Lucene search
K

2089 matches found

NVD
NVD
added yesterday4 views

CVE-2026-40141

A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to acces...

8.5CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-40141

A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to acces...

8.5CVSS6AI score
Exploits0References2
CVE
CVE
added yesterday6 views

CVE-2026-40141

Technical details (affected product versions, root cause, fixes) are not publicly available in the provided documents; monitor for updates.

8.5CVSS6AI score
Exploits0References1
Nuclei
Nuclei
added yesterday35 views

CData Sync < 23.4.8843 - Path Traversal

A path traversal vulnerability exists in the Java version of CData Sync CData - Sync' - r...

8.6CVSS7.2AI score0.02909EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago54 views

EUVD-2026-32710

Keycloak has privilege escalation via improper scope mapping enforcement...

7.3CVSS5.8AI score0.00292EPSS
Exploits0References12
Cvelist
Cvelist
added 6 days ago37 views

CVE-2026-54263 Wagtail: Reflected XSS in dynamic image URL generator view

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, reflected cross-site scripting XSS vulnerability exists on the dynamic image URL generator view within the Wagtail admin interface. A user with a limited-permission editor account for...

7.3CVSS0.00203EPSS
Exploits0References1
CVE
CVE
added 6 days ago11 views

CVE-2026-54263

Wagtail (Django-based CMS) has a reflected XSS in the dynamic image URL generator view within the admin. A limited-permission editor could craft a URL that, when seen by a higher-privilege user, could act with that user’s credentials. Affected versions: &lt; 7.0.8, &lt; 7.3.3,

7.3CVSS5.5AI score0.00203EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-40427

Capgo before 12.128.2 contains a broken object level authorization vulnerability in middlewareKey that accepts the client-controlled x-limited-key-id header without validating ownership, allowing authenticated users to adopt cross-tenant limited keys. Attackers can supply another tenant's limited...

8.8CVSS5.8AI score0.00322EPSS
Exploits0References3
NVD
NVD
added last week5 views

CVE-2026-56230

Capgo before 12.128.2 contains a broken object level authorization vulnerability in middlewareKey that accepts the client-controlled x-limited-key-id header without validating ownership, allowing authenticated users to adopt cross-tenant limited keys. Attackers can supply another tenant's limited...

8.8CVSS0.00322EPSS
Exploits0References2
CVE
CVE
added last week11 views

CVE-2026-56230

Capgo before 12.128.2 contains a Broken Object Level Authorization vulnerability in the middlewareKey() function. The flaw accepts the client-controlled x-limited-key-id header without ownership validation, enabling authenticated users to adopt cross-tenant limited keys and bypass authorization c...

8.8CVSS5.8AI score0.00322EPSS
Exploits0References2
Cvelist
Cvelist
added last week22 views

CVE-2026-56230 Capgo - Broken Object Level Authorization via x-limited-key-id Header

Capgo before 12.128.2 contains a broken object level authorization vulnerability in middlewareKey that accepts the client-controlled x-limited-key-id header without validating ownership, allowing authenticated users to adopt cross-tenant limited keys. Attackers can supply another tenant's limited...

8.8CVSS0.00322EPSS
Exploits0References2
NVD
NVD
added last week7 views

CVE-2026-48313

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read and limited write access. An attacker could exploit this vulnerability to access sensitive...

9.3CVSS0.00479EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added last week7 views

CVE-2026-12388

A flaw was found in the Identity Provider IdP mapper component of Keycloak, which is used to manage how user information from external services is mapped to Keycloak users. An administrator with limited permissions to manage identity providers can exploit this flaw by creating a "Hardcoded Role"...

6.5CVSS5.6AI score0.00233EPSS
Exploits0References3
CVE
CVE
added last week11 views

CVE-2026-12388

CVE-2026-12388 affects Keycloak’s Identity Provider (IdP) mapper component. A restricted administrator can abuse a misconfigured or specifically a Hardcoded Role mapper to assign high-privilege roles (e.g., realm-admin) to themselves or other users, bypassing security checks and gaining full cont...

6.5CVSS5.8AI score0.00233EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-54023

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An issue exists in the middlewareKey function where the system accepts the client-controlled x-limited-key-id header without validating ownership. This allows authenticated users to adopt limited ke...

8.8CVSS5.8AI score0.00322EPSS
Exploits0References4
NVD
NVD
added 2026/06/29 6:16 p.m.7 views

CVE-2026-57959

Hi.Events through 1.9.0 contains a promo code validation vulnerability where reservation validates usage count before asynchronous UpdateEventStatisticsJob increments it, allowing attackers to redeem limited promo codes unlimited times. Attackers can sequentially reserve multiple orders with the...

8.2CVSS0.00193EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/29 5:24 p.m.6 views

EUVD-2026-40144

Hi.Events through 1.9.0 contains a promo code validation vulnerability where reservation validates usage count before asynchronous UpdateEventStatisticsJob increments it, allowing attackers to redeem limited promo codes unlimited times. Attackers can sequentially reserve multiple orders with the...

8.2CVSS5.8AI score0.00193EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/29 4:49 p.m.6 views

CVE-2026-56789

RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count values from RINEX epoch headers. Attackers can craft malicious RINEX files declaring more than 64...

7.1CVSS6AI score0.00239EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/28 1:32 a.m.34 views

CVE-2026-58054 MyBB - Privilege Escalation from Limited ACP User Management to Administrator

MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when creating or editing users; the user module offers the Administrators group gid 4 and its datahandler's verifyusergroup unconditionally returns true. An admin holding only the delegated user-management...

8.6CVSS0.00272EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/25 6:47 p.m.7 views

keycloak: Group-Admin Escalation to Realm-Admin

A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild endpoint within the Admin REST API allows an authenticated user with limited administrative privileges to reparent any existing group. When Fine-Grained Admin Permissions v2 FGAPv2 is enabled, an attacker wi...

7.7CVSS5.8AI score0.00288EPSS
Exploits0References4
Rows per page
Query Builder