arista DANZ Monitoring Fabric and related DMF/CCF/CVA/MCD deployments. The advisory and Red/NCSC/NVD entries confirm the affected products and the underlying issue, with ...
CVE-2025-54548 On affected platforms, restricted users could view sensitive portions of the config database via a debug API (e.g., user password hashes)
On affected platforms, restricted users could view sensitive portions of the config database via a debug API e.g., user password hashes...
CVE-2025-54546 On affected platforms, restricted users could use SSH port forwarding to access host-internal services
On affected platforms, restricted users could use SSH port forwarding to access host-internal services...
CVE-2025-54546 On affected platforms, restricted users could use SSH port forwarding to access host-internal services
On affected platforms, restricted users could use SSH port forwarding to access host-internal services...