Lucene search
K

71337 matches found

OSV
OSV
added 2026/06/25 6:43 p.m.3 views

GO-2026-5219 Grafana OSS: Authorization bypass allows users with Editor role to modify protected webhook URLs without permissions in github.com/grafana/grafana

Grafana OSS: Authorization bypass allows users with Editor role to modify protected webhook URLs without permissions in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this...

5.4CVSS5.8AI score0.00238EPSS
Exploits0References5
OSV
OSV
added 2026/06/25 6:26 p.m.2 views

GO-2026-5081 Gitea: Missing repository-unit authorization on issue-template API endpoints in code.gitea.io/gitea

Gitea: Missing repository-unit authorization on issue-template API endpoints in code.gitea.io/gitea...

4.3CVSS5.8AI score0.00023EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 6:16 p.m.9 views

CVE-2026-50017

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm can send user-level unscoped npm authentication credentials to a registry chosen by a repository-local .npmrc file. In the reproduced case, the user's npm config contains a default registry and an unscoped authToken. The repository does...

6.9CVSS0.00254EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 6:13 p.m.9 views

Security Bulletin: IBM Support for Hyperledger Fabric is vulnerable to CVE-2026-33186

Summary google.golang.org/grpc-v1.56.3 used by fabric-operations-console Vulnerability Details CVEID:CVE-2026-33186 DESCRIPTION: gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path...

9.1CVSS5.9AI score0.01557EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/06/25 5:41 p.m.3 views

JLSEC-2026-628 Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's...

Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, allowing...

6.3CVSS5.8AI score0.00282EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/25 5:36 p.m.5 views

keycloak: Group-Admin Escalation to Realm-Admin

A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild endpoint within the Admin REST API allows an authenticated user with limited administrative privileges to reparent any existing group. When Fine-Grained Admin Permissions v2 FGAPv2 is enabled, an attacker wi...

7.7CVSS5.8AI score0.00288EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/25 5:36 p.m.4 views

keycloak-policy-enforcer: Keycloak Policy Enforcer: Authorization bypass via incorrect URI comparison

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...

8.1CVSS5.7AI score0.00301EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/25 5:36 p.m.5 views

keycloak: Keycloak: Denial of Service via malformed Authorization header

A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authorization: Bearer' header to any client registration endpoint. This can lead to an...

5.3CVSS5.8AI score0.00417EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 5:17 p.m.9 views

CVE-2026-9800

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...

8.1CVSS0.00301EPSS
Exploits0References7
NVD
NVD
added 2026/06/25 5:17 p.m.29 views

CVE-2026-9099

A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild endpoint within the Admin REST API allows an authenticated user with limited administrative privileges to reparent any existing group. When Fine-Grained Admin Permissions v2 FGAPv2 is enabled, an attacker wi...

7.7CVSS0.00288EPSS
Exploits0References7
NVD
NVD
added 2026/06/25 5:16 p.m.10 views

CVE-2026-54027

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/files/images endpoint allows any authenticated user to upload files into any agent's toolresources e.g., context, executecode without verifying ownership or EDIT permission on the target...

6.5CVSS0.00189EPSS
Exploits1References1
CVE
CVE
added 2026/06/25 4:56 p.m.14 views

CVE-2026-50017

pnpm is affected prior to versions 10.34.0 and 11.4.0. In these versions, during normal metadata/install workflows, pnpm can bind user-level unscoped npm authentication credentials to a repository‑selected registry (as configured by a repository-local .npmrc) and transmit them in an Authorization...

6.9CVSS5.9AI score0.00254EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:16 p.m.6 views

CVE-2026-9099

A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild endpoint within the Admin REST API allows an authenticated user with limited administrative privileges to reparent any existing group. When Fine-Grained Admin Permissions v2 FGAPv2 is enabled, an attacker wi...

7.7CVSS5.8AI score0.00288EPSS
Exploits0References7
CVE
CVE
added 2026/06/25 4:16 p.m.20 views

CVE-2026-9099

Keycloak contains a flaw in GroupResource.addChild() in the Admin REST API where missing authorization allows an authenticated user with limited admin privileges to reparent any group. Under FGAPv2, a manager of a low-privilege group can reparent a highly privileged group (e.g., realm-admin) unde...

7.7CVSS5.8AI score0.00288EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/25 4:16 p.m.11 views

CVE-2026-9800 Keycloak-policy-enforcer: keycloak policy enforcer: authorization bypass via incorrect uri comparison

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...

8.1CVSS5.9AI score0.00301EPSS
Exploits0References6
CVE
CVE
added 2026/06/25 4:16 p.m.7 views

CVE-2026-9800

CVE-2026-9800 affects Keycloak Policy Enforcer. The issue allows any authenticated user to bypass authorization checks (roles, scopes, UMA) by leveraging the configured access-denied page path in the request URL, either as a path segment or a query parameter. Root cause described in records as an...

8.1CVSS5.8AI score0.00301EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/06/25 4:16 p.m.33 views

CVE-2026-9800 Keycloak-policy-enforcer: keycloak policy enforcer: authorization bypass via incorrect uri comparison

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...

8.1CVSS0.00301EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:16 p.m.5 views

CVE-2026-9800

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...

8.1CVSS5.8AI score0.00301EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/25 4:16 p.m.4 views

EUVD-2026-39471

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...

8.1CVSS5.8AI score0.00301EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/25 4:1 p.m.4 views

CVE-2026-9800

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...

8.1CVSS5.7AI score0.00301EPSS
Exploits0References3
Rows per page
Query Builder