Lucene search
+L

163 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/24 2:13 a.m.6 views

CVE-2026-33318

Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowin...

8.8CVSS5.8AI score0.00472EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/04/24 2:13 a.m.9 views

EUVD-2026-25380

Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowin...

8.8CVSS5.5AI score0.00472EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.7 views

PT-2026-34822

Name of the Vulnerable Software and Affected Versions Actual versions prior to 26.4.0 Description Authenticated users, including those with the BASIC role, can escalate their privileges to ADMIN on servers that migrated from password authentication to OpenID Connect. This is possible through an...

8.8CVSS5.4AI score0.00472EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2026/04/20 7:22 p.m.6 views

CVE-2026-40349

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can escalate their own account to administrator by sending isAdmin=true to PUT /settings/users/userId for their own user ID. The endpoint is intended to let a user ed...

8.8CVSS5.7AI score0.0053EPSS
Exploits1References1
NVD
NVD
added 2026/04/18 12:16 a.m.4 views

CVE-2026-40349

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can escalate their own account to administrator by sending isAdmin=true to PUT /settings/users/userId for their own user ID. The endpoint is intended to let a user ed...

8.8CVSS0.0053EPSS
Exploits1References4
OSV
OSV
added 2026/04/18 12:5 a.m.3 views

CVE-2026-40349 Authenticated Movary User Can Self-Escalate to Administrator via PUT /settings/users/{userId} by Setting isAdmin=true

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can escalate their own account to administrator by sending isAdmin=true to PUT /settings/users/userId for their own user ID. The endpoint is intended to let a user ed...

8.8CVSS5.9AI score0.0053EPSS
Exploits1References6
EUVD
EUVD
added 2026/04/18 12:5 a.m.7 views

EUVD-2026-23619

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can escalate their own account to administrator by sending isAdmin=true to PUT /settings/users/userId for their own user ID. The endpoint is intended to let a user ed...

8.8CVSS5.8AI score0.0053EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/18 12:0 a.m.16 views

PT-2026-33541

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can escalate their own account to administrator by sending isAdmin=true to PUT /settings/users/userId for their own user ID. The endpoint is intended to let a user ed...

8.8CVSS5.8AI score0.0053EPSS
Exploits1References5
EUVD
EUVD
added 2026/04/16 8:42 p.m.6 views

EUVD-2026-23104

ApostropheCMS: Stored XSS via CSS Custom Property Injection in @apostrophecms/color-field Escaping Style Tag Context...

5.4CVSS5.8AI score0.0021EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/04/16 1:22 a.m.3 views

CVE-2026-35032

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the LiveTV M3U tuner endpoint POST /LiveTv/TunerHosts, where the tuner URL is not validated, allowing local file read via non-HTTP paths and Server-Side Request Forgery SSRF via HTTP...

8.6CVSS5.8AI score0.00312EPSS
Exploits1References1
OSV
OSV
added 2026/04/14 10:25 p.m.2 views

CVE-2026-35032 Jellyfin: Potential SSRF + Arbitrary file read via LiveTV M3U tuner

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the LiveTV M3U tuner endpoint POST /LiveTv/TunerHosts, where the tuner URL is not validated, allowing local file read via non-HTTP paths and Server-Side Request Forgery SSRF via HTTP...

8.6CVSS5.9AI score0.00312EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 2026/04/14 10:18 p.m.4 views

CVE-2026-35031

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint POST /Videos/itemId/Subtitles, where the Format field is not validated, allowing path traversal via the file extension and enabling arbitrary file write. Th...

9.9CVSS6.5AI score0.00753EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.5 views

PT-2026-32957

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the LiveTV M3U tuner endpoint POST /LiveTv/TunerHosts, where the tuner URL is not validated, allowing local file read via non-HTTP paths and Server-Side Request Forgery SSRF via HTTP...

8.6CVSS5.8AI score0.00312EPSS
Exploits1References4
Snyk
Snyk
added 2026/04/10 7:49 p.m.5 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the PUT /user route. An attacker can gain full administrative privileges by using a read-only access token to change the administrator's password, then logging in to obtain an unrestricted session token that...

8.8CVSS5.8AI score
Exploits0References2
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.9 views

CouchCMS 安全漏洞

CouchCMS is an open-source content management system CMS designed for designers. CouchCMS has a security vulnerability that stems from improper authorization verification. This vulnerability could allow authenticated administrator users to create super-administrator accounts by manipulating...

8.6CVSS5.8AI score0.00427EPSS
Exploits1References3
CVE
CVE
added 2026/04/09 7:0 p.m.12 views

CVE-2026-35063

CVE-2026-35063 concerns OpenPLC_V3 REST API: an endpoint checks for JWT but does not verify the caller’s role. This allows any authenticated user with role=user to delete other users (including admins) by specifying a user_id, or to create new accounts with role=admin, effectively escalating to f...

8.8CVSS5.9AI score0.0024EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/09 7:0 p.m.25 views

CVE-2026-35063 Missing Authorization in OpenPLC_V3

OpenPLCV3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=user can delete any other user, including administrators, by specifying their user ID or they can create new accounts with role=admin, escalating to full administrator access...

8.7CVSS0.0024EPSS
Exploits0References1
OSV
OSV
added 2026/04/03 3:5 a.m.4 views

GHSA-G374-MGGX-P6XC OpenClaw: Incomplete scope-clearing fix allows operator.admin escalation via trusted-proxy auth mode

Summary Incomplete scope-clearing fix allows operator.admin escalation via trusted-proxy auth mode Current Maintainer Triage - Normalized severity: high - Assessment: v2026.3.28 still misses trusted-proxy scope clearing for non-Control-UI clients, so self-declared operator scopes can survive on a...

8.6CVSS5.9AI score0.0034EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/01 11:42 p.m.8 views

Cross-site Scripting (XSS)

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Cross-site Scripting XSS in the isSafe function of the SVG sanitizer process. An attacker can execute arbitrary JavaScript in the context of an...

5.4CVSS6AI score0.00176EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/03/28 12:24 a.m.4 views

SUSE CVE-2026-33680

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.2, the LinkSharing.ReadAll method allows link share authenticated users to list all link shares for a project, including their secret hashes. While LinkSharing.CanRead correctly blocks link share users from readi...

7.5CVSS5.9AI score0.00398EPSS
Exploits1References3
Rows per page
Query Builder