41 matches found
AzuraCast has Missing Permissions Check on Media File Download, Allowing Cross-Station Data Exfiltration
Summary The GET /api/station/stationid/file/id/play endpoint, handled by PlayAction, is missing the Middleware\Permissions check that protects all sibling routes in the same /file/id route group. Any authenticated user can download media files from any station, regardless of whether they have...
CVE-2026-27603 Chartbrew: Unauthenticated Chart Filter Endpoint: POST /project/:project_id/chart/:chart_id/filter missing verifyToken + checkPermissions
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.4, the chart filter endpoint POST /project/:projectid/chart/:chartid/filter is missing both verifyToken and checkPermissions middleware, allowing...
CVE-2025-15347
The Creator LMS WordPress plugin (
EUVD-2017-15312
Malware in sbrugna...
CVE-2023-27264
A missing permissions check in Mattermost Playbooks in Mattermost allows an attacker to modify a playbook via the /plugins/playbooks/api/v0/playbooks/playbookID API...
CVE-2023-28640 Permissions bypass in Apiman could enable authenticated attacker to unpermitted API Key
Apiman is a flexible and open source API Management platform. Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL, which includes Organisation ID, Client...
CVE-2023-27263 IDOR: Accessing playbook runs via the Playbooks Runs API
A missing permissions check in the /plugins/playbooks/api/v0/runs API in Mattermost allows an attacker to list and view playbooks belonging to a team they are not a member of...
CVE-2022-3501 Information exposure of template content due to missing check of permissions
Article template contents with sensitive data could be accessed from agents without permissions...
Security Bulletin: Multiple Samba vulnerability issues in IBM Storwize V7000 Unified
Summary IBM Storwize V7000 Unified is shipped with Samba, for which a fix is available for security vulnerabilities. Vulnerability Details CVEID: CVE-2021-20254 DESCRIPTION: Samba could allow a remote authenticated attacker to bypass security restrictions, caused by a coding error when converting...
Atlassian Jira 8.6.x < 8.12.2 Information Disclosure
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 7.13.18, 8.x 8.5.9 or 8.6.x 8.12.2. It is, therefore, affected by an information disclosure vulnerability due to a missing permissions check in the ActionsAndOperations resour...
RHEL 8 : samba (RHSA-2021:1647)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1647 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...
CVE-2020-36287
The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions check...
Open redirect
The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions check...
PT-2021-11994 · Atlassian · Jira +1
Name of the Vulnerable Software and Affected Versions: Jira Server versions prior to 8.13.5 Jira Server versions 8.14.0 through 8.15.0 Jira Data Center versions prior to 8.13.5 Jira Data Center versions 8.14.0 through 8.15.0 Description: The issue allows remote anonymous attackers to obtain gadge...
Design/Logic Flaw
The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions check...
SUSE SLES15 Security Update : samba (SUSE-SU-2020:3087-1)
This update for samba fixes the following issues : CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records bsc1177613. CVE-2020-14323: Unprivileged user can crash winbind; bsc1173994. CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify bsc1173902...
CVE-2020-14185
Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before version 8.12.2...
CVE-2020-14185
Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before version 8.12.2...
CVE-2020-14185
Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before version 8.12.2...
CentOS 7 : kernel (RHSA-2020:1016)
The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1016 advisory. - In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size...