Lucene search
K

13 matches found

CVE
CVE
added 2026/07/07 9:8 p.m.56 views

CVE-2026-28378

The CVE-2026-28378 entry describes a vulnerability in Grafana where the public dashboard deletion endpoint does not enforce organization isolation. An Org Admin in one organization can delete public dashboards belonging to another organization by supplying the target dashboard identifiers. Impact...

3.1CVSS5.9AI score0.00136EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/01 6:0 a.m.23 views

CVE-2026-10750

CVE-2026-10750 concerns the Royal MCP WordPress plugin prior to 1.4.26. The issue arises because the plugin does not perform capability checks on most MCP tools after token authentication, enabling authenticated, low-privilege users (e.g., Subscriber) to read private content, enumerate users and ...

8.1CVSS5.8AI score0.00267EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.12 views

CVE-2026-6566

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for...

4.3CVSS5.4AI score0.00264EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/20 5:31 a.m.13 views

CVE-2026-6566 Photo Gallery, Sliders, Proofing and Themes <= 4.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Image Deletion via REST API

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for...

4.3CVSS5.7AI score0.00264EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.12 views

PT-2026-42112

The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 4.2.0. This is due to insufficient object-level authorization in the image deletion REST flow where the permission callback for...

4.3CVSS5.7AI score0.00264EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/15 7:13 p.m.18 views

EUVD-2026-30606

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, any authenticated user can permanently delete files owned by other users via DELETE /api/v1/files/id when the target file is referenced in any shared chat. The hasaccesstofile...

8CVSS5.8AI score0.0027EPSS
Exploits1References1
NVD
NVD
added 2026/04/30 10:16 p.m.9 views

CVE-2026-6542

IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flowid to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for another user's flow...

8.1CVSS0.00201EPSS
Exploits0References1
OSV
OSV
added 2026/04/02 7:8 p.m.2 views

CVE-2026-34832 Scoold: Cross-Account Feedback Deletion (IDOR)

Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.66.1, Scoold contains an authenticated authorization flaw in feedback deletion that allows any logged-in, low-privilege user to delete another user's feedback post by submitting its ID to POST /feedback/id/delete. The...

6.5CVSS5.9AI score0.00303EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/13 6:56 p.m.9 views

Gokapi vulnerable to Privilege Escalation in File Replace

Summary An insufficient authorization check in the file replace API allows a user with only list visibility permission UserPermListOtherUploads to delete another user's file by abusing the deleteNewFile flag, bypassing the requirement for UserPermDeleteOtherUploads. Impact Any authenticated user...

4.1CVSS5.8AI score0.00179EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/11 8:2 p.m.5 views

CVE-2025-12756

Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to validate user permissions when deleting comments in Boards, which allows an authenticated user with the editor role to delete comments created by other users...

4.3CVSS6.7AI score0.00158EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/03 7:41 p.m.4 views

EUVD-2025-201129

RomM ROM Manager allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, an Authenticated User can delete collections belonging to other users by directly sending a DELETE request to the collection endpoint. No...

7.1CVSS6.2AI score0.00181EPSS
Exploits0References1
OSV
OSV
added 2025/12/03 7:41 p.m.5 views

CVE-2025-65097 Insecure Direct Object Reference (IDOR) Allows Unauthorized Deletion of User Collections

RomM ROM Manager allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, an Authenticated User can delete collections belonging to other users by directly sending a DELETE request to the collection endpoint. No...

7.1CVSS6.6AI score0.00181EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/12 10:11 p.m.13 views

CVE-2025-64523 FileBrowser has Insecure Direct Object Reference (IDOR) in Share Deletion Function

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Versions prior to 2.45.1 have an Insecure Direct Object Reference IDOR vulnerability in the FileBrowser application's share deletion functionality. Th...

7.2CVSS0.0042EPSS
Exploits1References2
Rows per page
Query Builder