Lucene search
+L

788 matches found

euvd
euvd
added 2026/03/31 12:31 p.m.4 views

EUVD-2026-17382

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing channel commands to mutate protected sibling-account configuration despite configWrites restrictions. Attackers with authorized access on one account can execute channel commands like /config set channels..accounts...

7.1CVSS6AI score0.00194EPSS
Exploits0References3
nvd
nvd
added 2026/03/31 12:16 p.m.3 views

CVE-2026-32976

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing channel commands to mutate protected sibling-account configuration despite configWrites restrictions. Attackers with authorized access on one account can execute channel commands like /config set channels..accounts...

7.1CVSS0.00194EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/03/26 3:0 p.m.5 views

CVE-2026-33719

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the CDN plugin endpoints plugin/CDN/status.json.php and plugin/CDN/disable.json.php use key-based authentication with an empty string default key. When the CDN plugin is enabled but the key has not been configured...

8.6CVSS5.7AI score0.00356EPSS
Exploits1References1
osv
osv
added 2026/03/20 9:5 a.m.10 views

BIT-CEPH-2020-10736

An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the ceph-mon and ceph-mgr daemons do not properly restrict access, resulting in gaining access to unauthorized resources. This flaw allows an authenticated client to modify the configuration and possibly...

8CVSS5.8AI score0.00646EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/03/17 9:41 p.m.4 views

CVE-2026-32841

Edimax GS-5008PL firmware versions 1.00.54 and prior contain an authentication bypass vulnerability that allows unauthenticated attackers to access the management interface. Attackers can exploit the global authentication flag mechanism to gain administrative access without credentials after any...

9.2CVSS5.8AI score0.00596EPSS
Exploits0References4
euvd
euvd
added 2026/03/11 6:30 p.m.4 views

EUVD-2026-11251

An information disclosure vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to obtain and modify sensitive information by triggering live terminal session via Cortex UI and modifying any configuration setting. The attacker must have network access to the Broke...

8.4CVSS5.8AI score0.00171EPSS
Exploits0References2
cve
cve
added 2026/02/17 8:45 p.m.18 views

CVE-2026-23595

CVE-2026-23595 describes an authentication bypass in the application API that allows an attacker to create unauthorized administrative accounts, enabling privileged access and potential data/configuration manipulation. Public entries consolidate this description across NVD/Red Hat/CIRCL/attackerk...

8.8CVSS5.7AI score0.00299EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2026/02/10 10:15 a.m.14 views

CVE-2026-25655

A vulnerability has been identified in SINEC NMS All versions V4.0 SP2. The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with administrative...

8.5CVSS0.00238EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/02/10 9:58 a.m.4 views

CVE-2026-25655

A vulnerability has been identified in SINEC NMS All versions V4.0 SP2. The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially leading to arbitrary code execution with administrative...

8.5CVSS6.2AI score0.00238EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/02/05 4:13 p.m.5 views

CVE-2020-37118

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...

5.1CVSS5.2AI score0.0014EPSS
Exploits0References5Affected Software1
cvelist
cvelist
added 2026/02/03 10:59 p.m.32 views

CVE-2026-1632 RISS SRL MOMA Seismic Station Missing Authentication for Critical Function

MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data or remotely reset the device...

9.3CVSS0.00474EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/02/03 9:19 p.m.6 views

CVE-2026-1232

A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows versions =25.7. Under certain conditions, a local authenticated user with elevated privileges may be able to bypass the product’s anti-tamper protections, which could allow access to protected...

6.8CVSS5.2AI score0.0012EPSS
Exploits0References1
cvelist
cvelist
added 2026/02/02 4:18 p.m.31 views

CVE-2026-1232 Anti-Tamper Bypass in BeyondTrust Privilege Management for Windows

A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows versions =25.7. Under certain conditions, a local authenticated user with elevated privileges may be able to bypass the product’s anti-tamper protections, which could allow access to protected...

6.8CVSS0.0012EPSS
Exploits0References2
snyk
snyk
added 2026/01/15 5:50 p.m.5 views

Insufficient Granularity of Access Control

Overview Affected versions of this package are vulnerable to Insufficient Granularity of Access Control via the favorite-output-definitions-table-proxy API endpoint. An attacker can access or modify configurations without proper authorization by sending requests as an authenticated backend user w...

5.4CVSS6.7AI score0.00265EPSS
Exploits1References2
redhatcve
redhatcve
added 2026/01/09 11:26 a.m.9 views

CVE-2021-33214

In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to access files that could lead to sensitive information disclosure, modification of configuration files, or disruption of normal system operation...

6.1CVSS6.5AI score0.00649EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/01/09 11:23 a.m.7 views

CVE-2021-31540

Wowza Streaming Engine through 4.8.5 in a default installation has incorrect file permissions of configuration files in the conf/ directory. A regular local user is able to read and write to all the configuration files, e.g., modify the application server configuration...

7.1CVSS6.6AI score0.00389EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/01/09 9:54 a.m.8 views

CVE-2020-10095

Various Lexmark devices have CSRF that allows an attacker to modify the configuration of the device...

8.1CVSS6.9AI score0.00167EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 8:40 a.m.12 views

CVE-2022-35876

Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a...

9.8CVSS7.2AI score0.00861EPSS
Exploits1References1
nvd
nvd
added 2026/01/06 4:15 p.m.4 views

CVE-2020-36906

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...

5.3CVSS0.00142EPSS
Exploits1References7
redhatcve
redhatcve
added 2026/01/06 4:4 p.m.7 views

CVE-2025-14346

WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, override speed restrictions, and manipulate configuration profiles without any credentials or user...

9.8CVSS7.1AI score0.05494EPSS
Exploits0References1
Rows per page
Query Builder