Lucene search
K

65 matches found

CVE
CVE
added 2026/06/30 11:48 a.m.14 views

CVE-2026-14209

Technical details (affected product/version, root cause, impact, fixes) are not publicly available in the provided Connected documents. Monitor for updates.

4.3CVSS5.7AI score0.00173EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2026/06/24 9:16 p.m.7 views

CVE-2026-52799

Gogs is an open source self-hosted Git service. Prior to 0.14.3, GET /attachments/:uuid returns the raw attachment file without verifying whether the requester has view permission for the associated Issue/Comment/Release or the repository. In a test environment with REQUIRESIGNINVIEW = false, we...

7.5CVSS0.00422EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/30 2:12 a.m.12 views

CVE-2026-44794

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey a pattern allowing an object to reference another object that may belong to one of several different "content types" or database tables,...

5.4CVSS5.8AI score0.00177EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 6:16 p.m.21 views

CVE-2026-44794

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey a pattern allowing an object to reference another object that may belong to one of several different "content types" or database tables,...

5.4CVSS0.00177EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/28 5:1 p.m.31 views

CVE-2026-44794 Nautobot: REST API permits creation of GenericForeignKey references to objects that the user should not be able to reference

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey a pattern allowing an object to reference another object that may belong to one of several different "content types" or database tables,...

5.4CVSS0.00177EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/28 5:1 p.m.8 views

CVE-2026-44794

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey a pattern allowing an object to reference another object that may belong to one of several different "content types" or database tables,...

5.4CVSS5.8AI score0.00177EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/05/28 5:1 p.m.20 views

CVE-2026-44794

Summary of CVE-2026-44794 Nautobot’s REST API, prior to versions 2.4.33 and 3.1.2, failed to enforce user permissions when validating inter-object references made via GenericForeignKey during create/update of objects containing such references. This could allow a user to reference an object they ...

5.4CVSS5.8AI score0.00177EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.63 views

PT-2026-42553

Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.5.0 and earlier Description The submit password method in 'concrete/controllers/single page/download file.php' allows unauthorized file access because the process for downloading permission-restricted files bypasses the...

6.3CVSS5.8AI score0.00224EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/20 12:31 a.m.17 views

EUVD-2026-30991

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Node View Permissions allows Forceful Browsing. This issue affects Node View Permissions: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.1...

5.8AI score0.00214EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/19 10:28 p.m.8 views

CVE-2026-8491

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Node View Permissions allows Forceful Browsing. This issue affects Node View Permissions: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.1...

5.8AI score0.00214EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/19 10:28 p.m.19 views

CVE-2026-8491

CVE-2026-8491 involves an improper check in the Drupal Node View Permissions module that permits forceful browsing. Affected are Node View Permissions 0.0.0–1.6.x and 2.0.0–2.0.0, where cancelled users’ content reassigned to anonymous users could be exposed. Remediation: upgrade to 1.7.0 (for 0.0...

3.7CVSS5.8AI score0.00214EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/19 10:28 p.m.41 views

CVE-2026-8491 Node View Permissions - Moderately critical - Access bypass - SA-CONTRIB-2026-034

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Node View Permissions allows Forceful Browsing. This issue affects Node View Permissions: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.1...

0.00214EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/19 10:28 p.m.8 views

CVE-2026-8491 Node View Permissions - Moderately critical - Access bypass - SA-CONTRIB-2026-034

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Node View Permissions allows Forceful Browsing. This issue affects Node View Permissions: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.1...

5.8AI score0.00214EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

Drupal Node View Permissions 代码问题漏洞

Drupal Node View Permissions is a Drupal content access control module developed by the Drupal company. There is a code vulnerability in Drupal Node View Permissions, which stems from improper checks for exceptional or special cases, potentially leading to forced browsing. The following versions...

3.7CVSS5.9AI score0.00214EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/18 8:32 a.m.10 views

CVE-2026-6343 Mattermost Playbooks Plugin fails to enforce view permissions in list endpoints, allowing unauthorized access to public playbooks

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check public/private permissions which allows members without these permissions to access public playbooks via /get.. Mattermost Advisory ID: MMSA-2026-00591...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References1
CVE
CVE
added 2026/05/18 8:32 a.m.29 views

CVE-2026-6343

Mattermost Playbooks plugin vulnerability CVE-2026-6343 affects Mattermost versions 11.5.x up to 11.5.1, 11.4.x up to 11.4.3, and 10.11.x up to 10.11.13. The issue is that public/private permissions are not checked, allowing members without required permissions to access public playbooks via endp...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/05/13 5:16 p.m.10 views

DRUPAL-CONTRIB-2026-034

Node view permissions module enables permissions "View own content" and "View any content" for each content type on permissions page The module doesn't sufficiently handle the case where a user is cancelled and their content is reassigned to the anonymous user. This vulnerability is mitigated by...

3.7CVSS5.8AI score0.00214EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/13 3:30 p.m.7 views

Nautobot: REST API permits creation of GenericForeignKey references to objects that the user should not be able to reference

Impact In the case of inter-object references via GenericForeignKey a pattern allowing an object to reference another object that may belong to one of several different "content types" or database tables, when creating or updating an object containing a GenericForeignKey, Nautobot's REST API fail...

5.4CVSS5.7AI score0.00177EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.13 views

PT-2026-40717

Name of the Vulnerable Software and Affected Versions Nautobot versions prior to 2.4.33 Nautobot versions prior to 3.1.2 Description Nautobot is a Network Source of Truth and Network Automation Platform. The REST API fails to enforce user view permissions when creating or updating objects that us...

5.4CVSS5.8AI score0.00177EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.11 views

PT-2026-40836

Name of the Vulnerable Software and Affected Versions Node View Permissions versions 0.0.0 through 1.6.x Node View Permissions versions 2.0.0 through 2.0.0 Description An improper check for unusual or exceptional conditions in the Node View Permissions module allows forceful browsing. The module...

3.7CVSS5.8AI score0.00214EPSS
Exploits0References6
Rows per page
Query Builder