Lucene search
K

1817 matches found

NVD
NVD
added yesterday3 views

CVE-2026-57694

Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through = 3.9.13...

6.5CVSS0.00335EPSS
Exploits0References1
EUVD
EUVD
added yesterday6 views

EUVD-2026-43300

An Authorization Bypass Through User-Controlled Key vulnerability affecting Tuleap Enterprise Edition from 17.0 through 17.5 could allow an attacker to access data of other users without authorization...

7.5CVSS6.1AI score0.00246EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday23 views

CVE-2026-61971 WordPress User Profile Picture plugin <= 2.6.3 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture metronet-profile-picture allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Profile Picture: from n/a through = 2.6.3...

2.7CVSS0.00314EPSS
Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-57694

CVE-2026-57694 affects the WordPress Tutor LMS plugin up to version 3.9.13, describing an insecure direct object reference (IDOR) vulnerability that enables an authorization bypass via a user-controlled key. The root cause is misconfigured access controls that allow access to restricted resources...

6.5CVSS6.1AI score0.00335EPSS
Exploits0References1
NVD
NVD
added yesterday8 views

CVE-2026-14165

An Authorization Bypass Through User-Controlled Key vulnerability affecting Tuleap Enterprise Edition from 17.0 through 17.5 could allow an attacker to access data of other users without authorization...

7.5CVSS0.00246EPSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-14165

Technical details are not publicly available in the provided documents. Monitor for updates on affected versions, root cause, and remediation.

7.5CVSS6.1AI score0.00246EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday27 views

CVE-2026-14165 Authorization Bypass Through User-Controlled Key vulnerability affecting Tuleap Enterprise Edition from 17.0 through 17.5

An Authorization Bypass Through User-Controlled Key vulnerability affecting Tuleap Enterprise Edition from 17.0 through 17.5 could allow an attacker to access data of other users without authorization...

7.5CVSS0.00246EPSS
Exploits0References1
Snyk
Snyk
added 4 days ago2 views

Authorization Bypass Through User-Controlled Key

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the assetid field in the API update process. An attacker can gain unauthorized access to assets outside their company...

7.7CVSS6.1AI score0.00218EPSS
Exploits0References2
NVD
NVD
added 4 days ago8 views

CVE-2026-6212

Authorization bypass through User-Controlled key vulnerability in Teracity Software Technologies Inc. TeraMIS allows Privilege Abuse. This issue affects TeraMIS: from V03.26.01.14 through 30.04.2026...

8.8CVSS0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago37 views

CVE-2026-6212 IDOR in Teracity's TeraMIS

Authorization bypass through User-Controlled key vulnerability in Teracity Software Technologies Inc. TeraMIS allows Privilege Abuse. This issue affects TeraMIS: from V03.26.01.14 through 30.04.2026...

8.8CVSS0.00251EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42988

Authorization bypass through User-Controlled key vulnerability in Teracity Software Technologies Inc. TeraMIS allows Privilege Abuse. This issue affects TeraMIS: from V03.26.01.14 through 30.04.2026...

8.8CVSS6.1AI score0.00251EPSS
Exploits0References1
CVE
CVE
added 4 days ago12 views

CVE-2026-6212

CVE-2026-6212 affects Teracity Software Technologies Inc. TeraMIS (versions V03.26.01.14 through 30.04.2026). The issue is an Authorization bypass via a User-Controlled key, enabling Privilege Abuse. Root cause: improper handling of user-controlled keys allows bypassing access controls. CVSSv3.1 ...

8.8CVSS6.1AI score0.00251EPSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-2398

Authorization bypass through User-Controlled key vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows Privilege Escalation. This issue affects MobilMen 20T: from v3 through 10072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

8.8CVSS0.0025EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42959

Authorization bypass through User-Controlled key vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows Privilege Escalation. This issue affects MobilMen 20T: from v3 through 10072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

8.8CVSS6.1AI score0.0025EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-2398 IDOR in AdamPOS' MobilMen 20T

Authorization bypass through User-Controlled key vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows Privilege Escalation. This issue affects MobilMen 20T: from v3 through 10072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

8.8CVSS0.0025EPSS
Exploits0References1
NVD
NVD
added 5 days ago10 views

CVE-2026-1989

Authorization bypass through User-Controlled key vulnerability in PAVO Financial Technology Solutions Inc. PAVO Pay allows Exploitation of Trusted Identifiers. This issue affects PAVO Pay: through 09072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

7.5CVSS0.00407EPSS
Exploits0References1
CVE
CVE
added 5 days ago13 views

CVE-2026-1989

Technical details of CVE-2026-1989 are not publicly available in the provided documents; monitor for updates.

7.5CVSS5.9AI score0.00407EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-42553

Authorization bypass through User-Controlled key vulnerability in PAVO Financial Technology Solutions Inc. PAVO Pay allows Exploitation of Trusted Identifiers. This issue affects PAVO Pay: through 09072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

7.5CVSS5.9AI score0.00407EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-1989

Authorization bypass through User-Controlled key vulnerability in PAVO Financial Technology Solutions Inc. PAVO Pay allows Exploitation of Trusted Identifiers. This issue affects PAVO Pay: through 09072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

7.5CVSS5.9AI score0.00407EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/07 12:40 p.m.5 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the GET /api/v2/dagSources/dagid endpoint, which returns the entire source file containing multiple DAGs without redacting those the user is not authorized to access. An attacker can...

7.1CVSS6AI score0.00601EPSS
Exploits0References2
Rows per page
Query Builder