Lucene search
K

4 matches found

EUVD
EUVD
added 7 hours ago5 views

EUVD-2026-40951

MCO does not properly enforce authorization checks in the /customer/servlet/mco/webapi/admin-view-hierarchy/get-acl-tree-structure endpoint. An authenticated, low-privileged user can retrieve administrator access control structures without proper authorization checks. This may expose sensitive...

7.1CVSS5.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.8 views

CVE-2026-7573

An authorization bypass CWE-639 in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy roles and permissions for any user across all organizations by supplying targeted Name and Org...

7.7CVSS5.5AI score0.00255EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/06 3:33 a.m.12 views

Velocidex Velociraptor has an authorization bypass vulnerability

An authorization bypass CWE-639 in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy roles and permissions for any user across all organizations by supplying targeted Name and Org...

7.7CVSS5.8AI score0.00255EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/03/25 4:14 p.m.10 views

CVE-2026-25345

CVE-2026-25345 affects the WordPress SimpLy Gallery plugin (simply-gallery-block) up to version 3.3.2. The issue is an improper validation of a specified quantity in input, allowing access to functionality not properly constrained by ACLs. This can lead to arbitrary code execution (as reported in...

9.9CVSS5.8AI score0.00447EPSS
Exploits0References1
Rows per page
Query Builder