Lucene search
+L

2382 matches found

Github Security Blog
Github Security Blog
added 2026/06/19 9:43 p.m.15 views

OpenRemote Manager: removeAlarms cross-realm IDOR (bulk delete)

Summary OpenRemote Manager is vulnerable to a cross-tenant Insecure Direct Object Reference IDOR in the bulk alarm deletion endpoint. An authenticated user in any realm can delete alarms belonging to other realms tenants by supplying arbitrary alarm IDs. The vulnerability exists because the bulk...

6AI score
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/19 9:43 p.m.12 views

GHSA-H3M5-97JQ-QJRF OpenRemote Manager: removeAlarms cross-realm IDOR (bulk delete)

Summary OpenRemote Manager is vulnerable to a cross-tenant Insecure Direct Object Reference IDOR in the bulk alarm deletion endpoint. An authenticated user in any realm can delete alarms belonging to other realms tenants by supplying arbitrary alarm IDs. The vulnerability exists because the bulk...

9.6CVSS6AI score0.00258EPSS
Exploits0References5
OSV
OSV
added 2026/06/19 9:42 p.m.11 views

GHSA-4VRG-R928-H5VV SpiceDB: Checks involving relations with caveats can result in unconditional permission when conditional permission is expected

Impact Under concurrency, CheckPermission and CheckBulkPermissions can return PERMISSIONSHIPHASPERMISSION for a resource, permission, subject whose correct answer is PERMISSIONSHIPCONDITIONALPERMISSION. You are impacted if all of the following hold: 1. Your schema has a permission combining...

3.7CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2026/06/18 6:16 a.m.15 views

CVE-2026-9199

The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.42.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This mak...

4.3CVSS0.00245EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/18 4:31 a.m.11 views

EUVD-2026-37837

The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.42.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This mak...

4.3CVSS5.3AI score0.00245EPSS
Exploits0References8
CVE
CVE
added 2026/06/18 4:31 a.m.24 views

CVE-2026-9199

The CVE-2026-9199 entry concerns the WordPress plugin Equalize Digital Accessibility Checker (WCAG/ADA/EAA/Section 508) up to version 1.42.1. The root cause is missing authorization verification, allowing authenticated users with author-level access and above to modify accessibility issue records...

4.3CVSS5.4AI score0.00245EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/18 4:31 a.m.7 views

CVE-2026-9199

The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.42.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This mak...

4.3CVSS5.3AI score0.00245EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/18 4:31 a.m.29 views

CVE-2026-9199 Equalize Digital Accessibility Checker <= 1.42.1 - Missing Authorization to Authenticated (Author+) Arbitrary Accessibility Issue Modification via 'largeBatch' Parameter

The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.42.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This mak...

4.3CVSS0.00245EPSS
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 7:27 p.m.11 views

Malicious code in nottuff23 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41d429b099904a530f5dc4dfdd4724b7b6160c1de1330e0b103e8b8e3c737dfd The package is one of approximately 100 identically-named-pattern publishes from an automated bulk-publish operation. The tarball ships...

6.2AI score
Exploits0References4
OSV
OSV
added 2026/06/16 7:27 p.m.10 views

MAL-2026-5915 Malicious code in nottuff23 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41d429b099904a530f5dc4dfdd4724b7b6160c1de1330e0b103e8b8e3c737dfd The package is one of approximately 100 identically-named-pattern publishes from an automated bulk-publish operation. The tarball ships...

6.2AI score
Exploits0References4
Schneier on Security
Schneier on Security
added 2026/06/15 11:1 a.m.21 views

The FCC Wants to Eliminate Burner Phones

A proposed FCC rule would kill burner phones: phones whose accounts are not attached to a particular person. The FCC plans to do this by legally forcing the country's telecoms to store a wealth of personal information about essentially all phone customers, including a government issued...

5.3AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/12 7:47 p.m.173 views

Exploit for CVE-2026-20230

CVE-2026-20230 Scanner A Python-based scanner and validation...

8.6CVSS5.9AI score0.41694EPSS
Exploits3
NVD
NVD
added 2026/06/11 6:16 p.m.14 views

CVE-2026-11986

A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints fail to perform granular permission checks when deleting role mappings. This allows a delegated administrato...

4.9CVSS0.00201EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 4:47 p.m.10 views

CVE-2026-11986 Keycloak-rest-admin-ui-ext: authorization bypass vulnerability in the admin-ui-ext bulk role-mapping-delete endpoints of keycloak

A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints fail to perform granular permission checks when deleting role mappings. This allows a delegated administrato...

4.9CVSS5.4AI score0.00201EPSS
Exploits0References2
CVE
CVE
added 2026/06/11 4:47 p.m.27 views

CVE-2026-11986

CVE-2026-11986 involves the Keycloak admin-ui-ext component. The root cause is that certain bulk role-removal endpoints do not perform granular permission checks when deleting role mappings, enabling a delegated administrator with limited permissions to remove highly privileged roles from other u...

4.9CVSS5.4AI score0.00201EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/11 4:47 p.m.10 views

EUVD-2026-36267

A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints fail to perform granular permission checks when deleting role mappings. This allows a delegated administrato...

4.9CVSS5.4AI score0.00201EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/11 4:47 p.m.36 views

CVE-2026-11986 Keycloak-rest-admin-ui-ext: authorization bypass vulnerability in the admin-ui-ext bulk role-mapping-delete endpoints of keycloak

A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints fail to perform granular permission checks when deleting role mappings. This allows a delegated administrato...

4.9CVSS0.00201EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/11 4:47 p.m.11 views

CVE-2026-11986

A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints fail to perform granular permission checks when deleting role mappings. This allows a delegated administrato...

4.9CVSS5.1AI score0.00201EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/11 2:17 p.m.7 views

Direct Request ('Forced Browsing')

Overview Affected versions of this package are vulnerable to Direct Request 'Forced Browsing' due to missing granular authorization checks in the bulk role-mapping-delete endpoints POST /admin/realms/realm/ui-ext/role-mapping-delete/users/id and POST...

6.9CVSS6.1AI score0.00201EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.22 views

PT-2026-48695

A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints fail to perform granular permission checks when deleting role mappings. This allows a delegated administrato...

4.9CVSS5.4AI score0.00201EPSS
Exploits0References3
Rows per page
Query Builder