Lucene search
K

83 matches found

Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-15318 Sipeed PicoClaw MQTT Channel mqtt.go authorization

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some unknown functionality of the file pkg/channels/mqtt/mqtt.go of the component MQTT Channel Handler. This manipulation of the argument clientid causes incorrect authorization. The attack is possible to be...

6.5CVSS0.00214EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/23 4:47 p.m.6 views

CVE-2026-54012

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets a user who can create, update, or import workspace models store arbitrary meta.knowledge entries on their model without checking whether they own or can read the...

7.1CVSS6AI score0.00198EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/06/23 2:48 p.m.16 views

EUVD-2025-210309

Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs...

7.1CVSS5.8AI score0.00215EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 2:48 p.m.20 views

CVE-2025-62180

The CVE concerns Pega Platform versions 8.3.0 through Infinity 25.1.2, affected by an authorization weakness that may let authenticated users access additional data via crafted URLs. The vulnerability is described with a high impact on confidentiality (VULNERABLE SYSTEM CONFIDENTIALITY: HIGH) and...

7.1CVSS5.8AI score0.00215EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.11 views

PT-2026-47550

The /api/v1/ route surface trusts the bearer token alone for authorisation on most endpoints. The codebase itself admits this at internal/api/hosts.go:384: "API trusts the bearer token for authorisation; per-CA ownership is enforced only in the Web layer." The Web UI gates state-changing routes...

9.9CVSS5.6AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/27 5:9 p.m.11 views

CVE-2026-45717 Budibase: `PUT /api/datasources/:datasourceId` is protected only by `TABLE/READ` permission instead of builder access, allowing any authenticated app user to overwrite datasource connection parameters including host, port, and URL.

Budibase is an open-source low-code platform. Prior to 3.38.1, Budibase exposes a REST API for datasource management. The route PUT /api/datasources/:datasourceId is registered in the authorizedRoutes group with TABLE/READ permission. This is the same authorization level as the read endpoint GET...

8.8CVSS6AI score0.00251EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 6:45 a.m.11 views

CVE-2026-8046

The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges...

8.1CVSS5.8AI score0.00348EPSS
Exploits0References2Affected Software16
Github Security Blog
Github Security Blog
added 2026/05/14 8:26 p.m.14 views

Open WebUI: Low-privilege authenticated users can enumerate and stop global background tasks, causing system-wide chat disruption

Summary Any authenticated user with low privileges can enumerate active background tasks across the system and stop tasks belonging to other users via the GET /api/tasks and POST /api/tasks/stop/taskid methods. This allows a casual user to disrupt system-wide chat usage by continuously canceling...

7.1CVSS5.9AI score0.0027EPSS
Exploits1References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/12 12:0 a.m.13 views

Cisco Prime Infrastructure Information Disclosure (cisco-sa-pi-unauth-infodiscl-LFnLgmey)

The version of Cisco Prime Infrastructure installed on the remote host is prior to Migrate to a fixed release.. It is, therefore, affected by a vulnerability as referenced in the cisco-sa-pi-unauth-infodiscl-LFnLgmey advisory. - A vulnerability in the log file download functionality of Cisco Prim...

4.3CVSS6AI score0.00214EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.8 views

PT-2026-29562

Name of the Vulnerable Software and Affected Versions Cisco Evolved Programmable Network Manager EPNM affected versions not specified Description A flaw exists in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM that could allow an authenticated, remote attack...

9CVSS7.2AI score0.0027EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.10 views

WordPress plugin Gravity Forms 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.7AI score0.00203EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/27 4:13 a.m.6 views

CVE-2026-25963

Fleet is open source device management software. In versions prior to 4.80.1, a broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Fleet supports...

6.5CVSS5.3AI score0.00191EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/20 1:22 a.m.5 views

CVE-2026-2676

A weakness has been identified in GoogTech sms-ssm up to e8534c766fd13f5f94c01dab475d75f286918a8d. Affected by this issue is the function preHandle of the file LoginInterceptor.java of the component API Interface. Executing a manipulation can lead to improper authorization. The attack may be...

6.5CVSS5.1AI score0.00272EPSS
Exploits0References1
Zero Science Lab
Zero Science Lab
added 2026/02/14 12:0 a.m.128 views

eNet SMART HOME server 2.3.1 (deleteUserAccount) Arbitrary User Deletion

Summary Two German specialists in building systems technology are jointly bringing a new, wireless-based smart home system to the market. Gira and JUNG are the companies behind the eNet SMART HOME brand with our subsidiary, INSTA, responsible for developing the system. All three of us are old han...

8.1CVSS6AI score0.00373EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/02/09 1:33 a.m.5 views

CVE-2026-25561

WeKan versions prior to 8.19 contain an authorization weakness in the attachment upload API. The API does not fully validate that provided identifiers such as boardId, cardId, swimlaneId, and listId are consistent and refer to a coherent card/board relationship, enabling attempts to upload...

7.5CVSS5.3AI score0.0028EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/07 9:56 p.m.28 views

CVE-2026-25561 WeKan < 8.19 Attachment Upload Object Relationship Validation Bypass

WeKan versions prior to 8.19 contain an authorization weakness in the attachment upload API. The API does not fully validate that provided identifiers such as boardId, cardId, swimlaneId, and listId are consistent and refer to a coherent card/board relationship, enabling attempts to upload...

7.1CVSS0.0028EPSS
Exploits0References3
OSV
OSV
added 2026/02/07 9:56 p.m.6 views

CVE-2026-25561 WeKan < 8.19 Attachment Upload Object Relationship Validation Bypass

WeKan versions prior to 8.19 contain an authorization weakness in the attachment upload API. The API does not fully validate that provided identifiers such as boardId, cardId, swimlaneId, and listId are consistent and refer to a coherent card/board relationship, enabling attempts to upload...

7.1CVSS6AI score0.0028EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.6 views

WordPress plugin Comparimager for Elementor has security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

5.4CVSS5.8AI score0.00245EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/12 2:59 p.m.8 views

EUVD-2026-1935

Weaknesses in the authorization mechanisms of Viafirma Documents v3.7.129 allow an authenticated user without privileges to list and access other user data, use user creation, modification, and deletion features, and escalate privileges by impersonating other users of the application in the...

8.7CVSS6.5AI score0.00205EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/31 12:0 a.m.4 views

WordPress plugin Conformer for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...

5.4CVSS5.8AI score0.00173EPSS
Exploits0References1
Rows per page
Query Builder