Lucene search
K

58 matches found

NVD
NVD
added 6 days ago7 views

CVE-2026-57518

Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission to escalate privileges by assigning arbitrary custom roles to themselves due to missing authorization checks in UserApiController::saveAction. Attackers can...

8.8CVSS0.00479EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-39795

Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission to escalate privileges by assigning arbitrary custom roles to themselves due to missing authorization checks in UserApiController::saveAction. Attackers can...

8.8CVSS6.2AI score0.00479EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-57518 Pagekit CMS 1.0.18 Privilege Escalation via UserApiController

Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission to escalate privileges by assigning arbitrary custom roles to themselves due to missing authorization checks in UserApiController::saveAction. Attackers can...

8.8CVSS0.00479EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-57518

Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission to escalate privileges by assigning arbitrary custom roles to themselves due to missing authorization checks in UserApiController::saveAction. Attackers can...

8.8CVSS6.2AI score0.00479EPSS
Exploits0References3
CVE
CVE
added 6 days ago9 views

CVE-2026-57518

Pagekit CMS 1.0.18 contains a privilege escalation flaw in UserApiController::saveAction(). Authenticated users with the 'user: manage users' permission can assign arbitrary custom roles to themselves, including roles with 'system: manage packages' permission, enabling them to upload and install ...

8.8CVSS6.2AI score0.00479EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 5:16 a.m.14 views

CVE-2026-0934

GitLab has remediated an issue in GitLab EE affecting all versions from 17.9 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with custom role permissions to view, create, or delete protected environment configuratio...

3.8CVSS0.00201EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 4:35 a.m.89 views

CVE-2026-0934

GitLab Enterprise Edition (GitLab EE) has remediated a privilege‑escalation issue affecting all releases prior to fixed patches: 17.9 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1. An authenticated user with custom role permissions could view, create, or delete protected environment ...

3.8CVSS5.9AI score0.00201EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.7 views

GitLab 17.9 < 18.11.6 / 19.0 < 19.0.3 / 19.1 < 19.1.1 (CVE-2026-0934)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab EE affecting all versions from 17.9 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticate...

3.8CVSS5.9AI score0.00201EPSS
Exploits0References5
CVE
CVE
added 2026/06/15 8:18 p.m.16 views

CVE-2026-42661

Affected software : WordPress WP Customer Area plugin

8.8CVSS5.2AI score0.00371EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.8 views

CVE-2026-4916

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom role permissions to demote or remove higher-privileged group members due to improper authorization...

2.7CVSS5.5AI score0.00348EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.9 views

CVE-2026-20238

In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data that was restricted through srchFilter configurations on custom roles. The app contains an authorize.conf configuration file with a srchFilter entry that...

6.5CVSS5.5AI score0.0032EPSS
Exploits0References1
NVD
NVD
added 2026/05/20 6:16 p.m.17 views

CVE-2026-20238

In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data that was restricted through srchFilter configurations on custom roles.The app contains an authorize.conf configuration file with a srchFilter entry that...

6.5CVSS0.0032EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/20 4:32 p.m.44 views

CVE-2026-20238 Improper Access Control through Role Inheritance in Splunk AI Toolkit app

In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data that was restricted through srchFilter configurations on custom roles.The app contains an authorize.conf configuration file with a srchFilter entry that...

6.5CVSS0.0032EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.12 views

PT-2026-42211

In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data that was restricted through srchFilter configurations on custom roles.The app contains an authorize.conf configuration file with a srchFilter entry that...

6.5CVSS5.8AI score0.0032EPSS
Exploits0References4
CVE
CVE
added 2026/04/15 6:22 p.m.12 views

CVE-2026-6383

KubeVirt RBAC evaluation logic flaw truncates subresource names, causing incorrect permission checks. Authenticated users with specific custom roles may gain unauthorized access to subresources and sensitive information, while legitimate users can be denied access. The issue is described across C...

5.4CVSS5.7AI score0.0015EPSS
Exploits0References2
OSV
OSV
added 2026/04/13 6:10 a.m.3 views

BIT-GITLAB-2026-4916 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom role permissions to demote or remove higher-privileged group members due to improper authorization...

2.7CVSS5.8AI score0.00348EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-4916

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have...

2.7CVSS5.9AI score0.00348EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/04/08 11:17 p.m.5 views

CVE-2026-4916

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom role permissions to demote or remove higher-privileged group members due to improper authorization...

2.7CVSS5.8AI score0.00348EPSS
Exploits0References4
OSV
OSV
added 2026/04/08 11:17 p.m.6 views

UBUNTU-CVE-2026-4916

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom role permissions to demote or remove higher-privileged group members due to improper authorization...

2.7CVSS5.8AI score0.00348EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/08 10:25 p.m.5 views

CVE-2026-4916

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom role permissions to demote or remove higher-privileged group members due to improper authorization...

2.7CVSS5.9AI score0.00348EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder