Lucene search
K

11 matches found

Cvelist
Cvelist
added 1 hour ago5 views

CVE-2026-20296 SPL Command Safeguards Bypass through Cross-Site Request Forgery (CSRF) in Deployment Server in Splunk Enterprise

In Splunk Enterprise versions below 10.4.1, 10.2.5, 10.0.8, and 9.4.13, and Splunk Cloud Platform versions below 10.5.2605.0, 10.4.2604.7, 10.3.2512.16, 10.2.2510.18, and 10.1.2507.24, an attacker could trick a user that holds a role with the listdeploymentserver capability into running arbitrary...

8.3CVSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.9 views

pgAdmin < 9.16 HTML Injection (CVE-2026-12047)

The version of pgAdmin installed on the remote host is prior to 9.16. It is, therefore, affected by an HTML injection vulnerability: - Cloud deployment endpoints forward SDK exception text directly into JSON fields without HTML-encoding. The Cloud Wizard frontend renders these responses through...

5.4CVSS6AI score0.00137EPSS
Exploits0References3
CVE
CVE
added 2026/05/29 4:40 p.m.27 views

CVE-2026-43917

CVE-2026-43917 (Dokploy) describes an IDOR due to a missing organization scoping check in the protectedProcedure middleware prior to 0.19.0. The middleware only validates authentication, not that the resource’s organization matches the session’s activeOrganizationId, enabling cross-organization a...

5.3CVSS5.8AI score0.00225EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 4:40 p.m.11 views

EUVD-2026-33361

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.19.0 and earlier, the protectedProcedure middleware only verifies the user is authenticated - it does NOT enforce organization scoping. Each endpoint must individually verify the resource's org matches the session's...

5.3CVSS5.8AI score0.00225EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.14 views

PT-2026-44929

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.19.0 and earlier, the protectedProcedure middleware only verifies the user is authenticated - it does NOT enforce organization scoping. Each endpoint must individually verify the resource's org matches the session's...

5.3CVSS5.8AI score0.00225EPSS
Exploits0References2
NVD
NVD
added 2023/11/28 5:15 p.m.26 views

CVE-2023-41264

Netwrix Usercube before 6.0.215, in certain misconfigured on-premises installations, allows authentication bypass on deployment endpoints, leading to privilege escalation. This only occurs if the configuration omits the required restSettings.AuthorizedClientId and restSettings.AuthorizedSecret...

9.8CVSS0.01045EPSS
Exploits1References2
OSV
OSV
added 2023/11/28 5:15 p.m.7 views

CVE-2023-41264

Netwrix Usercube before 6.0.215, in certain misconfigured on-premises installations, allows authentication bypass on deployment endpoints, leading to privilege escalation. This only occurs if the configuration omits the required restSettings.AuthorizedClientId and restSettings.AuthorizedSecret...

9.8CVSS5.8AI score0.01045EPSS
Exploits1References2
Prion
Prion
added 2023/11/28 5:15 p.m.11 views

Authentication flaw

Netwrix Usercube before 6.0.215, in certain misconfigured on-premises installations, allows authentication bypass on deployment endpoints, leading to privilege escalation. This only occurs if the configuration omits the required restSettings.AuthorizedClientId and restSettings.AuthorizedSecret...

7.5CVSS7.5AI score0.01045EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/28 12:0 a.m.11 views

CVE-2023-41264

Netwrix Usercube before 6.0.215, in certain misconfigured on-premises installations, allows authentication bypass on deployment endpoints, leading to privilege escalation. This only occurs if the configuration omits the required restSettings.AuthorizedClientId and restSettings.AuthorizedSecret...

9.7AI score0.01045EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/11/28 12:0 a.m.4 views

PT-2023-27877 · Netwrix · Netwrix Usercube

Name of the Vulnerable Software and Affected Versions: Netwrix Usercube versions prior to 6.0.215 Description: The issue allows authentication bypass on deployment endpoints, leading to privilege escalation in certain misconfigured on-premises installations. This occurs when the configuration omi...

9.8CVSS7.4AI score0.01045EPSS
Exploits1References4
CVE
CVE
added 2023/11/28 12:0 a.m.51 views

CVE-2023-41264

Netwrix Usercube prior to 6.0.215 exposes an authentication bypass on misconfigured on‑prem deployments, enabling privilege escalation via the deployment endpoints POST /api/Deployment/ExportConfiguration and POST /api/Deployment when restSettings.AuthorizedClientId and restSettings.AuthorizedSec...

9.8CVSS9.5AI score0.01045EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder