Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

13 matches found

EUVD
EUVDadded 3 days ago6 views

EUVD-2026-38563

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, Daytona's organization role update and delete endpoints authorized the caller as an owner of the organization named in the request path, but resolved and mutated the targe...

7.7CVSS6.3AI score0.00186EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/06/16 12:0 a.m.11 views

PT-2026-50181

Name of the Vulnerable Software and Affected Versions Daytona versions prior to 0.185.0 Description Organization role update and delete endpoints authorized the caller as an owner of the organization in the request path but mutated the target role using only its identifier without verifying the...

7.7CVSS5.8AI score0.00186EPSS
Exploits0References5
NVD
NVDadded 2026/02/07 8:15 a.m.5 views

CVE-2026-2077

A security vulnerability has been detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function addRole/updateRole/deleteRole of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\RoleController.java of the component Role...

8.8CVSS0.00262EPSS
Exploits1References6
OSV
OSVadded 2026/02/07 8:15 a.m.2 views

CVE-2026-2077

A security vulnerability has been detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function addRole/updateRole/deleteRole of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\RoleController.java of the component Role...

8.8CVSS5.3AI score0.00262EPSS
Exploits1References6
Cvelist
Cvelistadded 2026/02/07 7:32 a.m.33 views

CVE-2026-2077 yeqifu warehouse Role Management RoleController.java deleteRole improper authorization

A security vulnerability has been detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function addRole/updateRole/deleteRole of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\RoleController.java of the component Role...

6.5CVSS0.00262EPSS
Exploits1References6
EUVD
EUVDadded 2026/02/07 7:32 a.m.6 views

EUVD-2026-5746

A security vulnerability has been detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function addRole/updateRole/deleteRole of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\RoleController.java of the component Role...

6.5CVSS5AI score0.00262EPSS
Exploits1References6
CVE
CVEadded 2026/02/07 7:32 a.m.13 views

CVE-2026-2077

The CVE CVE-2026-2077 affects yeqifu warehouse, specifically the Role Management Handler’s RoleController.java addRole, updateRole, and deleteRole functions. Reported improper authorization is caused by manipulation of these functions, with the attack described as eliminable remotely and publicly...

8.8CVSS6.1AI score0.00262EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologiesadded 2026/02/07 12:0 a.m.6 views

PT-2026-6883

Name of the Vulnerable Software and Affected Versions yeqifu warehouse affected versions not specified Description A security issue exists in yeqifu warehouse related to improper authorization. The issue is present in the addRole, updateRole, and deleteRole functions within the RoleController.jav...

6.5CVSS5.3AI score0.00262EPSS
Exploits1References8
CNNVD
CNNVDadded 2022/11/27 12:0 a.m.4 views

OpenDaylight SQL注入漏洞

OpenDaylight ODL is an open source SDN controller from OpenDaylight Open Source. A security vulnerability exists in versions of OpenDaylight ODL prior to 0.16.5, which originates in its aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java component in the /auth/ v1/role...

7.5CVSS7.1AI score0.00599EPSS
Exploits1References3
0day.today
0day.todayadded 2022/09/21 12:0 a.m.376 views

ProcessMaker Privilege Escalation Exploit

Exploit Title: ProcessMaker - User Profile Privilege Escalation Description: ProcessMaker before v3.5.4 was discovered to contain insecure permissions in the user profile page. This vulnerability allows attackers to escalate normal users to Administrators. Exploit Author: Sornram Kampeera...

8.8CVSS0.5AI score0.01618EPSS
Exploits4
OSV
OSVadded 2022/01/03 1:15 p.m.3 views

CVE-2021-25000

The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcjdeleterole parameter before outputting back in the admin dashboard when the General module is enabled, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS5.8AI score0.00757EPSS
Exploits2References1
CNNVD
CNNVDadded 2022/01/03 12:0 a.m.4 views

WordPress plugin 跨站脚本漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Booster for WooCommerce. The vulnerability stems from the program not filterin...

6.1CVSS5.3AI score0.00757EPSS
Exploits2References2
Prion
Prionadded 2017/11/27 7:29 p.m.13 views

Improper access control

TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. It is then possible for a manager user to modify any arbitrary roles within the application, or delete any arbitrary role. To exploit the vulnerability, an authenticated attacker must have...

4CVSS5.1AI score0.00917EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder