Lucene search
K

2490 matches found

Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-50282 Craft CMS: Unauthorized Deletion of Destination Folders During Forced Moves

Craft CMS is a content management system CMS. Versions 5.0.0-RC1 and above, prior to 5.9.21 and versions 4.0.0-RC1 and above prior to 4.17.14 contain an authorization issue where a forced folder move can delete a conflicting destination folder without destination delete permission. Function...

7.1CVSS0.00207EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-50282

Craft CMS is a content management system CMS. Versions 5.0.0-RC1 and above, prior to 5.9.21 and versions 4.0.0-RC1 and above prior to 4.17.14 contain an authorization issue where a forced folder move can delete a conflicting destination folder without destination delete permission. Function...

7.1CVSS5.7AI score0.00207EPSS
Exploits0References2Affected Software1
CVE
CVE
added 4 days ago14 views

CVE-2026-50282

Craft CMS contains an authorization issue in AssetsController::actionMoveFolder where calling with force=true to move a folder into a destination with a conflicting name can overwrite and delete the destination folder without destination delete permission. Affected versions are 5.0.0-RC1 and abov...

7.1CVSS5.7AI score0.00207EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago4 views

CVE-2026-50283

Craft CMS is a content management system CMS. Versions 5.0.0-RC1 through 5.9.20, and 4.0.0-RC1 through 4.17.13 contain an authorization issue in the AssetsController::actionReplaceFile that can delete a source asset without source delete permission by supplying both assetId and sourceAssetId...

5.3CVSS5.8AI score0.00265EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 5 days ago21 views

CVE-2026-50283 Craft CMS: Unauthorized Deletion of Source Assets During File Replacement

Craft CMS is a content management system CMS. Versions 5.0.0-RC1 through 5.9.20, and 4.0.0-RC1 through 4.17.13 contain an authorization issue in the AssetsController::actionReplaceFile that can delete a source asset without source delete permission by supplying both assetId and sourceAssetId...

5.3CVSS0.00265EPSS
Exploits0References2
OSV
OSV
added 6 days ago3 views

UBUNTU-CVE-2026-54475

Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic temporary destinations are expected to be isolated to the connection that created them. The isolation can be broken as this is only checked in the client, allowing...

7.5CVSS5.7AI score0.00589EPSS
Exploits0References3
CVE
CVE
added last week15 views

CVE-2026-13591

DeepMyst Mysti 0.4.0 is affected by a vulnerability in the Contact Tracking module: the function _isTrackedConversation in ChannelBridge.ts can be manipulated via the _channelType argument, causing improper authorization. Access may be possible remotely, with attack complexity described as high a...

5CVSS5.3AI score0.00199EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.10 views

PT-2026-53194

Name of the Vulnerable Software and Affected Versions CherryHQ cherry-studio versions prior to 1.9.7 Description Improper authorization exists in the MCP OAuth Local Callback Server component within the src/main/services/mcp/oauth/callback.ts file. A remote attacker can manipulate the code argume...

6.3CVSS6.2AI score0.00264EPSS
Exploits0References11
OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5751 Argo has Missing Authorization in its Sync ConfigMap Provider in github.com/argoproj/argo-workflows

Argo has Missing Authorization in its Sync ConfigMap Provider in github.com/argoproj/argo-workflows...

8.5CVSS5.8AI score0.00515EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.12 views

PT-2026-51211

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.6 Description An authorization bypass exists in the Completions Interface. The issue occurs within the async pre call hook function located in the enterprise/enterprise hooks/banned keywords.py file. Remo...

6.5CVSS6.6AI score0.00226EPSS
Exploits1References12
CVE
CVE
added 2026/06/17 8:57 a.m.20 views

CVE-2026-32967

The CVE-2026-32967 issue is an Incorrect Authorization vulnerability in Apache DolphinScheduler's /v2 experimental interface. Affected software: DolphinScheduler before version 3.4.2. Root cause: missing/incorrect permission checks on the /v2 endpoint. Impact: authorization bypass risk for the in...

9.1CVSS5.2AI score0.00337EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/15 12:12 p.m.5 views

USN-8405-2 cups regression

USN-8405-1 fixed vulnerabilities in CUPS. The update introduced a regression that cause CUPS to crash when parsing certain large printer PPD files. This update fixes the problem. Original advisory details: Ariel Silver discovered that CUPS incorrectly handled username comparisons during...

6.3AI score
Exploits0References2
EUVD
EUVD
added 2026/06/12 5:57 p.m.8 views

EUVD-2026-36523

Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access...

8.1CVSS5.3AI score0.00211EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 7:16 p.m.8 views

CVE-2025-46308

An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to leak sensitive user information...

5.3CVSS0.0023EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/11 6:47 p.m.30 views

CVE-2025-46308

An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to leak sensitive user information...

0.0023EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 6:47 p.m.7 views

CVE-2025-46308

An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to leak sensitive user information...

5.4AI score0.0023EPSS
Exploits0References2
CVE
CVE
added 2026/06/11 6:47 p.m.15 views

CVE-2025-46308

CVE-2025-46308: An authorization issue related to state management could allow an app to leak sensitive user information. Affected: iOS prior to 18.4, iPadOS prior to 18.4, and macOS Sequoia prior to 15.4. Fixed in iOS 18.4, iPadOS 18.4, and macOS Sequoia 15.4. Mitigation: update to the fixed ver...

5.3CVSS5.5AI score0.0023EPSS
Exploits0References2Affected Software3
EUVD
EUVD
added 2026/06/11 6:47 p.m.8 views

EUVD-2025-210110

An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to leak sensitive user information...

5.3CVSS5.4AI score0.0023EPSS
Exploits0References2
OSV
OSV
added 2026/06/11 12:16 p.m.5 views

UBUNTU-CVE-2026-6552

GitLab has remediated an issue in GitLab EE affecting all versions from 15.5 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with group Owner role to take over another group member's GitLab account due to improper...

8.7CVSS5.4AI score0.00278EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/11 10:20 a.m.8 views

CVE-2026-6552 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 15.5 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with group Owner role to take over another group member's GitLab account due to improper...

8.7CVSS5.5AI score0.00278EPSS
Exploits0References3
Rows per page
Query Builder