Lucene search
K

69 matches found

OSV
OSV
added 2026/06/29 6:1 a.m.4 views

BIT-GITLAB-2026-3176 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with limited permissions to access project information due to insufficient authorization...

3.1CVSS5.8AI score0.00182EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 5:16 a.m.12 views

CVE-2026-3176

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with limited permissions to access project information due to insufficient authorization...

3.1CVSS0.00182EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 4:34 a.m.38 views

CVE-2026-3176 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with limited permissions to access project information due to insufficient authorization...

3.1CVSS0.00182EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.16 views

GitLab 18.6 < 18.11.6 / 19.0 < 19.0.3 / 19.1 < 19.1.1 (CVE-2026-3176)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticate...

3.1CVSS5.9AI score0.00182EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.8 views

CVE-2026-26289

PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only...

8.4CVSS5.4AI score0.00135EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.11 views

CVE-2026-35555

PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups...

7CVSS5.4AI score0.00154EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 3:9 p.m.41 views

CVE-2026-32906 OpenClaw < 2026.5.12 - Privilege Escalation in Slack Plugin Approvals via Exec Approver Gate

OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that allows exec-authorized users to resolve plugin approvals through the exec approver gate. Attackers with limited exec approval permissions can bypass intended approval splits to approve plugin...

4.3CVSS0.00173EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/13 12:48 a.m.9 views

EUVD-2026-29831

PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups...

7CVSS5.8AI score0.00154EPSS
Exploits0References3
NVD
NVD
added 2026/05/12 10:16 p.m.12 views

CVE-2026-26289

PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only...

8.4CVSS0.00135EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 8:48 p.m.7 views

CVE-2026-35555 Subnet Solutions PowerSYSTEM Center Incorrect Authorization

PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups...

7CVSS5.8AI score0.00154EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 8:48 p.m.33 views

CVE-2026-35555 Subnet Solutions PowerSYSTEM Center Incorrect Authorization

PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups...

7CVSS0.00154EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 8:48 p.m.6 views

CVE-2026-35555

PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups...

7CVSS5.8AI score0.00154EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2026/05/12 8:48 p.m.16 views

CVE-2026-35555

CVE-2026-35555 affects Subnet Solutions PowerSYSTEM Center: the device project groups feature permits an authenticated user with limited permissions to perform an unauthorized deletion of project groups. The description identifies an authorization issue in the project groups workflow without deta...

7CVSS5.8AI score0.00154EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.13 views

PT-2026-40442

PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups...

7CVSS5.8AI score0.00154EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.12 views

PT-2026-40435

PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only...

8.4CVSS5.8AI score0.00135EPSS
Exploits0References3
OSV
OSV
added 2026/02/09 11:16 a.m.9 views

PYSEC-2026-11

Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later, which resolves this...

6.5CVSS5.7AI score0.00382EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/30 9:23 p.m.5 views

CVE-2026-22806

vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to versions 4.6.0, 4.5.4, 4.4.2, and 4.3.10, when an access key is created with a limited scope, the scope can be bypassed to access resources outside of it. However, the user...

9.1CVSS5.9AI score0.00444EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/29 7:54 p.m.4 views

CVE-2026-22806 vCluster Platform's Access Keys Allows Access Beyond Scope

vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to versions 4.6.0, 4.5.4, 4.4.2, and 4.3.10, when an access key is created with a limited scope, the scope can be bypassed to access resources outside of it. However, the user...

9.1CVSS5.9AI score0.00444EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/16 2:23 p.m.6 views

CVE-2026-22914

An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation...

6.5CVSS6.9AI score0.00284EPSS
Exploits0References1
NVD
NVD
added 2026/01/15 1:16 p.m.7 views

CVE-2026-22914

An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation...

6.5CVSS0.00284EPSS
Exploits0References6
Rows per page
Query Builder