Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Cvelist
Cvelistadded 2026/04/17 9:1 p.m.20 views

CVE-2026-40196 HomeBox has Unauthorized API Access via Retained defaultGroup ID After Group Access Revocation

HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned to a user after being invited to a group, even after their access to that group was revoked. While the web interface correctly enforced the...

8.1CVSS0.00247EPSS
Exploits0References2
CVE
CVEadded 2026/04/17 9:1 p.m.17 views

CVE-2026-40196

HomeBox (home inventory system) versions prior to 0.25.0 are affected by an access control flaw where a user’s defaultGroup ID remains assigned after being invited to a group, and revocation via the web interface does not apply to the API. The root cause is that the original group ID persists as ...

8.1CVSS5.7AI score0.00247EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVEadded 2025/02/06 2:36 a.m.12 views

CVE-2025-23208

zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database meta.db is an append-list so group revocations/removals are ignored in the API. SetUserGroups is alled on login, but instead of replacing the group memberships, they are appended...

7.3CVSS7AI score0.00394EPSS
Exploits1References1
SUSE CVE
SUSE CVEadded 2025/01/30 3:47 a.m.1 views

SUSE CVE-2025-23208

zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database meta.db is an append-list so group revocations/removals are ignored in the API. SetUserGroups is alled on login, but instead of replacing the group memberships, they are appended...

7.3CVSS6.7AI score0.00394EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2025/01/17 10:24 p.m.21 views

CVE-2025-23208 IdP group membership revocation ignored in zot

zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database meta.db is an append-list so group revocations/removals are ignored in the API. SetUserGroups is alled on login, but instead of replacing the group memberships, they are appended...

7.3CVSS7.1AI score0.00394EPSS
Exploits1References3
CVE
CVEadded 2025/01/17 10:24 p.m.333 views

CVE-2025-23208

The CVE-2025-23208 issue affects Zot, an OCI image registry. Root cause: SetUserGroups on login appends new groups instead of replacing existing memberships, stored in boltdb (meta.db), so group revocations/removals from IdPs are ignored. Impact: any configuration using group-based authorization ...

7.3CVSS7.1AI score0.00394EPSS
Exploits1References3Affected Software1
OSV
OSVadded 2025/01/17 10:2 p.m.7 views

GHSA-C9P4-XWR9-RFHX Zot IdP group membership revocation ignored

Summary The group data stored for users in the boltdb database meta.db is an append-list so group revocations/removals are ignored in the API. Details SetUserGroups is alled on login, but instead of replacing the group memberships, they are appended. This may be due to some conflict with the grou...

7.3CVSS7.1AI score0.00394EPSS
Exploits1References5
Rows per page
Query Builder