271 matches found
CVE-2026-53902
MCO does not properly enforce authorization checks in the /customer/servlet/mco/webapi/profile-sections/group-membership endpoint. An authenticated user can modify their group membership without proper authorization checks, allowing privilege escalation. An attacker can add themselves to arbitrar...
EUVD-2026-40948
MCO does not properly enforce authorization checks in the /customer/servlet/mco/webapi/profile-sections/group-membership endpoint. An authenticated user can modify their group membership without proper authorization checks, allowing privilege escalation. An attacker can add themselves to arbitrar...
CVE-2026-53902
The CVE-2026-53902 issue affects MCO’s web API, specifically the /customer/servlet/mco/webapi/profile-sections/group-membership endpoint. The root cause is improper authorization checks, enabling an authenticated user to modify their group membership and perform privilege escalation by adding the...
PT-2026-54828
Name of the Vulnerable Software and Affected Versions MCO version 25.3.3.1 Description Insufficient authorization enforcement in the '/customer/servlet/mco/webapi/profile-sections/group-membership' endpoint allows an authenticated user to modify their group membership. By providing a valid group...
CVE-2026-47148 Groups GetGroupMembership count/list-length mismatch in EmberZNet v9.0.2
In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...
CVE-2026-47148
CVE-2026-47148 affects EmberZNet v9.0.2 and earlier. Malformed GetGroupMembership commands can trigger reads past the end of the message payload, potentially terminating the process. The impact is observed on devices that have already joined the network and that support the Groups cluster; no inf...
EUVD-2026-39403
In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...
Vulnerabilities managed in GitLab Enterprise Edition
GitLab has identified several vulnerabilities in the GitLab Community Edition and Enterprise Edition versions, ranging from 12.0 to 19.0.2, including important releases such as 17.x, 18.10.8, 18.11.5, and 19.0.2. These vulnerabilities affect various components of GitLab CE & EE. Authorized users...
CVE-2026-4609
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the pminviteuser function in all versions up to, and including, 5.9.8.4. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2026-10549
LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in unauthorized access to the database...
CVE-2026-10549
CVE-2026-10549 describes an LDAP filter injection in Yandex Database leading to bypass of group membership checks and unauthorized access for an attacker with valid LDAP credentials. Affected product: Yandex Database before version 25.3.1.25. Root cause: LDAP filter injection in the authenticatio...
CVE-2026-10549 Privilege escalation in Yandex Database
LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in unauthorized access to the database...
CVE-2026-10549
LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in unauthorized access to the database...
EUVD-2026-33900
LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in unauthorized access to the database...
Yamcs vulnerable to unauthorized user enumeration via IAM API endpoints
Summary The IAM API endpoints listUsers, getUser, listGroups, and getGroup in yamcs-core do not enforce the required SystemPrivilege.ControlAccess check. As a result, any authenticated user even those with low or no privileges can enumerate all user accounts in the system, including their...
Astra Linux – Vulnerability in Samba
A flaw was discovered in Samba. The Samba smbd file server must map Windows group identities SIDs to Unix group IDs gids. The code responsible for this mapping contained a flaw that could allow it to read data beyond the end of the array, in the event that a negative cache entry was added to the...
CLSA-2026-1778859875 samba: Fix of CVE-2025-0620
Fix CVE-2025-0620: smbd doesn't pick up group membership changes when re-authenticating an expired SMB session...
CVE-2026-44304
Lemur manages TLS certificate creation. Prior to 1.9.0, Lemur's LDAP authentication module lemur/auth/ldap.py constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to...
CVE-2026-43912
Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden does not enforce that a groupsusers.usersorganizationsuuid entry belongs to the same organization as groups.groupsuuid, or a collectionsgroups.collectionsuuid entry belongs to the same organization as...
PT-2026-38300
Name of the Vulnerable Software and Affected Versions Lemur versions prior to 1.9.0 Description The LDAP authentication module lemur/auth/ldap.py constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter...