Lucene search
+L

168 matches found

EUVD
EUVD
added 2 days ago7 views

EUVD-2026-45227

Authorization bypass through User-Controlled key vulnerability in Vimesoft Inc. Enterprise Video Platform allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Enterprise Video Platform: from 3.11.0.0 before 3.25.0...

9.4CVSS5.3AI score0.00264EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-11763 IDOR in GIS Informatics' GisLab Laboratory Management System

Authorization bypass through User-Controlled key vulnerability in Gis Informatics Engineering Consulting Laboratory R&D and Software Services Inc. GisLab Laboratory Management System allows Exploitation of Trusted Identifiers. This issue affects GisLab Laboratory Management System: from 1.4.03...

6.5CVSS0.00263EPSS
Exploits0References1
NVD
NVD
added 6 days ago8 views

CVE-2026-61971

Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture metronet-profile-picture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Profile Picture: from n/a through = 2.6.3...

2.7CVSS0.00192EPSS
Exploits0References1
CVE
CVE
added 2026/07/10 5:2 p.m.15 views

CVE-2026-2398

MobilMen 20T (Adam Retail Automation Ltd) is affected by CVE-2026-2398 due to an Authorization bypass via a User-Controlled key, enabling Privilege Escalation. Affected versions are MobilMen 20T v3 through 10072026. CVSS 3.1 base score 8.8 (Network, Low attack complexity, Privileges Required: Low...

8.8CVSS6.1AI score0.0025EPSS
Exploits0References1
CVE
CVE
added 2026/07/07 6:45 a.m.15 views

CVE-2026-5730

CVE-2026-5730 affects Idvlabs Ontime through version 04052026. The issue is an authorization bypass (IDOR) caused by a user-controlled key, enabling exploitation of trusted identifiers with no user interaction. CVSS 3.1 base score 7.5 (HIGH) with network attack vector, low attack complexity, no p...

7.5CVSS5.9AI score0.00246EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/07 6:45 a.m.7 views

EUVD-2026-42014

Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...

7.5CVSS5.9AI score0.00246EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:27 p.m.7 views

EUVD-2026-39394

Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys...

8.4CVSS5.8AI score0.00159EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 1:27 p.m.24 views

CVE-2026-2815

The CVE affects Silicon Labs’ EFR32xG27 devices. Issue: Incorrect use of the PUF key for user key generation leads to predictable keys. This is tied to a CVSS 4.0 base score of 8.4 (HIGH) with adjacent access, low attack complexity, no authentication, and user interaction not required. The vulner...

8.4CVSS5.8AI score0.00159EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 1:27 p.m.4 views

CVE-2026-2815 Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys

Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys...

8.4CVSS5.9AI score0.00159EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/21 3:15 a.m.7 views

CVE-2026-12773 BerriAI litellm MCP Proxy user_api_key_auth_mcp.py UserAPIKeyAuth improper authentication

A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/proxy/experimental/mcpserver/auth/userapikeyauthmcp.py of the component MCP Proxy. Executing a manipulation can lead to improper authentication. The attack may be launched...

7.5CVSS6.7AI score0.00612EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/21 3:15 a.m.12 views

EUVD-2026-38139

A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/proxy/experimental/mcpserver/auth/userapikeyauthmcp.py of the component MCP Proxy. Executing a manipulation can lead to improper authentication. The attack may be launched...

7.5CVSS6.7AI score0.00612EPSS
Exploits1References5
NVD
NVD
added 2026/06/21 2:16 a.m.18 views

CVE-2026-12771

A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/userapikeyauth.py of the component M2M JWT Handler. Such manipulation leads to improper authorization. The attack can be launched remotely. A high complexity level is...

7.5CVSS0.00288EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.19 views

PT-2026-51197

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.59.9 Description An improper authentication flaw exists in the MCP Proxy component. Specifically, the UserAPIKeyAuth function within the file litellm/proxy/ experimental/mcp server/auth/user api key auth...

9.8CVSS7.2AI score0.00612EPSS
Exploits1References13
Snyk
Snyk
added 2026/06/19 9:43 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the removeAlarms process. An attacker can permanently delete alarm records belonging to other tenants by supplying arbitrary alarm IDs in a bulk delete request. This can result in...

9.6CVSS5.9AI score0.00258EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.21 views

PT-2026-48630

Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo Showcase Responsive Slider and Carousel allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Logo Showcase Responsive Slider and Carousel: from n/a through 3.6...

5.3CVSS7.7AI score0.00188EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 6:20 a.m.52 views

CVE-2026-44083

CVE-2026-44083 affects QuMagie. The vulnerability is an authorization bypass via a user-controlled key that could allow remote attackers to gain unintended privileges. Affected product: QuMagie (reported across multiple feeds). Root cause: authorization bypass enabling privilege escalation; explo...

9.8CVSS5.5AI score0.0046EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/09 6:20 a.m.35 views

CVE-2026-44083 QuMagie

An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges. We have already fixed the vulnerability in the following version: QuMagie 2.9.1 and later...

8.7CVSS0.0046EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 6:20 a.m.11 views

EUVD-2026-35354

An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges. We have already fixed the vulnerability in the following version: QuMagie 2.9.1 and later...

8.7CVSS5.5AI score0.0046EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 5:55 p.m.39 views

CVE-2026-4868 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that, under certain conditions, could have allowed an authenticated user to cause specific Duo AI workflows to run under another user's identity due to imprope...

8.2CVSS0.00341EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 11:16 a.m.19 views

CVE-2026-42736

Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp-better-messages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BP Better Messages: from n/a through = 2.14.16...

7.5CVSS0.00246EPSS
Exploits0References1
Rows per page
Query Builder