Lucene search
+L

1238 matches found

Cvelist
Cvelist
added 2026/04/17 3:36 a.m.34 views

CVE-2026-5502 Tutor LMS <= 3.9.8 - Authenticated (Subscriber+) Arbitrary Course Content Manipulation via tutor_update_course_content_order

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course content manipulation in versions up to and including 3.9.8. This is due to a missing authorization check in the tutorupdatecoursecontentorder function. The function only validates the...

5.3CVSS0.00465EPSS
Exploits0References6
Snyk
Snyk
added 2026/04/15 7:46 p.m.5 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through the updateUserPreference process. An attacker can alter restricted financial attributes by sending crafted API requests to modify their own hourlyrat...

5.3CVSS5.8AI score0.00267EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/14 12:8 a.m.2 views

CVE-2026-34256 Missing Authorization check in SAP ERP and SAP S/4 HANA (Private Cloud and On-Premise)

Due to a missing authorization check in SAP ERP and SAP S/4HANA Private Cloud and On-Premise, an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed...

7.1CVSS5.8AI score0.00221EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/14 12:8 a.m.11 views

EUVD-2026-22166

Due to a missing authorization check in SAP ERP and SAP S/4HANA Private Cloud and On-Premise, an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed...

7.1CVSS5.8AI score0.00221EPSS
Exploits0References2
CVE
CVE
added 2026/04/14 12:6 a.m.11 views

CVE-2026-27672

CVE-2026-27672 affects the Material Master application. The issue is that authenticated users can execute reports without proper authorization checks, leading to disclosure of sensitive information. According to the sources, impact on confidentiality is low; integrity and availability are not aff...

4.3CVSS5.8AI score0.00168EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/14 12:6 a.m.29 views

CVE-2026-27672 Missing Authorization check in Material Master Application

The Material Master application does not enforce authorization checks for authenticated users when executing reports, resulting in the disclosure of sensitive information. This vulnerability has a low impact on confidentiality and does not affect integrity and availability of the system...

4.3CVSS0.00168EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.13 views

PT-2026-32568

Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects...

6.5CVSS5.8AI score0.00213EPSS
Exploits0References3
OSV
OSV
added 2026/04/10 7:32 p.m.3 views

GHSA-7M5H-W69J-QGGG SiYuan: Publish Reader Can Arbitrarily Delete Attribute View Files via `/api/av/removeUnusedAttributeView`

Summary An authenticated publish-service reader can invoke /api/av/removeUnusedAttributeView and cause persistent deletion of arbitrary attribute view AV definition files from the workspace. The route is protected only by generic CheckAuth, which accepts publish RoleReader requests. The handler...

8.1CVSS5.9AI score0.004EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/10 7:32 p.m.9 views

SiYuan: Publish Reader Can Arbitrarily Delete Attribute View Files via `/api/av/removeUnusedAttributeView`

Summary An authenticated publish-service reader can invoke /api/av/removeUnusedAttributeView and cause persistent deletion of arbitrary attribute view AV definition files from the workspace. The route is protected only by generic CheckAuth, which accepts publish RoleReader requests. The handler...

8.1CVSS5.9AI score0.004EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/04/08 12:4 a.m.5 views

GHSA-V9W4-GM2X-6RVF File Browser share links remain accessible after Share/Download permissions are revoked

When an admin revokes a user's Share and Download permissions, existing share links created by that user remain fully accessible to unauthenticated users. The public share download handler does not re-check the share owner's current permissions. Verified with a running PoC against v2.62.2 commit...

8.2CVSS5.8AI score0.00332EPSS
Exploits1References4
OSV
OSV
added 2026/04/07 8:24 p.m.2 views

CVE-2026-39401 Privilege Escalation via update_event Job Output in Cronicle

Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.111, jb child processes can include an updateevent key in their JSON output. The server applies this directly to the parent event's stored configuration without any authorization check. A low-privile...

5.3CVSS6AI score0.00178EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/07 6:58 p.m.3 views

CVE-2026-39360 RustFS has an authorization bypass in multipart UploadPartCopy enables cross-bucket object exfiltration

RustFS is a distributed object storage system built in Rust. Prior to alpha.90, RustFS contains a missing authorization check in the multipart copy path UploadPartCopy. A low-privileged user who cannot read objects from a victim bucket can still exfiltrate victim objects by copying them into an...

5.3CVSS5.9AI score0.00201EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/07 2:12 p.m.21 views

CVE-2026-5383 runZero Explorer missing authorization check

An issue that could allow access to Explorer groups from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L 4.4 Medium. This issue was fixed in...

4.4CVSS0.00179EPSS
Exploits0References2
OSV
OSV
added 2026/04/01 9:7 p.m.8 views

GHSA-M577-W9J8-CH7J AVideo: Video Publishing Workflow Bypass via Unauthorized overrideStatus Request Parameter

Summary AVideo's video processing pipeline accepts an overrideStatus request parameter that allows any uploader to set a video's status to any valid state, including "active" a. This bypasses the admin-controlled moderation and draft workflows. The setStatus method validates the status code again...

4.3CVSS6.1AI score0.00238EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.4 views

PT-2026-29443

Addressed a potential insecure direct object reference IDOR vulnerability in the signing invitation acceptance process. Under certain conditions, this issue could have allowed an attacker to access or modify unauthorized resources by manipulating user-supplied object identifiers, potentially...

7.1CVSS5.9AI score0.00174EPSS
Exploits0References2
OSV
OSV
added 2026/03/31 11:57 p.m.5 views

GHSA-6XG4-82HV-CP6F OpenClaw: Gateway chat.send ACP-only provenance guard could be bypassed by client identity spoofing

Summary ACP-only provenance fields in chat.send were gated by self-declared client metadata from the WebSocket handshake rather than verified authorization state. Impact A normal authenticated operator client could spoof ACP identity labels and inject reserved provenance fields intended only for...

7.1CVSS5.8AI score0.00203EPSS
Exploits0References3
OSV
OSV
added 2026/03/31 11:50 p.m.20 views

GHSA-V2V2-F783-358J OpenClaw: Zalo channel downloads media before sender authorization

Summary The Zalo image path fetched and stored inbound media before the DM/pairing authorization checks ran. Impact Unauthorized senders could force network fetches and disk writes in the inbound media store even when the message itself was rejected. Affected Component...

9.8CVSS5.9AI score0.00355EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/29 5:49 p.m.2 views

CVE-2026-0562 Insecure Direct Object Reference (IDOR) in parisneo/lollms

A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any authenticated user to accept or reject friend requests belonging to other users. The respondrequest function in backend/routers/friends.py does not implement proper authorization checks, enabling Insecure Direct...

8.3CVSS5.8AI score0.00268EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/27 4:59 a.m.6 views

CVE-2026-33915

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, five insurance company REST API routes are missing the RestConfig::requestauthorizationcheck call that every other data-modifying route in the standard API uses. This...

5.4CVSS5.8AI score0.00227EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/27 12:30 a.m.27 views

CVE-2026-33730 Open Source Point of Sale has an IDOR in Password Change (Home)

Open Source Point of Sale opensourcepos is a web based point of sale application written in PHP using CodeIgniter framework. Prior to version 3.4.2, an Insecure Direct Object Reference IDOR vulnerability allows an authenticated low-privileged user to access the password change functionality of...

6.5CVSS0.00277EPSS
Exploits1References2
Rows per page
Query Builder