Lucene search
K

2490 matches found

RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.13 views

CVE-2026-11533

A security vulnerability has been detected in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this vulnerability is an unknown functionality of the file /see.php of the component Student Deletion Endpoint. The manipulation of the argument del leads to...

5.5CVSS5.5AI score0.0023EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-47742

Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions prior to 10.4.57 TYPO3 CMS versions 11.0.0 through 11.5.51 TYPO3 CMS versions 12.0.0 through 12.4.46 TYPO3 CMS versions 13.0.0 through 13.4.31 TYPO3 CMS versions 14.0.0 through 14.3.3 Description Backend users with access to...

5.3CVSS5.2AI score0.00238EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Huawei HarmonyOS 授权问题漏洞

Huawei HarmonyOS is an operating system developed by Huawei Technologies Co., Ltd. It is a full-scenario distributed operating system based on a microkernel architecture. There are vulnerabilities related to authorization in HUAWEI HarmonyOS. These vulnerabilities stem from the permission control...

4.4CVSS5.9AI score0.00075EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 12:6 p.m.9 views

EUVD-2026-35051

Incorrect authorization in the User Messages dashboard widget in Checkmk 2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by...

6.3CVSS5.4AI score0.00187EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/07 12:0 a.m.10 views

BeikeShop 授权问题漏洞

BeikeShop is an open-source PHP e-commerce platform developed by BeikeShop. It supports multiple languages and currencies, as well as quick deployment. Versions of BeikeShop prior to 1.6.0.22 have vulnerabilities related to authorization. These vulnerabilities stem from the function callback in t...

7.5CVSS7.4AI score0.00294EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/06 5:30 p.m.8 views

CVE-2026-11440

A vulnerability was determined in theonedev onedev up to 15.0.5. This affects an unknown part of the file /repositories/projectId/default-branch of the component REST API. This manipulation of the argument project.defaultBranch causes improper authorization. It is possible to initiate the attack...

6.5CVSS5.2AI score0.00214EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.14 views

CVE-2026-10876

A weakness has been identified in SourceCodester Ship Ferry Ticket Reservation System 1.0. This affects an unknown function of the file /admin/. This manipulation of the argument page causes improper authorization. Remote exploitation of the attack is possible. The exploit has been made available...

6.5CVSS6.3AI score0.0027EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/05 9:43 p.m.16 views

Bugsink: Issue event views can show an event from another project if its UUID is known

Description Bugsink issue event pages accept a direct event identifier from the URL and, in affected versions, look up that event without also requiring it to belong to the issue in the URL. This is a project-boundary authorization issue: a logged-in user with access to one project can view anoth...

3.1CVSS5.3AI score0.00154EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.9 views

CVE-2026-5412

In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This...

9.9CVSS5.5AI score0.00445EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/03 9:48 a.m.45 views

CVE-2025-14774 Communication analysis between the Card Reader and TP2CardReaderService daemon

Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...

7.4CVSS0.0018EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.8 views

SourceCodester Online Boat Reservation System 授权问题漏洞

The SourceCodester Online Boat Reservation System is an open-source online booking system developed by SourceCodester. Version 1.0 of the SourceCodester Online Boat Reservation System has a vulnerability related to authorization issues. This vulnerability stems from unknown functions of the...

6.5CVSS6.4AI score0.00214EPSS
Exploits0References6
OSV
OSV
added 2026/06/01 10:16 p.m.7 views

DEBIAN-CVE-2026-10294

A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...

5.3CVSS5.5AI score0.00222EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 7:30 a.m.9 views

CVE-2026-10236 SourceCodester Water Billing Management System User Management Endpoint Users.php save improper authorization

A vulnerability has been found in SourceCodester Water Billing Management System 1.0. This issue affects some unknown processing of the file /classes/Users.php?f=save of the component User Management Endpoint. Such manipulation leads to improper authorization. The attack may be launched remotely...

7.5CVSS6.7AI score0.00371EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/01 2:1 a.m.17 views

webkitgtk: A maliciously crafted webpage may be able to fingerprint the user

A flaw was found in WebKitGTK. A maliciously crafted web page can cause an authorization issue due to improper state management and may be able to fingerprint the user...

4.3CVSS5.7AI score0.00276EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/29 5:22 p.m.13 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the exec approver gate process. An attacker can gain unauthorized approval capabilities by leveraging limited exec approval permissions to bypass intended...

4.3CVSS5.8AI score0.00173EPSS
Exploits0References2
OSV
OSV
added 2026/05/29 10:28 a.m.7 views

BIT-NEO4J-2026-1524 Auth misconfiguration when multiple providers enabled

An edgecase in SSO implementation in Neo4j Enterprise edition versions prior to version 2026.02 can lead to unauthorised access under the following conditions: If a neo4j admin configures two or more OIDC providers AND configures one or more of them to be an authorization provider AND configures...

9.8CVSS5.8AI score0.00315EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.16 views

Linux Distros Unpatched Vulnerability : CVE-2026-9807

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain...

4.3CVSS5.8AI score0.00193EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/28 8:17 p.m.10 views

CVE-2026-46823

Vulnerability in the Oracle Public Sector Financials International product of Oracle E-Business Suite component: Authorization. Supported versions that are affected are 12.2.6-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Orac...

7.7CVSS5.8AI score0.00211EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

pam_usb 授权问题漏洞

pamusb is a Linux hardware authentication tool developed by McDope’s individual developer, based on USB devices. Versions of pamusb prior to 0.8.7 have a vulnerability related to authorization issues. This vulnerability stems from symbolic link attacks involving the pad directory and pad files,...

7.9CVSS5.8AI score0.00166EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.11 views

WordPress plugin WP Meta and Date Remover 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.0022EPSS
Exploits0References1
Rows per page
Query Builder