Lucene search
K

136 matches found

Nuclei
Nuclei
•added 8 hours ago•66 views

FatPipe WARP/IPVPN/MPVPN - Authorization Bypass

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 contain a missing authorization caused by lack of access control in the web management interface, letting remote attackers access sensitive URLs, exploit requires no authentication. id: CVE-2021-27858 info: name:...

5.3CVSS6.2AI score0.02703EPSS
Exploits1References4
Vulnrichment
Vulnrichment
•added 6 days ago•3 views

CVE-2026-59704 Cap - Missing Access Control in Video AI Metadata Endpoint

Cap's GET /api/video/ai endpoint fails to validate user ownership or membership before returning private video AI metadata including titles, summaries, and chapters. Authenticated attackers can supply arbitrary video IDs to read sensitive AI-generated content and trigger unauthorized AI generatio...

7.1CVSS6AI score0.00216EPSS
Exploits0References5
Cvelist
Cvelist
•added 6 days ago•27 views

CVE-2026-59704 Cap - Missing Access Control in Video AI Metadata Endpoint

Cap's GET /api/video/ai endpoint fails to validate user ownership or membership before returning private video AI metadata including titles, summaries, and chapters. Authenticated attackers can supply arbitrary video IDs to read sensitive AI-generated content and trigger unauthorized AI generatio...

7.1CVSS0.00216EPSS
Exploits0References5
Packet Storm
Packet Storm
•added 2026/06/29 12:0 a.m.•176 views

šŸ“„ ICagenda 3.9.14 / 4.0.7 Shell Upload

iCagenda, a popular events and calendar component for Joomla, contains an unauthenticated file upload vulnerability that allows remote attackers to upload and execute arbitrary PHP code on Joomla 6 sites. Versions 3.2.1 through 3.9.14 and 4.0.0 through 4.0.7 are affected.:1 CVE-2026-48939 -...

10CVSS6.2AI score0.01505EPSS
Exploits4
CVE
CVE
•added 2026/06/23 4:14 p.m.•13 views

CVE-2026-44957

The CVE-2026-44957 vulnerability affects Revive Adserver 6.0.6 and earlier, where a missing access control check in the XML-RPC API modify methods allowed entities to be reassigned to different parent entities, causing inconsistent ownership. The issue is exploitable only in combination with CVE-...

4.3CVSS5.9AI score0.00235EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/23 4:14 p.m.•9 views

EUVD-2026-38502

A missing access control check when invoking various modify methods in the XML‑RPC API of Revive Adserver 6.0.6 and earlier. The API allowed entities to be reassigned to different parent entities, leading to inconsistent ownership relationships. This issue was exploitable only in combination with...

4.3CVSS5.8AI score0.0031EPSS
Exploits1References1
Cvelist
Cvelist
•added 2026/06/10 5:16 p.m.•32 views

CVE-2026-20259 Improper Access Control in Splunk Enterprise

In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability editsavedsearchowner could reassign sav...

5.5CVSS0.00189EPSS
Exploits0References1
Positive Technologies
Positive Technologies
•added 2026/06/10 12:0 a.m.•18 views

PT-2026-48499

🚨 CVE-2026-20259 In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability edit saved search owne...

5.5CVSS5.2AI score0.00189EPSS
Exploits0References3
NVD
NVD
•added 2026/05/19 10:16 a.m.•16 views

CVE-2026-46721

The create and edit flows do not restrict which user properties may be submitted and do not enforce access control on the frontend user group assignment. As a result, an attacker can assign an arbitrary frontend user group to a newly registered or edited account, gaining unauthorized access to...

6.9CVSS0.00352EPSS
Exploits0References1
Packet Storm
Packet Storm
•added 2026/04/10 12:0 a.m.•98 views

šŸ“„ Authentic 8 User Profile Insecure Direct Object Reference

Proof of concept exploit that demonstrates user data exposure via an insecure direct object reference and missing access control vulnerabilities in the User Profile endpoint of Authentic 8...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
•added 2026/04/07 12:0 a.m.•6 views

PT-2026-30821

Name of the Vulnerable Software and Affected Versions MLflow versions prior to 3.10.1 Description An authorization bypass exists in the AJAX endpoint used to download saved model artifacts. Due to missing access-control validation, a user without permissions to a specific experiment can directly...

5.3CVSS5.7AI score0.00362EPSS
Exploits2References10
OSV
OSV
•added 2026/03/27 3:35 p.m.•1 views

GHSA-26GM-93RW-CCHF Open WebUI has unauthorized deletion of knowledge files

Summary An access control check is missing when deleting a file from a knowledge base. The only check being done is that the user has write access to the knowledge base or is admin, but NOT that the file actually belongs to this knowledge base. It is thus possible to delete arbitrary files from...

5.4CVSS6AI score0.00252EPSS
Exploits1References4
EUVD
EUVD
•added 2026/03/26 3:30 p.m.•3 views

EUVD-2025-209079

HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the application and may steal and manipulate the data...

9.8CVSS5.8AI score0.00319EPSS
Exploits0References2
NVD
NVD
•added 2026/03/26 2:16 p.m.•6 views

CVE-2025-55261

HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the application and may steal and manipulate the data...

9.8CVSS0.00319EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
•added 2026/03/26 1:10 p.m.•1 views

CVE-2025-55261

HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the application and may steal and manipulate the data...

8.1CVSS5.8AI score0.00319EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
•added 2026/03/26 12:0 a.m.•3 views

PT-2026-28286

Name of the Vulnerable Software and Affected Versions HCL Aftermarket DPC affected versions not specified Description The application suffers from missing functional level access control, potentially allowing an attacker to escalate privileges and compromise the application. This could lead to th...

9.8CVSS5.8AI score0.00319EPSS
Exploits0References4
CNNVD
CNNVD
•added 2026/03/26 12:0 a.m.•8 views

OpenEMR å®‰å…Øę¼ę“ž

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.3 contained security...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References3
EUVD
EUVD
•added 2026/03/25 9:30 p.m.•3 views

EUVD-2025-209029

IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to missing function level access control...

5.1CVSS5.8AI score0.00147EPSS
Exploits0References2
NVD
NVD
•added 2026/03/25 9:16 p.m.•7 views

CVE-2025-36440

IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to missing function level access control...

5.5CVSS0.00147EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/03/25 8:34 p.m.•22 views

CVE-2025-36440 Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to missing function level access control...

5.1CVSS0.00147EPSS
Exploits0References1
Rows per page
Query Builder