Lucene search
K

188 matches found

NVD
NVD
added 6 days ago8 views

CVE-2026-33390

An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affectin...

8.1CVSS0.0021EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42536

An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affectin...

8.1CVSS6AI score0.0021EPSS
Exploits0References1
NVD
NVD
added 2026/07/07 5:16 a.m.11 views

CVE-2026-26053

An Incorrect Privilege Assignment CWE-266 vulnerability in the Command Centre Server allows an authenticated operator with limited privileges to perform some operations that they would not normally be authorized to perform. Version of Command Centre affected: 9.50 prior to vEL9.50.1587MR1, 9.40...

5.3CVSS0.00153EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/07 3:48 a.m.32 views

CVE-2026-26053

An Incorrect Privilege Assignment CWE-266 vulnerability in the Command Centre Server allows an authenticated operator with limited privileges to perform some operations that they would not normally be authorized to perform. Version of Command Centre affected: 9.50 prior to vEL9.50.1587MR1, 9.40...

5.3CVSS0.00153EPSS
Exploits0References1
NVD
NVD
added 2026/07/06 5:16 p.m.10 views

CVE-2026-40141

A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to acces...

9.9CVSS0.00478EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 4:13 p.m.21 views

CVE-2026-40141

CVE-2026-40141 affects the web application component of BeyondTrust Remote Support and Privileged Remote Access. The issue stems from insufficient validation of user-supplied input, which could allow an authenticated attacker with limited privileges to access resources or data beyond their author...

9.9CVSS6AI score0.00478EPSS
Exploits0References1Affected Software2
EUVD
EUVD
added 2026/05/19 1:23 p.m.19 views

EUVD-2025-209895

A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malicious remote strategies containing HTML tags through the sync. When a victim views the affected remo...

6.5CVSS5.8AI score0.00186EPSS
Exploits0References1
NVD
NVD
added 2026/05/18 5:16 p.m.33 views

CVE-2026-41085

Thermo Fisher Scientific Torrent Suite Dx through 5.14.2 has a privilege escalation vulnerability that may allow an authenticated user with limited access privileges to gain unauthorized administrator-level privileges through exploitation of specific system interfaces...

8.8CVSS0.0026EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/18 12:0 a.m.9 views

CVE-2026-41085

Thermo Fisher Scientific Torrent Suite Dx through 5.14.2 has a privilege escalation vulnerability that may allow an authenticated user with limited access privileges to gain unauthorized administrator-level privileges through exploitation of specific system interfaces...

5.8AI score0.0026EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

Subnet Solutions PowerSYSTEM Center 安全漏洞

Subnet Solutions PowerSYSTEM Center is a power solution offered by Subnet Solutions Corporation. There is a security vulnerability present in Subnet Solutions PowerSYSTEM Center, which allows authenticated users with limited privileges to perform unauthorized project group deletions...

7CVSS5.8AI score0.00154EPSS
Exploits0References1
CVE
CVE
added 2026/04/27 6:10 p.m.19 views

CVE-2026-25908

Affected product: Dell Alienware Command Center (AWCC). Versions prior to 6.13.8.0 are vulnerable to an Execution with Unnecessary Privileges flaw that can allow a local, low-privilege attacker to achieve Elevation of Privileges. Several connected sources corroborate the issue and reference the D...

7.8CVSS5.3AI score0.00093EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/04/08 4:41 p.m.42 views

CVE-2026-33461

Kibana Fleet contains an Incorrect Authorization (CWE-863) flaw that allows a user with limited Fleet privileges to call an internal API endpoint and obtain full configuration objects, bypassing authorization checks in the dedicated settings APIs. The endpoint assembles a response by fetching com...

7.7CVSS5.9AI score0.00282EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/08 4:41 p.m.4 views

CVE-2026-33461 Incorrect Authorization in Kibana Fleet Leading to Information Disclosure

Incorrect Authorization CWE-863 in Kibana can lead to information disclosure via Privilege Abuse CAPEC-122. A user with limited Fleet privileges can exploit an internal API endpoint to retrieve sensitive configuration data, including private keys and authentication tokens, that should only be...

7.7CVSS5.9AI score0.00282EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/30 6:31 p.m.5 views

EUVD-2026-17115

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

6CVSS5.9AI score0.00203EPSS
Exploits0References2
NVD
NVD
added 2026/03/30 4:16 p.m.9 views

CVE-2026-5170

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

6CVSS0.00203EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/30 4:16 p.m.9 views

CVE-2026-5170

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

6CVSS5.9AI score0.00203EPSS
Exploits0References2
OSV
OSV
added 2026/03/30 4:16 p.m.4 views

UBUNTU-CVE-2026-5170

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

6CVSS5.8AI score0.00203EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/30 3:28 p.m.4 views

CVE-2026-5170

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

6CVSS5.9AI score0.00203EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/30 3:28 p.m.36 views

CVE-2026-5170

CVE-2026-5170 – summary : MongoDB Server is affected by a vulnerability where a user with limited privileges can cause a mongod crash during the window when a cluster is promoted from a replica set to a sharded cluster, resulting in a denial of service on the primary. Affected versions are MongoD...

6CVSS5.9AI score0.00203EPSS
Exploits0References1Affected Software1
FreeBSD
FreeBSD
added 2026/03/30 12:0 a.m.7 views

MongoDB Server -- CWE-617: Reachable Assertion

https://jira.mongodb.org/browse/SERVER-101758 reports: A user with access to the cluster with a limited set of privilege actions can trigger a crash of amongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may...

6CVSS5.9AI score0.00203EPSS
Exploits0References1
Rows per page
Query Builder