Lucene search
K

6 matches found

CVE
CVE
added 2026/06/02 8:27 a.m.16 views

CVE-2026-10549

CVE-2026-10549 describes an LDAP filter injection in Yandex Database leading to bypass of group membership checks and unauthorized access for an attacker with valid LDAP credentials. Affected product: Yandex Database before version 25.3.1.25. Root cause: LDAP filter injection in the authenticatio...

5.3CVSS5.8AI score0.00268EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 10:16 p.m.16 views

CVE-2026-44426

ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/namespaces/:tenant returns the full namespace object — including the members list user IDs, e-mails, roles, settings, and device counts — to any caller authenticated by an API Key, for any tenant, regardless of the API Key's own...

6.5CVSS0.00308EPSS
Exploits1References1
OSV
OSV
added 2026/04/29 9:21 p.m.13 views

GHSA-756Q-GQ9H-FP22 n8n has Public API Variables IDOR that Allows Cross-Project Secret Disclosure

Impact An authenticated user with a valid API key scoped to variable:list could read variables from projects they are not a member of by supplying an arbitrary projectId query parameter to the public API variables endpoint. The handler queried the variables repository directly without enforcing...

7.7CVSS5.8AI score0.00203EPSS
Exploits0References3
Snyk
Snyk
added 2025/12/31 6:47 a.m.1 views

Incomplete Comparison with Missing Factors

Overview Affected versions of this package are vulnerable to Incomplete Comparison with Missing Factors in the cryptocoreed25519isvalidpoint function when handling certain custom cryptography or untrusted data. An attacker can bypass intended cryptographic group membership checks by supplying...

4.5CVSS6.8AI score0.00166EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/24 8:1 a.m.5 views

CVE-2025-13767 Unauthorized Read Access to Private Channel Posts via Mattermost Jira Plugin

Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fails to validate user channel membership when attaching Mattermost posts as comments to Jira issues, which allows an authenticated attacker with access to the Jira plugin to read post content and attachmen...

4.3CVSS6.2AI score0.00165EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2014/09/16 5:28 a.m.2 views

(Plone): Anonymous users can list user account names

It was discovered that Plone, included as a part of luci, did not properly enforce permissions checks on the membership database. A remote attacker could use a specially crafted URL that, when processed, could allow the attacker to enumerate user account names...

5CVSS5.8AI score0.02118EPSS
Exploits0References4
Rows per page
Query Builder