Lucene search
+L

168 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/27 9:49 a.m.7 views

CVE-2026-42736

Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp-better-messages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BP Better Messages: from n/a through = 2.14.16...

7.5CVSS5.8AI score0.00246EPSS
Exploits0References2
NVD
NVD
added 2026/05/22 11:16 p.m.20 views

CVE-2026-35430

Authorization bypass through user-controlled key in Azure Privileged Identity Management PIM allows an authorized attacker to elevate privileges over a network...

8.8CVSS0.00426EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/05/21 2:0 p.m.15 views

Azure Privileged Identity Management (PIM) Elevation of Privilege Vulnerability

Authorization bypass through user-controlled key in Azure Privileged Identity Management PIM allows an authorized attacker to elevate privileges over a network...

8.8CVSS5.8AI score0.00426EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.18 views

PT-2026-42842

Name of the Vulnerable Software and Affected Versions Azure Privileged Identity Management PIM affected versions not specified Description An authorization bypass exists due to a user-controlled key, which allows an authorized attacker to elevate privileges over a network. Recommendations At the...

9CVSS5.8AI score0.00426EPSS
Exploits0References7
CVE
CVE
added 2026/05/14 5:36 a.m.33 views

CVE-2026-1338

GitLab CVE-2026-1338 affects GitLab CE/EE versions prior to 18.9.7 (from 17.10), 18.10 prior to 18.10.6, and 18.11 prior to 18.11.3. The issue stems from improper authorization checks that could allow an authenticated user with developer-role permissions to delete protected container registry tag...

4.3CVSS5.8AI score0.0019EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2026/04/28 7:36 p.m.14 views

PYSEC-2026-100

NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A successful exploit of this vulnerability may lead to privilege escalation, data tampering, information...

9.8CVSS5.8AI score0.00573EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/04/28 7:36 p.m.11 views

CVE-2026-24178

NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A successful exploit of this vulnerability may lead to privilege escalation, data tampering, information...

9.8CVSS0.00573EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.5 views

PT-2026-35753

Name of the Vulnerable Software and Affected Versions NVFlare Dashboard versions prior to 2.5.0 Description A flaw in the user management and authentication system allows an unauthenticated attacker to bypass authorization using a user-controlled key. This can result in privilege escalation to fu...

9.8CVSS6AI score0.00573EPSS
Exploits0References9
CVE
CVE
added 2026/04/27 10:44 p.m.13 views

CVE-2026-28747

CVE-2026-28747 : A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras that allows authorization to be bypassed. Affected product is Milesight AIOT cameras; root cause is weak key generation in firmware. Impact is high on confidentiality, integrity, an...

7.3CVSS5.2AI score0.00177EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/15 10:21 a.m.38 views

CVE-2026-40737 WordPress COMPE plugin <= 1.1.4 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in VillaTheme COMPE compe-woo-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects COMPE: from n/a through = 1.1.4...

5.3CVSS0.00212EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 9:31 a.m.4 views

EUVD-2026-20177

Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Photo Gallery Final Tiles Grid: from n/a through = 3.6.11...

5.9AI score0.00204EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/25 5:3 p.m.4 views

CVE-2026-2414

Authorization bypass through User-Controlled key vulnerability in HYPR Server allows Privilege Escalation.This issue affects Server: from 9.5.2 before 10.7.2...

8.6CVSS5.9AI score0.00291EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/19 8:5 a.m.24 views

CVE-2025-32223 WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through = 3.9.4...

6.5CVSS0.00291EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/13 3:47 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through improper authorization in the subagents control. An attacker can gain unauthorized access to sibling session controls by issuing...

9.3CVSS5.8AI score0.00142EPSS
Exploits0References2
OSV
OSV
added 2026/03/04 8:6 p.m.4 views

GHSA-V6PG-V89R-W8WR Vaultwarden has 2FA Bypass on Protected Actions due to Faulty Rate Limit Enforcement

Summary Vaultwarden v1.34.3 and prior are susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a users account can exploit this bypass to perform protected actions such as accessing the user's API key or deleting the user's vault and...

6CVSS5.9AI score0.0026EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/02/21 7:29 p.m.7 views

CVE-2026-22383

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PawFriends - Pet Shop and Veterinary WordPress Theme: from n/a...

7.5CVSS5.5AI score0.00271EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.11 views

PT-2026-21088

Name of the Vulnerable Software and Affected Versions Cozmoslabs Paid Member Subscriptions versions n/a through 2.16.8 Description An authorization bypass exists due to incorrectly configured access control security levels in Cozmoslabs Paid Member Subscriptions. The issue allows exploitation...

5.4AI score0.00348EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.22 views

WordPress plugin MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

5.3CVSS5.8AI score0.00245EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.4 views

Siemens Industrial Edge Devices Authorization Bypass Through User-Controlled Key (CVE-2025-40805)

Affected devices do not properly enforce user authentication on specific API endpoints. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that the attacker has learned the identity of a...

10CVSS5.5AI score0.00601EPSS
Exploits0References11
Snyk
Snyk
added 2026/02/06 11:7 p.m.2 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the orderscontroller parameter. An attacker can access sensitive personal information of guest users, such as names, addresses, and phone numbers, by supplying a valid order ID for a...

8.7CVSS5.6AI score0.00441EPSS
Exploits1References2
Rows per page
Query Builder