Lucene search
K

104 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.4 views

CVE-2026-1267

IBM Planning Analytics Local 2.1.0 through 2.1.17 could allow an unauthorized access to sensitive application data and administrative functionalities due to lack of proper access controls...

6.5CVSS5.8AI score0.0033EPSS
Exploits0References1
NCSC
NCSC
added 2026/03/20 3:56 p.m.10 views

Vulnerability fixed in Oracle Identity Manager and Oracle Web Services Manager

Oracle has fixed a vulnerability in two components of Fusion Middleware, Oracle Identity Manager and Oracle Web Services Manager. The vulnerability comes from insufficient access controls within Oracle Identity Manager and Oracle Web Services Manager, allowing unauthenticated remote attackers to...

9.8CVSS6.3AI score0.01008EPSS
Exploits1References2
NVD
NVD
added 2026/01/24 3:16 a.m.14 views

CVE-2026-24422

phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, multiple public API endpoints improperly expose sensitive user information due to insufficient access controls. The OpenQuestionController::list endpoint calls Question::getAll with showAll=true by default, returning...

7.5CVSS0.00375EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2014-3867

Malware in sbrugna...

7.5CVSS7.8AI score0.01709EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 3:14 p.m.7 views

CVE-2020-15411

An issue was discovered in MISP 2.4.128. app/Controller/AttributesController.php has insufficient ACL checks in the attachment downloader...

9.8CVSS6.9AI score0.01449EPSS
Exploits0
Veracode
Veracode
added 2025/05/09 6:34 a.m.18 views

Unauthorized Access

github.com/inspektor-gadget/inspektor-gadget is vulnerable to unauthorized access. The vulnerability is due to insufficient access controls due to reliance on client access with valid TLS certificates or cluster access in daemon or Kubernetes modes, allows an attacker to gain unauthorized access ...

7.3AI score
Exploits0
Vulnrichment
Vulnrichment
added 2025/04/21 3:12 p.m.17 views

CVE-2025-2298 Authenticated API Endpoint Allows Arbitrary File Deletion in Dremio Software

An improper authorization vulnerability in Dremio Software allows authenticated users to delete arbitrary files that the system has access to, including system files and files stored in remote locations such as S3, Azure Blob Storage, and local filesystems. This vulnerability exists due to...

8.4CVSS6.6AI score0.00286EPSS
Exploits0References1
CVE
CVE
added 2025/04/16 11:6 p.m.86 views

CVE-2025-1568

CVE-2025-1568 is a Gerrit-based supply‑chain and access-control vulnerability in Google ChromeOS Gerrit project configuration (ChromiumOS, ChromeOS 16063.87.0) characterized by misconfigurations in Gerrit’s project.config, permissive default addPatchSet, and a race window that enables malicious p...

8.8CVSS8.8AI score0.00353EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2025/04/10 5:24 a.m.9 views

Incorrect Authorization

drupal/core package is vulnerable to Incorrect Authorization. The vulnerability is due to insufficient access controls. This allows forceful browsing in certain core versions, enabling attackers to access restricted resources...

4.6CVSS6.5AI score0.00293EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2025/02/17 5:42 a.m.24 views

Improper Authorization

magento/community-edition and magento/project-community-edition are vulnerable to Improper Authorization. The vulnerability is due to insufficient access controls due to improper authorization enforcement, allowing an attacker to bypass security measures and escalate privileges, potentially leadi...

9.1CVSS7AI score0.15857EPSS
Exploits0References3Affected Software2
Positive Technologies
Positive Technologies
added 2025/01/27 12:0 a.m.3 views

PT-2025-5303 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.7.3 macOS versions prior to 14.7.3 macOS versions prior to 15.3 Description: The issue is related to insufficient access restrictions in the PackageKit component of macOS, which may allow a remote attacker to elevat...

10CVSS6.5AI score0.00628EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2024/11/14 12:0 a.m.4 views

PT-2024-8168 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based versions up to 130.0.2849.46 Description: The Chromium-based version of Microsoft Edge has an information disclosure issue related to insufficient access controls, allowing a remote attacker to disclose protected...

6.4CVSS6.7AI score0.00503EPSS
Exploits0References11
Veracode
Veracode
added 2024/10/15 7:8 a.m.8 views

Insecure Direct Object Reference (IDOR)

Open-webui/open-webui is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is caused by insufficient access controls in the API, which fail to validate user permissions, allowing unauthorized users to manipulate restricted data...

6.5CVSS6.6AI score0.00357EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2024/09/05 12:0 a.m.7 views

SuiteCRM 安全漏洞

SuiteCRM is a customer relationship management system from the SuiteCRM team. SuiteCRM has a security vulnerability that stems from insufficient access control checks. An attacker exploited the vulnerability to delete records via the API...

7.7CVSS6.6AI score0.00278EPSS
Exploits0References3
Veracode
Veracode
added 2024/07/24 5:50 a.m.13 views

Unauthorized Access

alextselegidis/easyappointments is vulnerable to Unauthorized Access. The vulnerability is due to insufficient access controls in the GET, PUT, DELETE /providers/providerId endpoints, allowing a low privileged user to fetch, modify, or delete a privileged user's data...

9.9CVSS6.6AI score0.004EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/07/10 7:33 a.m.15 views

Authorization Bypass

alextselegidis/easyappointments is vulnerable for Authorization Bypass. The vulnerability is due to insufficient access controls on the GET, PUT, and DELETE methods for /appointments/appointmentId, allowing a low-privileged user to fetch, modify, or delete any user's appointment, including those ...

9.9CVSS7AI score0.00415EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/07/05 9:33 a.m.13 views

Arbitrary File Deletion

gogs.io/gogs is vulnerable to Arbitrary File Deletion. The vulnerability is due to insufficient access controls, allowing unauthorized users to delete internal files on the host...

9.9CVSS6.7AI score0.50697EPSS
Exploits0References2Affected Software2
Veracode
Veracode
added 2024/05/16 8:8 a.m.21 views

Unauthorized Data Access

Klaviyo Magento 2 is vulnerable to Unauthorized Data Access. The vulnerability is due to insufficient access controls in an endpoint, allowing attackers to read private customer data from stores by reclaiming guest-carts and accessing order details via the Magento API...

6.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.4 views

PT-2024-4666 · Microsoft · Azure Arc-Enabled Kubernetes Extension Cluster

Name of the Vulnerable Software and Affected Versions: Azure Arc-enabled Kubernetes Extension Cluster affected versions not specified Description: The issue is related to insufficient access controls in Azure Arc-enabled Kubernetes extensions, which can be exploited by a remote attacker to elevat...

6.2CVSS9AI score0.00888EPSS
Exploits0References5
Veracode
Veracode
added 2024/03/29 11:27 a.m.29 views

Insecure Direct Object Reference (IDOR)

pimcore/pimcore is vulnerable to Insecure Direct Object Reference IDOR. This vulnerability is due to insufficient access controls and improper handling of session information within the Pimcore platform. Specifically, the flaw arises from the platform's failure to properly restrict access to...

6.5CVSS6.5AI score0.00713EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder