Lucene search
K

13539 matches found

Nuclei
Nuclei
added yesterday69 views

Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - Broken Access Control

Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 suffers from broken access control. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data. id: CVE-2019-2578 info: name: Oracle Fusion...

8.6CVSS7AI score0.72402EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-42374

Gumroad before 2026.07.06.2 contains a broken access control vulnerability in the PurchasesController that allows authenticated sellers to manipulate purchase access for other sellers' products by sending PUT requests to the revokeaccess and undorevokeaccess actions without seller ownership...

7.1CVSS6.1AI score0.0022EPSS
Exploits0References5
NVD
NVD
added 4 days ago6 views

CVE-2026-56246

Capgo before 12.128.2 contains a broken access control vulnerability in the organization management API where a scoped API key limitedtoorgs inherits its owner-user's permissions, allowing destructive cross-organization actions. When a user is an admin in two organizations and creates a write-mod...

8.1CVSS0.00223EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-42249

Capgo before 12.128.2 contains a broken access control vulnerability in the organization management API where a scoped API key limitedtoorgs inherits its owner-user's permissions, allowing destructive cross-organization actions. When a user is an admin in two organizations and creates a write-mod...

8.1CVSS6AI score0.00223EPSS
Exploits0References2
Nuclei
Nuclei
added 4 days ago58 views

Atlassian Confluence - Privilege Escalation

Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and access Confluence. id: CVE-2023-22515 info: name: Atlassian Confluence - Privilege Escalation author:...

10CVSS7.4AI score0.99156EPSS
Exploits39References5
OSV
OSV
added 5 days ago11 views

PYSEC-2026-1802 pretix has Broken Access Control Allowing Cross-User File Access via UUID

An API endpoint allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only...

7CVSS5.9AI score0.00226EPSS
Exploits0References6
OSV
OSV
added 5 days ago7 views

PYSEC-2026-1803 pretix has Broken Access Control Allowing Cross-User File Access via UUID

Multiple API endpoints allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only...

7CVSS5.9AI score0.00226EPSS
Exploits0References6
NVD
NVD
added 5 days ago11 views

CVE-2026-57868

MicroRealEstate is affected by broken object-level access controls in PDF generator functionality. This issue affects MicroRealEstate: through 1.0.0-alpha3...

7.1CVSS0.00215EPSS
Exploits0References2
NVD
NVD
added 5 days ago10 views

CVE-2026-57870

Broken object-level access control on the Template API in MicroRealEstate allows attackers to retrieve document templates used by other organizations without authorization. This issue affects MicroRealEstate: through 1.0.0-alpha3...

5.3CVSS0.00215EPSS
Exploits0References2
NVD
NVD
added 5 days ago9 views

CVE-2026-57869

Broken object-level access controls and the use of a deterministic pattern during random ID generation in MicroRealEstate allows attackers to access documents uploaded by landlords or tenants without authorization. This issue affects MicroRealEstate: through 1.0.0-alpha3...

7.1CVSS0.00215EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-57870

Broken object-level access control on the Template API in MicroRealEstate allows attackers to retrieve document templates used by other organizations without authorization. This issue affects MicroRealEstate: through 1.0.0-alpha3...

5.3CVSS6AI score0.00215EPSS
Exploits0References3
CVE
CVE
added 5 days ago13 views

CVE-2026-57870

CVE-2026-57870 describes a broken object-level access control flaw in MicroRealEstate’s Template API (up to version 1.0.0-alpha3). The underlying issue allows an attacker to retrieve document templates used by other organizations without authorization. Affected software is MicroRealEstate, with t...

5.3CVSS6AI score0.00215EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-57870

Broken object-level access control on the Template API in MicroRealEstate allows attackers to retrieve document templates used by other organizations without authorization. This issue affects MicroRealEstate: through 1.0.0-alpha3...

5.3CVSS0.00215EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-57869

Broken object-level access controls and the use of a deterministic pattern during random ID generation in MicroRealEstate allows attackers to access documents uploaded by landlords or tenants without authorization. This issue affects MicroRealEstate: through 1.0.0-alpha3...

7.1CVSS6AI score0.00215EPSS
Exploits0References3
CVE
CVE
added 5 days ago14 views

CVE-2026-57869

CVE-2026-57869 affects MicroRealEstate up to version 1.0.0-alpha3. The vulnerability stems from broken object-level access controls and a deterministic pattern used in random ID generation, enabling attackers to access documents uploaded by landlords or tenants without authorization. The availabl...

7.1CVSS6AI score0.00215EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago37 views

CVE-2026-34037 Cross-Tenant Resource Cloning via Broken Object-Level Authorization in cloneTo()

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the cloneTo Livewire action in ResourceOperations.php authorizes the source resource but resolves destination resources with unscoped Eloquent lookups, allowing an...

9.9CVSS0.00247EPSS
Exploits0References3
Patchstack
Patchstack
added 6 days ago3 views

WordPress AcyMailing SMTP Newsletter plugin <= 10.11.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by anhcd05 in WordPress Plugin AcyMailing SMTP Newsletter versions = 10.11.1...

5.9AI score
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/07/04 12:5 p.m.34 views

CVE-2026-12196 HestiaCP Admin Takeover

HestiaCP panel cronjob feature is affected by a broken access control vulnerability. Low privilege users can modify the panel cronjob to execute scripts HestiaCP management scripts with passwordless sudo. This could result in the takeover of administrator users in the application and the underlyi...

8.3CVSS0.00256EPSS
Exploits0References2
CVE
CVE
added 2026/07/04 12:5 p.m.20 views

CVE-2026-12196

The CVE-2026-12196 entry describes a broken access control vulnerability in the HestiaCP panel cronjob feature. Low-privilege users can modify the panel cronjob to execute management scripts with passwordless sudo, enabling takeover of administrator users in the application and the underlying web...

8.3CVSS6AI score0.00256EPSS
Exploits0References2
NVD
NVD
added 2026/07/02 8:17 p.m.6 views

CVE-2026-59100

LobeChat through 2.2.9 contains a broken object level authorization vulnerability that allows authenticated attackers to access and modify other users' chat-group agent data by supplying arbitrary group identifiers. Attackers can invoke the getGroupAgents, updateAgentInGroup, and...

5CVSS0.0018EPSS
Exploits0References4
Rows per page
Query Builder