Lucene search
K

5660 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 5:3 p.m.3 views

Security Bulletin: Vulnerabilities in Spring Security, Handlebars, Apache MINA and Apache Tomcat might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Spring Security, Handlebars, Apache MINA and Apache Tomcat. Vulnerabilities include an authorization bypass, providing the power necessary to let users build semantic templates, allowing arbitrary code to be...

9.8CVSS6.5AI score0.0178EPSS
Exploits5Affected Software1
Cvelist
Cvelist
added 2026/06/26 4:9 p.m.34 views

CVE-2026-11779 PayloadCMS 3.84.1 - Authenticated account lockout bypass through default unlock access

An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation...

5.3CVSS0.00235EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 4:9 p.m.8 views

EUVD-2026-39799

An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation...

5.3CVSS5.8AI score0.00235EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 4:9 p.m.7 views

CVE-2026-11779

An Improper Authorization vulnerability exists in PayloadCMS version 3.84.1 due to insufficient access control on the account unlock operation...

5.3CVSS5.8AI score0.00235EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/26 4:9 p.m.13 views

CVE-2026-11779

Technical details about CVE-2026-11779 are not publicly available in the provided documents. Monitor for updates.

5.3CVSS5.8AI score0.00235EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 2:17 p.m.9 views

CVE-2026-57923

In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings...

7.5CVSS0.00159EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 12:38 p.m.41 views

CVE-2026-57923

In JetBrains YouTrack before 2026.2.16593 improper authorisation in the app configurations endpoint allowed modifying project settings...

5.3CVSS0.00159EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.8 views

PT-2026-52703

Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description Improper authorization in the app configurations endpoint allows for the modification of project settings. Recommendations Update JetBrains YouTrack to version 2026.2.16593 or later...

7.5CVSS5.8AI score0.00159EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.5 views

FreeBSD : Gitlab -- Vulnerabilities (ee1e7aef-7117-11f1-873f-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ee1e7aef-7117-11f1-873f-2cf05da270f3 advisory. Gitlab reports: Cross-site Scripting issue in Analytics Dashboard impacts GitLab EE Cross-site...

8.7CVSS5.7AI score0.00328EPSS
Exploits0References15
Snyk
Snyk
added 2026/06/25 6:43 p.m.5 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization through the web archive download endpoint. An attacker can access resources beyond their authorized token scope by sending crafted requests to this endpoint. Remediation Upgrade...

9.1CVSS5.8AI score0.00403EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/25 6:43 p.m.5 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization through the web archive download endpoint. An attacker can access resources beyond their authorized token scope by sending crafted requests to this endpoint. Remediation Upgrade...

9.1CVSS5.8AI score0.00403EPSS
Exploits0References3
Veracode
Veracode
added 2026/06/25 7:15 a.m.8 views

Improper Authorization

Apache DolphinScheduler is vulnerable to Improper Authorization. The vulnerability is due to incorrect authorization checks when accessing workflow instance information, where users can retrieve workflow details from projects they are not authorized to access...

6.5CVSS5.8AI score0.00312EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2026/06/25 5:21 a.m.10 views

Improper Authorization

Apache DolphinScheduler is vulnerable to Improper Authorization. The vulnerability is due to a missing authorization check in the DataSource API, where requests are not properly validated before returning data source metadata, allowing unauthorized users to disclose sensitive data source...

9.8CVSS5.7AI score0.0039EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2026/06/25 5:20 a.m.7 views

Improper Authorization

Apache DolphinScheduler is vulnerable to Improper Authorization. The vulnerability is due to incorrect authorization checks when deleting task definitions, where users with valid system login privileges can delete task definitions in projects they are not authorized to manage...

4.9CVSS5.8AI score0.00437EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2026/06/25 5:18 a.m.10 views

Improper Authorization

Apache DolphinScheduler is vulnerable to Improper Authorization. The vulnerability is due to incorrect authorization checks in the experimental /v2 interface, where insufficient access control allows attackers to perform unauthorized actions or access protected resources...

9.1CVSS5.9AI score0.00337EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/25 4:34 a.m.106 views

CVE-2026-2238

CVE-2026-2238 affects GitLab CE/EE, impacting all versions from 17.5 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1. An unauthorized user could view confidential issue references on public projects due to improper authorization checks. The issue is mitigated in GitLab releases 18.11.6...

5.3CVSS5.9AI score0.00275EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/24 8:38 p.m.6 views

CVE-2026-12770

A flaw was found in BerriAI litellm. A remote attacker could exploit an improper authorization vulnerability within the Admin Key Handler component. This could allow the attacker to perform unauthorized actions, leading to limited impacts on data integrity and service availability...

8.8CVSS5.9AI score0.00337EPSS
Exploits1References8
FreeBSD
FreeBSD
added 2026/06/24 12:0 a.m.6 views

Gitlab -- Vulnerabilities

Gitlab reports: Cross-site Scripting issue in Analytics Dashboard impacts GitLab EE Cross-site Scripting issue in Web IDE workbench asset handler impacts GitLab CE/EE Information Disclosure issue in Duo Workflows impacts GitLab EE Authorization Bypass issue in Virtual Registry Cleanup Policy API...

8.7CVSS5.6AI score0.00328EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 6:17 p.m.3 views

Security Bulletin: Unauthenticated Cross-User MCP Resource Access and Tool Execution via Streamable Transport Authorization Bypass

Summary An improper authorization vulnerability in Streamable MCP transport endpoint /api/v1/mcp/project/projectid/streamable allows unauthenticated attackers to bypass project ownership controls and execute Model Context Protocol MCP operations against OAuth-authenticated projects owned by other...

9.8CVSS6.1AI score0.00259EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/06/23 5:33 p.m.3 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the session management endpoint. An attacker can access session credentials of other users, including those with higher privileges, by making authenticated requests with knowledge of a target user's identity...

8.5CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder