Lucene search
+L

61707 matches found

EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-45195

Dendrite through 0.13.8 contains an improper access control vulnerability in the syncapi /context endpoint syncapi/routing/context.go that allows authenticated local users to access post-leave room state events by exploiting a flawed membership check that evaluates only the RoomExists field while...

5.3CVSS5.4AI score
Exploits0References2
NVD
NVD
added 8 hours ago13 views

CVE-2026-22104

Improper access control in Hashtopolis server web-interface chunk activity component for versions prior to 0.14.8 allows any created account to read all cracked hashes of a Hashtopolis server instance...

7.1CVSS
Exploits0References3
EUVD
EUVD
added 9 hours ago3 views

EUVD-2026-45155

Improper access control in Hashtopolis server web-interface chunk activity component for versions prior to 0.14.8 allows any created account to read all cracked hashes of a Hashtopolis server instance...

7.1CVSS5.3AI score
Exploits0References3
CVE
CVE
added 9 hours ago10 views

CVE-2026-22104

Hashtopolis server web-interface chunk activity component has an improper access control vulnerability in versions prior to 0.14.8, allowing any created account to read all cracked hashes for a Hashtopolis server instance. Root cause: insufficient access restrictions on the chunk activity UI/back...

7.1CVSS5.3AI score
Exploits0References3
NVD
NVD
added 13 hours ago7 views

CVE-2026-41993

Improper Access Control vulnerability in the Removable Media Validation function of TXOne Networks products allows a local attacker with administrator privileges to bypass the file lockdown mechanism, resulting in unauthorized file transfer to the victim device. The attacker needs to deploy...

6.7CVSS
Exploits0References1
Nuclei
Nuclei
added 14 hours ago159 views

Adobe Connect < 12.1.5 - Local File Disclosure

Adobe Connect versions 11.4.5 and earlier, 12.1.5 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not...

5.3CVSS5.7AI score0.81875EPSS
Exploits4References4
Nuclei
Nuclei
added 14 hours ago76 views

Dapr Dashboard 0.1.0-0.10.0 - Improper Access Control

Dapr Dashboard 0.1.0 through 0.10.0 is susceptible to improper access control. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-38817 info: name: Dapr Dashboard 0.1.0-0.10.0 - Improper Access Control author: For3stCo1d...

7.5CVSS7.4AI score0.03026EPSS
Exploits1References5
Nuclei
Nuclei
added 14 hours ago49 views

WAVLINK WN535 G3 - Improper Access Control

WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to improper access control. A vulnerability in /cgi-bin/ExportAllSettings.sh allows an attacker to execute arbitrary code via a crafted POST request and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized...

7.5CVSS8AI score0.02995EPSS
Exploits1References5
Nuclei
Nuclei
added 14 hours ago113 views

WordPress WPQA <5.5 - Improper Access Control

WordPress WPQA plugin before 5.5 is susceptible to improper access control. The plugin lacks authentication in a REST API endpoint. An attacker can potentially discover private questions sent between users on the site. id: CVE-2022-1598 info: name: WordPress WPQA 5.5 - Improper Access Control...

5.3CVSS5.8AI score0.05076EPSS
Exploits2References5
Nuclei
Nuclei
added 14 hours ago58 views

WAVLINK WN530HG4 - Improper Access Control

WAVLINK WN530HG4 M30HG4.V5030.191116 is susceptible to improper access control. It contains a hardcoded encryption/decryption key for its configuration files at /etcro/lighttpd/www/cgi-bin/ExportAllSettings.sh. An attacker can possibly obtain sensitive information, modify data, and/or execute...

9.8CVSS8.5AI score0.02415EPSS
Exploits1References4
EUVD
EUVD
added 14 hours ago8 views

EUVD-2026-45138

Improper Access Control vulnerability in the Removable Media Validation function of TXOne Networks products allows a local attacker with administrator privileges to bypass the file lockdown mechanism, resulting in unauthorized file transfer to the victim device. The attacker needs to deploy...

6.7CVSS6.1AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 18 hours ago4 views

PT-2026-60790

Dendrite through 0.13.8 contains an improper access control vulnerability in the syncapi /context endpoint syncapi/routing/context.go that allows authenticated local users to access post-leave room state events by exploiting a flawed membership check that evaluates only the RoomExists field while...

5.3CVSS5.3AI score
Exploits0References3
EUVD
EUVD
added yesterday5 views

EUVD-2026-44974

During an internal security assessment, a potential improper access control vulnerability was discovered in Lenovo Smart Connect for Windows that could allow a local authenticated user to access files owned by a different user on the same system...

6.8CVSS6.1AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-6511

During an internal security assessment, a potential improper access control vulnerability was discovered in Lenovo Smart Connect for Windows that could allow a local authenticated user to access files owned by a different user on the same system...

6.8CVSS6.1AI score
Exploits0References3
CVE
CVE
added yesterday10 views

CVE-2026-6511

CVE-2026-6511 : Lenovo Smart Connect for Windows is reported to have an improper access control vulnerability that could allow a local authenticated user to access files owned by another user on the same system. The issue is described as local, with low attack complexity and the attack requires l...

6.8CVSS6.1AI score
Exploits0References2
Nuclei
Nuclei
added yesterday17 views

VMware vRealize Log Insight - Improper Access Control to RCE

The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution. id: CVE-2022-31704 info: name: VMware vRealize Log Insight - Improper Acces...

9.8CVSS7.3AI score0.81011EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday15 views

vCenter Server - Improper Access Control

Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed. id: CVE-2021-22017 info: name:...

5.3CVSS6.8AI score0.47642EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-1609

A flaw was found in Keycloak. When the JSON Web Token JWT authorization grant preview feature is enabled and a user account is disabled, Keycloak fails to validate the user’s disabled status during JWT authorization grant processing. A remote attacker with low privileges can exploit this improper...

8.1CVSS6.1AI score0.00506EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2 days ago4 views

CVE-2026-20150

As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...

8.8CVSS0.00222EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-44715

As part of Cisco's ongoing commitment to proactive security and product quality, the Cisco RoomOS engineering team has conducted a comprehensive internal security review. This review resulted in a software hardening release that addresses multiple internally discovered vulnerabilities. The...

8.8CVSS6.1AI score0.00222EPSS
Exploits0References1
Rows per page
Query Builder