Lucene search
K

3408 matches found

Nuclei
Nuclei
added 17 hours ago48 views

Atlassian Jira <7.13.3/8.0.0-8.1.1 - Incorrect Authorization

Atlasssian Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 is susceptible to incorrect authorization. The ManageFilters.jspa resource allows a remote attacker to enumerate usernames via an incorrect authorization check, thus possibly obtaining sensitive information, modifyi...

5.3CVSS6.4AI score0.12719EPSS
Exploits0References2
Nuclei
Nuclei
added 3 days ago299 views

Oracle E-Business Suite <=12.2 - Authentication Bypass

Oracle E-Business Suite component: Manage Proxies 12.1 and 12.2 are susceptible to an easily exploitable vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise it by self-registering for an account. Successful attacks of this vulnerability can result in...

7.5CVSS7.1AI score0.70589EPSS
Exploits1References5
OSV
OSV
added 5 days ago3 views

PYSEC-2026-735 Improper Restriction of XML External Entity Reference in Plone

Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata therefore, only available to the Manager role...

8.8CVSS6AI score0.01066EPSS
Exploits0References7
NVD
NVD
added last week6 views

CVE-2026-9106

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization's runner management. An attacker could exploit this by creating an OAuth application requesting the managerunners:org scope and directing ...

5.5CVSS0.00176EPSS
Exploits0References6
Cvelist
Cvelist
added last week34 views

CVE-2026-9106 UI misrepresentation vulnerability in GitHub Enterprise Server allowed unauthorized organization runner management via undisclosed OAuth scope on consent screen

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization's runner management. An attacker could exploit this by creating an OAuth application requesting the managerunners:org scope and directing ...

4.8CVSS0.00176EPSS
Exploits0References6
EUVD
EUVD
added last week7 views

EUVD-2026-40407

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed an OAuth application to gain unintended access to an organization's runner management. An attacker could exploit this by creating an OAuth application requesting the managerunners:org scope and directing ...

4.8CVSS5.8AI score0.00176EPSS
Exploits0References5
CVE
CVE
added last week12 views

CVE-2026-9106

The CVE-2026-9106 issue concerns GitHub Enterprise Server where a UI misrepresentation allowed an OAuth app to gain unauthorized access to an organization’s runner management. A victim could be tricked into authorizing an app requesting the manage_runners:org scope because the scope was not shown...

5.5CVSS5.8AI score0.00176EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/06/30 1:18 p.m.9 views

CVE-2026-4629

A flaw was found in Keycloak. A highly privileged user with manage-clients permission can exploit this vulnerability by injecting a hardcoded role mapper into any client. This action allows the user to bypass existing scope restrictions and inject the realm-admin role into generated tokens,...

6.5CVSS0.0024EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/30 12:0 p.m.6 views

EUVD-2026-40300

A flaw was found in Keycloak. A highly privileged user with manage-clients permission can exploit this vulnerability by injecting a hardcoded role mapper into any client. This action allows the user to bypass existing scope restrictions and inject the realm-admin role into generated tokens,...

6.5CVSS5.7AI score0.0024EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/30 12:0 p.m.35 views

CVE-2026-4629 Keycloak: keycloak: privilege escalation through hardcoded role mapper injection

A flaw was found in Keycloak. A highly privileged user with manage-clients permission can exploit this vulnerability by injecting a hardcoded role mapper into any client. This action allows the user to bypass existing scope restrictions and inject the realm-admin role into generated tokens,...

6.5CVSS0.0024EPSS
Exploits1References2
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-574 wger: cross-tenant password reset and plaintext disclosure via gym=None bypass

Summary The resetuserpassword and gympermissionsuseredit views in wger perform a gym-scope authorization check using Python object comparison != that evaluates None != None as False, silently bypassing the guard when both the attacker and victim have no gym assignment gym=None. A user with...

9.9CVSS6AI score0.00371EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/29 7:30 a.m.32 views

CVE-2026-13547 Hanwang e-Face General Management Platform upload.do unrestricted upload

A vulnerability was determined in Hanwang e-Face General Management Platform 6.3.5.4. This issue affects some unknown processing of the file /manage/resourceUpload/upload.do. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The...

7.5CVSS0.00278EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/26 3:58 p.m.6 views

EUVD-2026-39795

Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission to escalate privileges by assigning arbitrary custom roles to themselves due to missing authorization checks in UserApiController::saveAction. Attackers can...

8.8CVSS6.2AI score0.00479EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 10:54 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses ws-8.17.1 in inspections application which is vulnerable to CVE-2026-45736

Summary IBM Maximo Application Suite - Manage Component uses ws-8.17.1 in inspections application which is vulnerable to CVE-2026-45736. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-45736 DESCRIPTION: ws is an open source...

7.5CVSS5.8AI score0.00717EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 8:1 a.m.3 views

Security Bulletin: There is a vulnerability in urllib3-2.6.3-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-44431)

Summary There is a vulnerability in urllib3-2.6.3-py3-none-any.whl used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-44431 DESCRIPTION: urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followe...

8.9CVSS5.8AI score0.0068EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/06/25 7:9 p.m.18 views

CVE-2026-57521 Bitwarden Server < 2026.5.0 Broken Access Control via PreviewInvoiceController

Bitwarden Server before 2026.5.0 contains a broken access control vulnerability that allows any authenticated user to access arbitrary organization billing data by supplying an arbitrary organizationId to the PreviewInvoiceController endpoints without membership or authorization checks. Attackers...

5.3CVSS0.00248EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/25 7:8 p.m.19 views

CVE-2026-57520 Bitwarden Server < 2026.5.0 Privilege Escalation via Bulk User Remove Endpoint

Bitwarden Server before 2026.5.0 contains a privilege escalation vulnerability that allows authenticated Custom users with ManageUsers permission to remove Admin accounts from an organization by exploiting a missing role hierarchy check in the bulk user-remove endpoint. Attackers can supply Admin...

7.1CVSS0.00354EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/06/25 7:8 p.m.5 views

CVE-2026-57520

Bitwarden Server before 2026.5.0 contains a privilege escalation vulnerability that allows authenticated Custom users with ManageUsers permission to remove Admin accounts from an organization by exploiting a missing role hierarchy check in the bulk user-remove endpoint. Attackers can supply Admin...

7.1CVSS5.9AI score0.00354EPSS
Exploits1References6
EUVD
EUVD
added 2026/06/25 7:8 p.m.5 views

EUVD-2026-39541

Bitwarden Server before 2026.5.0 contains a privilege escalation vulnerability that allows authenticated Custom users with ManageUsers permission to remove Admin accounts from an organization by exploiting a missing role hierarchy check in the bulk user-remove endpoint. Attackers can supply Admin...

7.1CVSS5.9AI score0.00354EPSS
Exploits1References5
CVE
CVE
added 2026/06/25 7:8 p.m.22 views

CVE-2026-57520

Bitwarden Server prior to 2026.5.0 is affected by a privilege-escalation vulnerability in the bulk user-remove endpoint. The issue arises from a missing role hierarchy check, allowing authenticated Custom users with ManageUsers permission to remove Admin accounts from an organization by supplying...

7.1CVSS5.9AI score0.00354EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder