Lucene search
K

134 matches found

NVD
NVD
added 2 days ago4 views

CVE-2026-14645

Nexus Repository 3 does not validate the destination of the "Webhook: Global" capability's configured URL before making an outbound HTTP request, allowing a user holding the Capability Administration permission to cause the server to send requests to internal network locations Server-Side Request...

5.1CVSS0.00397EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/02 7:40 p.m.36 views

CVE-2026-59093 Weaviate < 1.38.0 - Privilege Escalation via Unchecked Permissions in RBAC Role Assignment

Weaviate before 1.38.0 does not verify that a principal performing an RBAC role assignment holds the permissions granted by the assigned role. The assignRoleToUser and assignRoleToGroup handlers POST /authz/users/id/assign and /authz/groups/id/assign authorize only that the caller may assign role...

8.8CVSS0.00389EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/07/02 7:40 p.m.5 views

CVE-2026-59093 Weaviate < 1.38.0 - Privilege Escalation via Unchecked Permissions in RBAC Role Assignment

Weaviate before 1.38.0 does not verify that a principal performing an RBAC role assignment holds the permissions granted by the assigned role. The assignRoleToUser and assignRoleToGroup handlers POST /authz/users/id/assign and /authz/groups/id/assign authorize only that the caller may assign role...

8.8CVSS6AI score0.00389EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/02 7:40 p.m.7 views

EUVD-2026-41424

Weaviate before 1.38.0 does not verify that a principal performing an RBAC role assignment holds the permissions granted by the assigned role. The assignRoleToUser and assignRoleToGroup handlers POST /authz/users/id/assign and /authz/groups/id/assign authorize only that the caller may assign role...

8.8CVSS5.8AI score0.00389EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/02 7:40 p.m.8 views

CVE-2026-59093

Weaviate before 1.38.0 does not verify that a principal performing an RBAC role assignment holds the permissions granted by the assigned role. The assignRoleToUser and assignRoleToGroup handlers POST /authz/users/id/assign and /authz/groups/id/assign authorize only that the caller may assign role...

8.8CVSS5.8AI score0.00389EPSS
Exploits0References5
OSV
OSV
added 2026/07/02 7:40 p.m.3 views

CVE-2026-59093 Weaviate < 1.38.0 - Privilege Escalation via Unchecked Permissions in RBAC Role Assignment

Weaviate before 1.38.0 does not verify that a principal performing an RBAC role assignment holds the permissions granted by the assigned role. The assignRoleToUser and assignRoleToGroup handlers POST /authz/users/id/assign and /authz/groups/id/assign authorize only that the caller may assign role...

8.7CVSS6AI score0.00389EPSS
Exploits0References7
CVE
CVE
added 2026/07/02 7:40 p.m.20 views

CVE-2026-59093

Weaviate prior to 1.38.0 fails to verify that a principal granting RBAC roles actually has permissions within those roles. The assignRoleToUser and assignRoleToGroup endpoints (POST /authz/users/{id}/assign, /authz/groups/{id}/assign) only check that the caller may assign roles, not the permissio...

8.8CVSS5.8AI score0.00389EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.13 views

PT-2026-55294

Name of the Vulnerable Software and Affected Versions Weaviate versions prior to 1.38.0 Description An issue exists where the system fails to verify if a principal performing a Role-Based Access Control RBAC role assignment possesses the permissions granted by the role being assigned. While role...

8.8CVSS6.1AI score0.00389EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/07/01 5:31 p.m.7 views

foreman: Foreman: Privilege escalation to administrator-level access via usergroup role assignment manipulation

A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and th...

8.8CVSS5.8AI score0.00297EPSS
Exploits0References4
CVE
CVE
added 2026/07/01 1:28 p.m.26 views

CVE-2026-5136

Summary : CVE-2026-5136 affects Foreman. A flaw in the Usergroup model allows an authenticated user with usergroup management permissions to attach arbitrary roles (including administrator) to a user group and then add themselves as a member, enabling full privilege escalation to administrator-le...

8.8CVSS5.8AI score0.00297EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/07/01 1:28 p.m.8 views

CVE-2026-5136 Foreman: foreman: privilege escalation to administrator-level access via usergroup role assignment manipulation

A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and th...

8.8CVSS5.8AI score0.00297EPSS
Exploits0References6
OSV
OSV
added 2026/07/01 1:28 p.m.5 views

CVE-2026-5136 Foreman: foreman: privilege escalation to administrator-level access via usergroup role assignment manipulation

A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and th...

8.8CVSS6.1AI score0.00297EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/07/01 1:27 p.m.10 views

CVE-2026-5136

A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and th...

8.8CVSS5.8AI score0.00297EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40429

Capgo before 12.128.2 allows org admins to assign org-scoped RBAC roles at app scope without validating role scope compatibility, including to pending invitees. Attackers can pre-seed malformed high-privilege bindings that survive invite acceptance, enabling accepted low-privilege users to perfor...

8.8CVSS5.8AI score0.00303EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/27 4:58 p.m.16 views

CVE-2026-48150 Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign

Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for the app id in the x-budibase-app-id header. That check admits both global builders and workspace-scoped builders...

9CVSS5.8AI score0.00292EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/15 7:46 a.m.14 views

EUVD-2026-30513

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field update mechanism combined with overly permissive capabilities for the adminform post type. The...

8.8CVSS5.7AI score0.00325EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/15 7:46 a.m.11 views

CVE-2026-6228

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field update mechanism combined with overly permissive capabilities for the adminform post type. The...

8.8CVSS5.7AI score0.00325EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2026/05/01 9:30 a.m.14 views

a10-octavia (>=1.0.0 <=2.2.0), gadgetfinder (>=0.0.1 <=1.0.0) +3 more potentially affected by CVE-2026-43001 via keystone (>=15.0.1 <=29.0.1)

keystone PYPI version =15.0.1, =1.0.0, =0.0.1, =0.1.0, =0.1.0, =1.12.0 Source cves: CVE-2026-43001 Source advisory: SNYK:PYTHON-KEYSTONE-16479530...

8CVSS5.8AI score0.00446EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/04/16 9:44 p.m.13 views

Flowise: Improper Mass Assignment in Account Registration Enables Unauthorized Organization Association

Summary An improper mass assignment JSON injection vulnerability in the account registration endpoint of Flowise Cloud allows unauthenticated attackers to inject server-managed fields and nested objects during account creation. This enables client-controlled manipulation of ownership metadata,...

9.8CVSS5.8AI score0.00334EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/04/06 8:16 p.m.9 views

CVE-2026-35182

Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/id lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to...

8.8CVSS0.00336EPSS
Exploits1References1
Rows per page
Query Builder