Lucene search
K

254 matches found

Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.6 views

PT-2026-30821

Name of the Vulnerable Software and Affected Versions MLflow versions prior to 3.10.1 Description An authorization bypass exists in the AJAX endpoint used to download saved model artifacts. Due to missing access-control validation, a user without permissions to a specific experiment can directly...

5.3CVSS5.7AI score0.00362EPSS
Exploits2References10
CNNVD
CNNVD
added 2026/04/04 12:0 a.m.7 views

WordPress plugin Pie Register – User Registration, Profiles & Content Restriction 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.8AI score0.00284EPSS
Exploits0References2
OSV
OSV
added 2026/03/27 3:35 p.m.1 views

GHSA-26GM-93RW-CCHF Open WebUI has unauthorized deletion of knowledge files

Summary An access control check is missing when deleting a file from a knowledge base. The only check being done is that the user has write access to the knowledge base or is admin, but NOT that the file actually belongs to this knowledge base. It is thus possible to delete arbitrary files from...

5.4CVSS6AI score0.00252EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/26 3:30 p.m.3 views

EUVD-2025-209079

HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the application and may steal and manipulate the data...

9.8CVSS5.8AI score0.00319EPSS
Exploits0References2
NVD
NVD
added 2026/03/26 2:16 p.m.6 views

CVE-2025-55261

HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the application and may steal and manipulate the data...

9.8CVSS0.00319EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 1:10 p.m.1 views

CVE-2025-55261

HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the application and may steal and manipulate the data...

8.1CVSS5.8AI score0.00319EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.3 views

PT-2026-28286

Name of the Vulnerable Software and Affected Versions HCL Aftermarket DPC affected versions not specified Description The application suffers from missing functional level access control, potentially allowing an attacker to escalate privileges and compromise the application. This could lead to th...

9.8CVSS5.8AI score0.00319EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.8 views

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.3 contained security...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/25 9:30 p.m.3 views

EUVD-2025-209029

IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to missing function level access control...

5.1CVSS5.8AI score0.00147EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 9:16 p.m.6 views

CVE-2025-36440

IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to missing function level access control...

5.5CVSS0.00147EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 8:34 p.m.1 views

CVE-2025-36440 Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to missing function level access control...

5.1CVSS5.8AI score0.00147EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 8:34 p.m.19 views

CVE-2025-36440

CVE-2025-36440 affects IBM Concert versions 1.0.0 through 2.2.0. The vulnerability arises from missing function-level access control, enabling a local user to obtain sensitive information. The NVD entry and CVE records corroborate the vendor-reported impact and scope. The provided metrics indicat...

5.5CVSS5.8AI score0.00147EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/25 8:34 p.m.22 views

CVE-2025-36440 Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to missing function level access control...

5.1CVSS0.00147EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.7 views

PT-2026-28116

IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to missing function level access control...

5.1CVSS5.8AI score0.00147EPSS
Exploits0References2
NVD
NVD
added 2026/03/20 12:16 a.m.4 views

CVE-2026-29189

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the SuiteCRM REST API V8 has missing ACL Access Control List checks on several endpoints, allowing authenticated users to access and manipulate data they...

8.1CVSS0.00321EPSS
Exploits0References2
Veracode
Veracode
added 2026/03/14 5:26 a.m.7 views

Information Disclosure

Glances is vulnerable to Information Disclosure. The vulnerability is due to missing access control and filtering in the /api/4/config endpoint, which returns the full configuration including sensitive data such as passwords, API tokens, and cryptographic keys...

8.7CVSS5.8AI score0.01657EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.6 views

PT-2026-25185

Missing Authorization vulnerability in raratheme Construction Landing Page construction-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Construction Landing Page: from n/a through = 1.4.1...

5.3CVSS5.8AI score0.00224EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.5 views

WordPress plugin Social Icons Widget & Block by WPZOOM 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.8AI score0.00207EPSS
Exploits0References5
OSV
OSV
added 2026/03/01 1:24 a.m.4 views

GHSA-RFPP-2HGM-GP5V Indico has a missing access check in the event series management API

Impact The API endpoint used to manage event series is missing an access check, allowing unauthenticated/unauthorized access to this endpoint. The impact of this is limited to: - Getting the metadata title, category chain, start/end date for events in an existing series - Deleting an existing eve...

6.5CVSS6AI score0.00264EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/27 4:13 a.m.5 views

CVE-2026-27954

Live Helper Chat is an open-source application that enables live support websites. In versions up to and including 4.52, three chat action endpoints holdaction.php, blockuser.php, and transferchat.php load chat objects by ID without calling erLhcoreClassChat::hasAccessToRead, allowing operators t...

7.1CVSS5.3AI score0.0019EPSS
Exploits0References1
Rows per page
Query Builder