Lucene search
+L

4 matches found

EUVD
EUVD
added 2026/05/19 9:39 p.m.12 views

EUVD-2026-30993

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write methods, allowing any...

8.1CVSS5.9AI score0.00297EPSS
Exploits0References2
OSV
OSV
added 2026/04/08 7:24 p.m.4 views

CVE-2026-35478 InvenTree has Arbitrary API Token Creation

InvenTree is an Open Source Inventory Management System. From 0.16.0 to before 1.2.7, any authenticated InvenTree user can create a valid API token attributed to any other user in the system — including administrators and superusers — by supplying the target's user ID in the user field of a POST...

8.3CVSS6AI score0.00303EPSS
Exploits0References3
NVD
NVD
added 2026/02/25 11:16 p.m.7 views

CVE-2026-27495

n8n is an open source workflow automation platform. Prior to versions 2.10.1, 2.9.3, and 1.123.22, an authenticated user with permission to create or modify workflows could exploit a vulnerability in the JavaScript Task Runner sandbox to execute arbitrary code outside the sandbox boundary. On...

9.9CVSS0.00596EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/09/12 12:0 a.m.4 views

SolarWinds Access Rights Manager 代码问题漏洞

SolarWinds Access Rights Manager is a lightweight review management system from SolarWinds, Inc. A code issue vulnerability exists in SolarWinds Access Rights Manager that originates from allowing an authenticated user to abuse the service, which could result in remote code execution...

9CVSS7.8AI score0.03085EPSS
Exploits0References3
Rows per page
Query Builder