Lucene search
+L

767 matches found

CVE
CVE
added 2026/03/05 9:59 p.m.23 views

CVE-2026-28448

OpenClaw OpenClaw (Twitch plugin) versions 2026.1.29 through 2026.2.0 are affected. The vulnerability resides in the Twitch plugin’s access-control logic (checkTwitchAccessControl in extensions/twitch/src/access-control.ts): when allowFrom is configured and allowedRoles is unset or empty, the cod...

9.4CVSS5.9AI score0.00444EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/03 6:9 p.m.5 views

GHSA-QJ22-XQJR-V83V OpenClaw's Telegram message_reaction authorization bypass allows unauthorized system-event injection

A missing sender-authorization check in Telegram messagereaction handling allowed unauthorized users to trigger reaction-derived system events. Affected Packages / Versions - Package: openclaw npm - Introduced: 2026.2.17 - Affected: = 2026.2.17 and = 2026.2.24 - Latest published at patch time:...

7.1CVSS5.8AI score
Exploits0References3
OSV
OSV
added 2026/02/25 7:33 p.m.4 views

CVE-2025-14103 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthorized user with Developer-role permissions to set pipeline variables for manually triggered jobs under certain conditions...

4.3CVSS5.5AI score0.0019EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.11 views

GitLab CE/EE 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 18.7.5, 18.8.5, and 18.9.1 containe...

4.3CVSS5.8AI score0.0019EPSS
Exploits0References3
CVE
CVE
added 2026/02/20 12:56 a.m.22 views

CVE-2026-26977

Frappe Learning Management System (LMS)

6.9CVSS5.5AI score0.00289EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/02/11 4:53 p.m.10 views

GHSA-GWMX-9GCJ-332H Statamic CMS's missing authorization allows access to assets

Impact Users without permission to view assets are able are able to download them and view their metadata. Logged-out users and users without permission to access the control panel are unable to take advantage of this. Patches This has been fixed in 5.73.6 and 6.2.5...

4.3CVSS5.4AI score0.00285EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.7 views

Microcom ZeusWeb 安全漏洞

Microcom ZeusWeb is a remote monitoring platform developed by the Spanish company Microcom. Version 6.1.31 of Microcom ZeusWeb contains a security vulnerability. This vulnerability stems from the exposure of sensitive system information to unauthorized participants, which may lead to fingerprint...

7.5CVSS5.8AI score0.004EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.12 views

PT-2026-7664

Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.6 Statamic versions prior to 6.2.5 Description Statamic is a Laravel and Git powered CMS designed for building websites. Users without the necessary permissions to view assets are able to download them and view...

4.3CVSS5.4AI score0.00285EPSS
Exploits0References17
CNNVD
CNNVD
added 2026/02/05 12:0 a.m.7 views

Hrsale 跨站请求伪造漏洞

Hrsale is a human resources management system written in PHP, developed by the Hrsale team. Version 1.1.8 of Hrsale contains a cross-site request forgeing vulnerability. This vulnerability stems from the existence of cross-site request forgery, which may lead to the addition of unauthorized...

5.1CVSS5.7AI score0.00156EPSS
Exploits0References4
NVD
NVD
added 2026/02/03 11:15 a.m.7 views

CVE-2025-67856

A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to...

9.8CVSS0.00272EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.4 views

PT-2026-6433

A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to...

5.4CVSS5.4AI score0.00272EPSS
Exploits0References7
OSV
OSV
added 2026/01/30 5:3 p.m.3 views

CLEANSTART-2026-KA40024 PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access

Multiple security vulnerabilities affect the postgresql package. PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. See references for individual vulnerability details...

9.8CVSS5.8AI score0.89914EPSS
Exploits12References19
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.10 views

IX-Ray Engine security vulnerabilities

IX-Ray Engine is a modern game engine open-source by the IX-Ray Team. Versions of IX-Ray Engine prior to 1.3 contained security vulnerabilities, which were caused by exposing sensitive information to unauthorized participants...

7.5CVSS5.8AI score0.00189EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:54 a.m.9 views

CVE-2022-23240

Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows unauthorized users to update EMS Subscriptions via unspecified vectors...

6.5CVSS6.8AI score0.00414EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:19 a.m.15 views

CVE-2019-18367

In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions...

5.3CVSS6.9AI score0.0072EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:9 a.m.8 views

CVE-2019-11545

An issue was discovered in GitLab Community Edition 11.9.x before 11.9.10 and 11.10.x before 11.10.2. It allows Information Disclosure. When an issue is moved to a private project, the private project namespace is leaked to unauthorized users with access to the original issue...

4.3CVSS6.3AI score0.01044EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:50 a.m.10 views

CVE-2020-10618

LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to sensitive information exposure by unauthorized users...

5.5CVSS6.3AI score0.00832EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:42 a.m.8 views

CVE-1999-0603

In Windows NT, an inappropriate user is a member of a group, e.g. Administrator, Backup Operators, Domain Admins, Domain Guests, Power Users, Print Operators, Replicators, System Operators, etc...

10CVSS7AI score0.01904EPSS
Exploits0References1
NVD
NVD
added 2026/01/06 4:15 p.m.8 views

CVE-2020-36918

iDS6 DSSPro Digital Signage System 6.2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft malicious web pages to trick logged-in administrators into adding unauthorized users by exploiting the...

5.1CVSS0.00142EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/01/06 3:52 p.m.32 views

CVE-2020-36918 iDS6 DSSPro Digital Signage System 6.2 Cross-Site Request Forgery via User Management

iDS6 DSSPro Digital Signage System 6.2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can craft malicious web pages to trick logged-in administrators into adding unauthorized users by exploiting the...

5.1CVSS0.00142EPSS
Exploits1References7
Rows per page
Query Builder