Lucene search
K

1796 matches found

NVD
NVD
added yesterday9 views

CVE-2026-1989

Authorization bypass through User-Controlled key vulnerability in PAVO Financial Technology Solutions Inc. PAVO Pay allows Exploitation of Trusted Identifiers. This issue affects PAVO Pay: through 09072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

7.5CVSS0.00407EPSS
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-42553

Authorization bypass through User-Controlled key vulnerability in PAVO Financial Technology Solutions Inc. PAVO Pay allows Exploitation of Trusted Identifiers. This issue affects PAVO Pay: through 09072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

7.5CVSS5.9AI score0.00407EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-1989

Authorization bypass through User-Controlled key vulnerability in PAVO Financial Technology Solutions Inc. PAVO Pay allows Exploitation of Trusted Identifiers. This issue affects PAVO Pay: through 09072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

7.5CVSS5.9AI score0.00407EPSS
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-1989

Technical details of CVE-2026-1989 are not publicly available in the provided documents; monitor for updates.

7.5CVSS5.9AI score0.00407EPSS
Exploits0References1
NVD
NVD
added 3 days ago10 views

CVE-2026-5799

Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...

7.5CVSS0.00246EPSS
Exploits0References1
NVD
NVD
added 3 days ago9 views

CVE-2026-5730

Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...

7.5CVSS0.00246EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-5799 IDOR in Idvlabs' Ontime

Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...

7.5CVSS0.00246EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-42015

Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...

7.5CVSS5.9AI score0.00246EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago7 views

CVE-2026-5799

Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...

7.5CVSS5.9AI score0.00246EPSS
Exploits0References2
CVE
CVE
added 3 days ago13 views

CVE-2026-5799

CVE-2026-5799 is an IDOR in Idvlabs’ Ontime affecting versions up to 04052026, caused by a user-controlled key that enables an authorization bypass. The vulnerability allows exploitation of trusted identifiers and is rated CVSSv3.1 = 7.5 (HIGH) with network attack vector, low attack complexity, n...

7.5CVSS5.9AI score0.00246EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago29 views

CVE-2026-5730 IDOR in Idvlabs' Ontime

Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...

7.5CVSS0.00246EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-5730

Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026...

7.5CVSS5.9AI score0.00246EPSS
Exploits0References2
CISA KEV Catalog
CISA KEV Catalog
added 3 days ago3 views

Langflow Authorization Bypass Through User-Controlled Key Vulnerability

Langflow contains an authorization bypass through user-controlled key vulnerability which allows an authenticated attacker to execute any flow belonging to another user by specifying the victim's flow ID in the request...

8.4CVSS6AI score0.00467EPSS
In wildExploits2
Snyk
Snyk
added 4 days ago3 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the users.getUser method in the JSON-RPC API. An attacker can retrieve sensitive credential information, such as password hashes, TOTP secrets, and session tokens, by supplying...

8.6CVSS6.1AI score0.0025EPSS
Exploits0References2
Snyk
Snyk
added 5 days ago7 views

Authorization Bypass Through User-Controlled Key

Overview langgraph is a Building stateful, multi-actor applications with LLMs Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to a key collision in the defaultcachekey and freeze functions of langgraph/internal/cache.py, where freeze reduce...

4.2CVSS6AI score0.0016EPSS
Exploits0References2
Snyk
Snyk
added last week4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the tracked-time deletion process. An attacker can remove time tracking entries associated with issues they do not have permission to modify by specifying the time entry ID from anothe...

7.1CVSS6AI score0.00286EPSS
Exploits0References2
Snyk
Snyk
added last week7 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the tracked-time deletion process. An attacker can remove time tracking entries associated with issues they do not have permission to modify by specifying the time entry ID from anothe...

7.1CVSS6AI score0.00286EPSS
Exploits0References2
Snyk
Snyk
added last week7 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the email settings process. An attacker can modify another user's primary email address by sending crafted requests to the relevant endpoint. Remediation Upgrade...

7.5CVSS6AI score0.00345EPSS
Exploits0References2
Snyk
Snyk
added last week4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the email settings process. An attacker can modify another user's primary email address by sending crafted requests to the relevant endpoint. Remediation Upgrade...

7.5CVSS6AI score0.00345EPSS
Exploits0References2
Snyk
Snyk
added last week5 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the LFS object reuse process. An attacker can gain unauthorized access to private source objects by leveraging repository access without having the required Code-unit permissions...

7.1CVSS7.2AI score0.00323EPSS
Exploits0References2
Rows per page
Query Builder