Lucene search
K

7619 matches found

EUVD
EUVD
added 2026/06/12 2:27 a.m.12 views

EUVD-2026-36377

Improper verification of access permissions when modifying permissions through the Administration Control Panel ACP allowed an authenticated administrator to grant permissions beyond the level authorized for their account, resulting in privilege escalation within the administrative interface...

7.2CVSS7.1AI score0.00299EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 2:27 a.m.7 views

CVE-2026-47366

Improper verification of access permissions when modifying permissions through the Administration Control Panel ACP allowed an authenticated administrator to grant permissions beyond the level authorized for their account, resulting in privilege escalation within the administrative interface...

7.2CVSS7.1AI score0.00299EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 2:27 a.m.29 views

CVE-2026-47366

Improper verification of access permissions when modifying permissions through the Administration Control Panel ACP allowed an authenticated administrator to grant permissions beyond the level authorized for their account, resulting in privilege escalation within the administrative interface...

7.2CVSS0.00299EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 2:27 a.m.32 views

CVE-2026-47366

CVE-2026-47366 describes an improper verification of access permissions in the Administration Control Panel . An authenticated administrator could modify permissions and grant rights beyond their authorized level, resulting in privilege escalation within the administrative interface. The document...

7.2CVSS7.1AI score0.00299EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.10 views

CVE-2026-45552

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the install blueprint declares only bp.beforerequest → @jwtrequired app/routes/install/routes.py:36-39. The individual endpoints installexporter, installwaf, installgeoip,...

9.9CVSS5.5AI score0.00267EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.14 views

CVE-2026-9060

The Store Locator WordPress plugin before 1.6.6 does not sanitize and escape one of its settings before storing it and outputting it on the Store Locator WordPress plugin before 1.6.6 admin page, allowing high-privileged users such as administrators to perform Stored Cross-Site Scripting attacks...

3.5CVSS5.5AI score0.00138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.9 views

CVE-2025-62858

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions:...

6.5CVSS5.8AI score0.00445EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 4:17 a.m.16 views

CVE-2025-62850

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the...

7.2CVSS0.00331EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 3:5 a.m.9 views

EUVD-2025-210101

An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the...

5.1CVSS5.5AI score0.00435EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 4:53 p.m.12 views

EUVD-2026-35138

OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an empty X-Api-Key header value. Attackers can exploit the middleware's comparison of the supplied...

9.8CVSS5.5AI score0.01509EPSS
Exploits1References2
NVD
NVD
added 2026/06/08 12:16 p.m.13 views

CVE-2026-11510

A security flaw has been discovered in CodeAstro Leave Management System 1.0. This affects an unknown part of the file /admin/addleave.php. Performing a manipulation of the argument typeofleave results in sql injection. It is possible to initiate the attack remotely. The exploit has been released...

6.5CVSS0.002EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/08 11:44 a.m.9 views

CVE-2026-11577

...

5.9AI score0.00329EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.8 views

CVE-2025-41268

Nozomi Networks Labs identified a CWE-23: Relative Path Traversal in the Administration WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to delete arbitrary files on the Host machines...

9.1CVSS5.7AI score0.00437EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.10 views

CVE-2025-41265

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS6AI score0.00882EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.11 views

CVE-2025-41279

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS6AI score0.00882EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.10 views

CVE-2026-34244

Weblate is a web based localization tool. In versions prior to 5.17, a user with the project.edit permission granted by the per-project "Administration" role can configure machine translation service URLs pointing to arbitrary internal network addresses. During configuration validation, Weblate...

5CVSS5.5AI score0.0024EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.13 views

CVE-2026-50224

The web administration panel binds broadly to the public IPv6 address space on port :::8080 without default firewall limits, making internal API endpoints reachable over the WAN...

6.9CVSS5.4AI score0.00234EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.11 views

CVE-2026-2586

An authenticated Remote Code Execution RCE vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user...

9.1CVSS6AI score0.00819EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.9 views

CVE-2026-46824

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider Site Level Administration. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromi...

9.9CVSS5.5AI score0.00264EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/05 7:45 a.m.7 views

Insufficient Granularity of Access Control

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Insufficient Granularity of Access Control in the getMembers methods that serve the group members endpoint. A...

5.1CVSS5.4AI score0.00348EPSS
Exploits0References2
Rows per page
Query Builder