Lucene search
K

656 matches found

Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.5 views

PT-2026-27116

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing administrative endpoints. A remote attacker can induce an authenticated administrator to submit crafted requests that modify device settings, including security-relevant...

7.2CVSS5.9AI score0.00117EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.10 views

Red Hat build of Keycloak 访问控制错误漏洞

Red Hat Build of Keycloak is a single-sign-on web application developed by the American company Red Hat. There is an access control vulnerability in Red Hat Build of Keycloak. This vulnerability stems from improper access control at the endpoints of User-Managed Access resources, which may allow...

4.3CVSS5.8AI score0.00203EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/21 3:26 a.m.3 views

CVE-2026-2294 UiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.09 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update

The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'uipsaveglobalsettings' function in all versions up to, and including, 3.5.09. This makes it possible for...

4.3CVSS5.9AI score0.00192EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.11 views

WordPress plugin UiPress lite | Effortless custom dashboards, admin themes and pages 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

4.3CVSS5.8AI score0.00192EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.4 views

PT-2026-26083

The update address CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to manipulate user address information through CSRF. The vulnerable cUsers.updateAddress function lacks CSRF token validation, enabling malicious websites to forge requests that add, modify, or delete user addresses...

7.1CVSS5.7AI score0.00109EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.6 views

PT-2026-25853

Summary The save membership action in modules/profile/profile function.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stop membership and remove former membership against the CSRF token but omits save membership from th...

5.7CVSS5.9AI score0.00149EPSS
Exploits1References7
Snyk
Snyk
added 2026/03/13 8:54 p.m.4 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the browser.request. An attacker can modify or create browser profiles and persist unauthorized configuration changes by sending crafted requests to profile...

7.1CVSS5.8AI score0.00288EPSS
Exploits0References2
CVE
CVE
added 2026/03/10 12:18 a.m.16 views

CVE-2026-27686

SAP Business Warehouse (Service API) is affected by CVE-2026-27686 due to a Missing Authorization Check. An authenticated attacker could use an affected RFC function module to perform unauthorized configuration and control changes, potentially disrupting request processing and causing denial of s...

5.9CVSS5.8AI score0.00215EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/10 12:18 a.m.1 views

CVE-2026-27686

Due to a Missing Authorization Check in SAP Business Warehouse Service API, an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially disrupting request...

5.9CVSS5.8AI score0.00215EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/10 12:18 a.m.3 views

CVE-2026-27686 Missing Authorization check in SAP Business Warehouse (Service API)

Due to a Missing Authorization Check in SAP Business Warehouse Service API, an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially disrupting request...

5.9CVSS5.8AI score0.00215EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/10 12:18 a.m.30 views

CVE-2026-27686 Missing Authorization check in SAP Business Warehouse (Service API)

Due to a Missing Authorization Check in SAP Business Warehouse Service API, an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially disrupting request...

5.9CVSS0.00215EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.13 views

PT-2026-24162

Due to a Missing Authorization Check in SAP Business Warehouse Service API, an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially disrupting request...

5.9CVSS5.8AI score0.00215EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.10 views

SAP Business Warehouse 安全漏洞

SAP Business Warehouse is a key component of the German company SAP, used for executing business processes. It allows users to design, implement, and manage business processes, ensuring compliance with regulations and reducing the need for manual operations through automation. There is a security...

5.9CVSS5.8AI score0.00215EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/07 7:22 a.m.28 views

CVE-2026-1087 The Guardian News Feed <= 1.2 - Cross-Site Request Forgery to Settings Update

The Guardian News Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

4.3CVSS0.00126EPSS
Exploits0References3
OSV
OSV
added 2026/02/27 10:11 p.m.5 views

CVE-2026-28515 openDCIM <= 23.04 Missing Authorization in install.php

openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. Any authenticated user can access this...

9.3CVSS7.1AI score0.01157EPSS
Exploits3References11
RedhatCVE
RedhatCVE
added 2026/02/27 7:44 p.m.8 views

CVE-2026-26078

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, when the patreonwebhooksecret site setting is blank, an attacker can forge valid webhook signatures by computing an HMAC-MD5 with an empty string as the key. Since the request body is known to th...

7.5CVSS6AI score0.00224EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/26 10:35 p.m.5 views

CVE-2026-1747

GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packag...

4.3CVSS5.4AI score0.00229EPSS
Exploits0References1
OSV
OSV
added 2026/02/25 9:16 p.m.6 views

UBUNTU-CVE-2026-1747

GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packag...

4.3CVSS5.8AI score0.00229EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/25 4:17 p.m.4 views

CVE-2026-27518

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior lack CSRF protections for state-changing actions in the administrative interface. An attacker can trick an authenticated administrator into performing unauthorized configuration changes...

5.1CVSS5.4AI score0.00102EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/24 10:25 p.m.7 views

CVE-2026-27513

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a cross-site request forgery CSRF vulnerability in the web-based administrative interface. The interface does not implement anti-CSRF protections, allowing an attacker to induce an authenticated administrator to submit...

5.1CVSS5.3AI score0.00102EPSS
Exploits0References1
Rows per page
Query Builder