Lucene search
K

578 matches found

CVE
CVE
added 2026/02/21 5:11 a.m.21 views

CVE-2026-27198

CVE-2026-27198 refers to Formwork (CMS) where versions 2.0.0–2.3.3 fail to enforce proper authorization during account creation. The issue allows an authenticated editor to create new accounts with administrative privileges by issuing roles without validating the caller’s privilege to assign such...

8.8CVSS5.6AI score0.00415EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/19 8:31 p.m.8 views

Formwork Improperly Managed Privileges in User creation

Summary The application fails to properly enforce role-based authorization during account creation. Although the system validates that the specified role exists, it does not verify whether the current user has sufficient privileges to assign highly privileged roles such as admin. As a result, an...

8.8CVSS5.4AI score0.00415EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/19 4:36 a.m.4 views

CVE-2026-0912 Toret Manager <= 1.2.7 - Authenticated (Subscriber+) Arbitrary Options Update via AJAX actions

The Toret Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'trmansaveoption' function and on the 'trmansaveoptionitems' in all versions up to, and including, 1.2.7. This makes it possible...

8.8CVSS5.7AI score0.00292EPSS
Exploits0References4
OSV
OSV
added 2026/02/18 10:30 p.m.5 views

GHSA-6XMX-XR9P-58P7 LibreNMS has a Stored XSS in Alert Rule

Summary A stored Cross-Site Scripting XSS vulnerability exists in LibreNMS " . e$ruledisplay . " PoC Request PoC: POST /alert-rule HTTP/1.1 Host: 192.168.236.131 User-Agent: Mozilla/5.0 X11; Linux x8664; rv:140.0 Gecko/20100101 Firefox/140.0 Accept: application/json, text/javascript, /; q=0.01...

4.3CVSS5.5AI score0.00238EPSS
Exploits1References6
NVD
NVD
added 2026/02/18 6:24 p.m.7 views

CVE-2026-20141

In Splunk Enterprise versions below 10.0.2, 10.0.3, 9.4.8, and 9.3.9, a low-privileged user who does not hold the "admin" Splunk role could access the Splunk Monitoring Console App endpoints due to an improper access control. This could lead to a sensitive information disclosure.The Monitoring...

6.5CVSS0.00187EPSS
Exploits0References1
CVE
CVE
added 2026/02/18 6:42 a.m.19 views

CVE-2026-1937

CVE-2026-1937 affects the YayMail – WooCommerce Email Customizer WordPress plugin up to version 4.3.2. The root cause is a missing capability check on the yaymail_import_state AJAX action, allowing authenticated attackers with Shop Manager-level access or higher to modify arbitrary WordPress opti...

7.2CVSS5.7AI score0.00411EPSS
Exploits1References4
OSV
OSV
added 2026/02/10 5:16 p.m.7 views

UBUNTU-CVE-2026-24885

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a Cross-Site Request Forgery CSRF vulnerability exists in the ProjectPermissionController within the Kanboard application. The application fails to strictly enforce the application/json Content-Type for the...

8CVSS5.6AI score0.00182EPSS
Exploits1References5
GithubExploit
GithubExploit
added 2026/02/04 4:17 a.m.409 views

Exploit for CVE-2025-2304

Camaleon CMS 2.9.0 – Authenticated Privilege Escalation Role...

9.4CVSS5.6AI score0.00566EPSS
Exploits16
EUVD
EUVD
added 2026/02/01 12:15 p.m.6 views

EUVD-2021-34761

Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilities in inventory, customer, vendor, and order modules. Remote attackers with privileged vendor or admin roles can exploit the 'id' parameter to execute malicious SQL commands and compromise the database management system...

8.6CVSS6.1AI score0.00315EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/29 9:33 p.m.4 views

CVE-2026-25040 Budibase Vulnerable to Privilege Escalation via API Abuse – Creator Can Invite Users with Admin/Any Role

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions up to and including 3.26.3, a Creator-level user, who normally has no UI permission to invite users, can manipulate API requests to invite new users with any role, including Admin, Creator, or Ap...

7.1CVSS5.5AI score0.00523EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/29 9:33 p.m.26 views

CVE-2026-25040 Budibase Vulnerable to Privilege Escalation via API Abuse – Creator Can Invite Users with Admin/Any Role

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions up to and including 3.26.3, a Creator-level user, who normally has no UI permission to invite users, can manipulate API requests to invite new users with any role, including Admin, Creator, or Ap...

7.1CVSS0.00523EPSS
Exploits1References3
OSV
OSV
added 2026/01/29 9:33 p.m.5 views

CVE-2026-25040 Budibase Vulnerable to Privilege Escalation via API Abuse – Creator Can Invite Users with Admin/Any Role

Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions up to and including 3.26.3, a Creator-level user, who normally has no UI permission to invite users, can manipulate API requests to invite new users with any role, including Admin, Creator, or Ap...

7.1CVSS5.9AI score0.00523EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.5 views

PT-2026-5360

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.26.4 Description Budibase is a low code platform used for building internal tools, workflows, and admin panels. A Creator-level user, normally lacking UI permissions to invite users, can manipulate API requests to...

7.1CVSS6AI score0.00523EPSS
Exploits1References5
OSV
OSV
added 2026/01/21 3:31 p.m.1 views

GHSA-QR3P-2XJ2-Q7HQ Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin

Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet all of the following criteria ar...

8.2CVSS6AI score0.00491EPSS
Exploits0References6
Snyk
Snyk
added 2026/01/21 3:31 p.m.2 views

Missing Authorization

Overview org.apache.solr:solr-core is an open source enterprise search platform built on Apache Lucene Affected versions of this package are vulnerable to Missing Authorization in the Rule Based Authorization Plugin, by which the getPermissionName function can be forced to return null. An attacke...

8.3CVSS5.7AI score0.00491EPSS
Exploits0References2
OSV
OSV
added 2026/01/21 2:16 p.m.2 views

UBUNTU-CVE-2026-22022

Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet all of the following criteria ar...

8.2CVSS5.9AI score0.00491EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/21 1:41 p.m.7 views

EUVD-2026-3666

Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet all of the following criteria ar...

8.2CVSS5.6AI score0.00491EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/21 1:41 p.m.4 views

CVE-2026-22022 Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin

Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet all of the following criteria ar...

5.6AI score0.00491EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/01/21 1:41 p.m.6 views

CVE-2026-22022

Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet all of the following criteria ar...

8.2CVSS7.6AI score0.00491EPSS
Exploits0
OSV
OSV
added 2026/01/15 8:14 p.m.8 views

GHSA-W54X-R83C-X79Q Pepr Has Overly Permissive RBAC ClusterRole in Admin Mode

Severity: LOW Target: /workspace/pepr/src/lib/assets/rbac.ts Endpoint: Kubernetes RBAC configuration Method: Deployment Response / Rationale Pepr defaults to rbacMode: "admin" because the initial experience is designed to be frictionless for new users. This mode ensures that users can deploy and...

6.3CVSS6.5AI score0.00227EPSS
Exploits0References6
Rows per page
Query Builder