Lucene search
K

13 matches found

RedhatCVE
RedhatCVE
added 2026/05/12 2:21 p.m.13 views

CVE-2025-40897

An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform...

8.1CVSS5.8AI score0.00325EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/17 6:31 p.m.4 views

EUVD-2025-209469

An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform...

8.1CVSS5.8AI score0.00325EPSS
Exploits0References2
NVD
NVD
added 2026/04/15 9:16 a.m.6 views

CVE-2025-40897

An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform...

8.1CVSS0.00325EPSS
Exploits0References2
CVE
CVE
added 2026/04/15 8:18 a.m.19 views

CVE-2025-40897

The CVE-2025-40897 entry concerns Guardian/CMC Threat Intelligence prior to version 26.0.0, where an access control flaw allows users with view-only privileges to perform administrative actions, potentially altering rules configuration and affecting availability. The vulnerability stems from impr...

8.1CVSS5.8AI score0.00325EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/15 8:18 a.m.29 views

CVE-2025-40897 Incorrect authorization for Threat Intelligence in Guardian/CMC before 26.0.0

An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform...

8.1CVSS0.00325EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.6 views

PT-2026-33014

An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform...

8.1CVSS5.8AI score0.00325EPSS
Exploits0References1
NOZOMI
NOZOMI
added 2026/04/15 12:0 a.m.8 views

Incorrect authorization for Threat Intelligence in Guardian/CMC before 26.0.0

Summary An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. Impact An authenticated user with view-only privileges for the Threat Intelligence functionality ca...

8.1CVSS5.8AI score0.00325EPSS
Exploits0Affected Software2
OSV
OSV
added 2026/03/03 8:40 a.m.2 views

BIT-ELK-2026-26934 Improper Validation of Specified Quantity in Input in Kibana Leading to Denial of Service

Improper Validation of Specified Quantity in Input CWE-1284 in Kibana can allow an authenticated attacker with view-only privileges to cause a Denial of Service via Input Data Manipulation CAPEC-153. An attacker can send a specially crafted, malformed payload causing excessive resource consumptio...

6.5CVSS5.9AI score0.00275EPSS
Exploits0References2
OSV
OSV
added 2026/02/26 6:23 p.m.3 views

CVE-2026-26934

Improper Validation of Specified Quantity in Input CWE-1284 in Kibana can allow an authenticated attacker with view-only privileges to cause a Denial of Service via Input Data Manipulation CAPEC-153. An attacker can send a specially crafted, malformed payload causing excessive resource consumptio...

6.5CVSS5.8AI score
Exploits0References1
CVE
CVE
added 2026/02/26 5:3 p.m.21 views

CVE-2026-26934

CVE-2026-26934 involves Kibana and an improper validation of input quantity (CWE-1284) that allows an authenticated user with view-only privileges to cause a Denial of Service by sending malformed payloads, leading to excessive resource consumption and Kibana unresponsiveness or crashes. The vuln...

6.5CVSS5.5AI score0.00275EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 9:7 a.m.9 views

CVE-2020-7300

Improper Authorization vulnerability in McAfee Data Loss Prevention DLP ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only privileges via carefully constructed HTTP post messages...

6.3CVSS6.8AI score0.00595EPSS
Exploits0References1
OSV
OSV
added 2021/08/31 5:15 p.m.4 views

CVE-2021-22944

A vulnerability found in UniFi Protect application V1.18.1 and earlier allows a malicious actor with a view-only role and network access to gain the same privileges as the owner of the UniFi Protect application. This vulnerability is fixed in UniFi Protect application V1.19.0 and later...

8CVSS7.2AI score
Exploits0References1
OSV
OSV
added 2020/08/12 10:15 p.m.4 views

CVE-2020-7300

Improper Authorization vulnerability in McAfee Data Loss Prevention DLP ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only privileges via carefully constructed HTTP post messages...

6.3CVSS6.6AI score0.00595EPSS
Exploits0References1
Rows per page
Query Builder