Lucene search
K

410 matches found

Snyk
Snyk
added 2026/03/30 5:49 p.m.2 views

Incorrect Authorization

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Incorrect Authorization the category retrieval logic in objects/categories.json.php and objects/category.php. An attacker can enumerate non-private categories and...

6.9CVSS5.8AI score0.00319EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/27 6:11 p.m.5 views

CVE-2026-34364

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the categories.json.php endpoint, which serves the category listing API, fails to enforce user group-based access controls on categories. In the default request path no ?user= parameter, user group filtering is...

5.3CVSS5.8AI score0.00319EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.8 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of user group access control on the categories.json.php endpoint and type confusion,...

5.3CVSS5.8AI score0.00319EPSS
Exploits1References3
OSV
OSV
added 2026/03/23 4:28 p.m.7 views

CVE-2026-33501 AVideo has Unauthenticated Information Disclosure of User Group Permission Mappings via Permissions Plugin

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the endpoint plugin/Permissions/View/Usersgroupspermissions/list.json.php lacks any authentication or authorization check, allowing unauthenticated users to retrieve the complete permission matrix mapping user...

5.3CVSS5.8AI score0.0043EPSS
Exploits1References5
CVE
CVE
added 2026/03/23 4:28 p.m.12 views

CVE-2026-33501

Summary (CVE-2026-33501 in WWBN AVideo) : Versions up to 26.0 expose an unauthenticated information disclosure via the Permissions plugin. The endpoint plugin/Permissions/View/Users_groups_permissions/list.json.php returns the full users_groups_permissions table without any authentication/authori...

5.3CVSS5.7AI score0.0043EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/20 8:57 p.m.7 views

AVideo has Unauthenticated Information Disclosure of User Group Permission Mappings via Permissions Plugin

Summary The endpoint plugin/Permissions/View/Usersgroupspermissions/list.json.php lacks any authentication or authorization check, allowing unauthenticated users to retrieve the complete permission matrix mapping user groups to plugins. All sibling endpoints in the same directory add.json.php,...

5.3CVSS5.9AI score0.0043EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.8 views

Mura 安全漏洞

Mura is a content management system developed by Mura Corporation. Versions of Mura 10.1.10 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the lack of CSRF token validation in the user management’s group addition feature, which could lead to privilege escalatio...

8CVSS5.8AI score0.00128EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.6 views

PT-2026-25589

A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Affected is the function cgi create...

6.5CVSS5.5AI score0.04088EPSS
Exploits1References15
Snyk
Snyk
added 2026/03/11 2:56 p.m.6 views

Cross-site Scripting (XSS)

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering process of user group names on the user permissions page. An attacker can execute arbitrary JavaScript code in the context of another user's browser...

4.8CVSS5.9AI score0.00148EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.8 views

PT-2026-24487

Name of the Vulnerable Software and Affected Versions Umbraco versions 15.3.1 through 16.5.0 Umbraco version 17.2.2 Description Umbraco CMS contains a privilege escalation issue. Authenticated backoffice users with user management permissions may be able to gain elevated privileges due to...

7.2CVSS5.7AI score0.00257EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.7 views

Umbraco 安全漏洞

Umbraco is an open-source content management system CMS written in C by the Danish company Umbraco. Versions of Umbraco from 15.3.1 to 16.5.1 and before, as well as versions prior to 17.2.2, have security vulnerabilities. These vulnerabilities stem from insufficient authorization when modifying...

7.2CVSS5.8AI score0.00257EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/05 1:57 a.m.6 views

CVE-2026-27012

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's group idgruppo by directly calling...

9.8CVSS5.9AI score0.00537EPSS
Exploits1References1
NVD
NVD
added 2026/03/03 10:16 p.m.22 views

CVE-2026-27012

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's group idgruppo by directly calling...

9.8CVSS0.00537EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/03 9:53 p.m.21 views

CVE-2026-27012 Unauthenticated privilege escalation in OpenSTAManager via modules/utenti/actions.php

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's group idgruppo by directly calling...

9.8CVSS0.00537EPSS
Exploits1References1
CVE
CVE
added 2026/03/03 9:53 p.m.122 views

CVE-2026-27012

OpenSTAManager CVE-2026-27012 affects 2.9.8 and earlier, enabling unauthenticated privilege escalation via modules/utenti/actions.php. An attacker can call the PHP endpoint to arbitrarily change a user’s group (idgruppo), promoting a normal account (e.g., agent) to Amministratori or demoting admi...

9.8CVSS6AI score0.00537EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.9 views

PT-2026-22837

Name of the Vulnerable Software and Affected Versions OpenSTAManager versions 2.9.8 and earlier Description OpenSTAManager is a management software for technical assistance and invoicing. A privilege escalation and authentication bypass exists in versions 2.9.8 and earlier, allowing an attacker t...

9.8CVSS5.9AI score0.00537EPSS
Exploits1References6
NVD
NVD
added 2026/02/11 9:16 p.m.12 views

CVE-2025-64487

Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability exists in the Outline document management system due to inconsistent authorization checks between user and group membership management endpoints. This vulnerability is fixed in...

7.6CVSS0.00197EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/11 8:25 p.m.26 views

CVE-2025-64487 Outline is vulnerable to privilege escalation vulnerability in document sharing

Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability exists in the Outline document management system due to inconsistent authorization checks between user and group membership management endpoints. This vulnerability is fixed in...

7.6CVSS0.00197EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.7 views

Outline 安全漏洞

Outline is an open-source knowledge base developed by Outline. Versions prior to Outline 1.1.0 contained security vulnerabilities. These vulnerabilities stemmed from inconsistent authorization checks between user and group member management endpoints, which could lead to privilege escalation...

7.6CVSS5.8AI score0.00197EPSS
Exploits0References2
NVD
NVD
added 2026/02/05 9:15 a.m.8 views

CVE-2025-13416

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized user suspension due to a missing capability check on the pmdeactivateuserfromgroup function in all versions up to, and including, 5.9.7.2. This makes it possible for authenticated attackers,...

4.3CVSS0.00282EPSS
Exploits0References4
Rows per page
Query Builder