Lucene search
K

41 matches found

Github Security Blog
Github Security Blog
added 2026/05/04 9:19 p.m.10 views

AzuraCast has Missing Permissions Check on Media File Download, Allowing Cross-Station Data Exfiltration

Summary The GET /api/station/stationid/file/id/play endpoint, handled by PlayAction, is missing the Middleware\Permissions check that protects all sibling routes in the same /file/id route group. Any authenticated user can download media files from any station, regardless of whether they have...

5.8AI score
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/06 4:7 a.m.4 views

CVE-2026-27603 Chartbrew: Unauthenticated Chart Filter Endpoint: POST /project/:project_id/chart/:chart_id/filter missing verifyToken + checkPermissions

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.4, the chart filter endpoint POST /project/:projectid/chart/:chartid/filter is missing both verifyToken and checkPermissions middleware, allowing...

8.7CVSS5.8AI score0.0042EPSS
Exploits1References2
CVE
CVE
added 2026/01/20 2:26 p.m.16 views

CVE-2025-15347

The Creator LMS WordPress plugin (

8.8CVSS5.7AI score0.00271EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-15312

Malware in sbrugna...

7.8CVSS7.9AI score0.0029EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 2:26 a.m.4 views

CVE-2023-27264

A missing permissions check in Mattermost Playbooks in Mattermost allows an attacker to modify a playbook via the /plugins/playbooks/api/v0/playbooks/playbookID API...

7.1CVSS6.8AI score0.00502EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/03/27 8:46 p.m.46 views

CVE-2023-28640 Permissions bypass in Apiman could enable authenticated attacker to unpermitted API Key

Apiman is a flexible and open source API Management platform. Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL, which includes Organisation ID, Client...

6.4CVSS6.6AI score0.0034EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/02/27 2:44 p.m.22 views

CVE-2023-27263 IDOR: Accessing playbook runs via the Playbooks Runs API

A missing permissions check in the /plugins/playbooks/api/v0/runs API in Mattermost allows an attacker to list and view playbooks belonging to a team they are not a member of...

4.3CVSS6.5AI score0.00499EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/10/17 8:55 a.m.16 views

CVE-2022-3501 Information exposure of template content due to missing check of permissions

Article template contents with sensitive data could be accessed from agents without permissions...

3.5CVSS7.7AI score0.0044EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/14 4:55 p.m.82 views

Security Bulletin: Multiple Samba vulnerability issues in IBM Storwize V7000 Unified

Summary IBM Storwize V7000 Unified is shipped with Samba, for which a fix is available for security vulnerabilities. Vulnerability Details CVEID: CVE-2021-20254 DESCRIPTION: Samba could allow a remote authenticated attacker to bypass security restrictions, caused by a coding error when converting...

6.8CVSS0.8AI score0.01616EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/07/02 12:0 a.m.16 views

Atlassian Jira 8.6.x < 8.12.2 Information Disclosure

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 7.13.18, 8.x 8.5.9 or 8.6.x 8.12.2. It is, therefore, affected by an information disclosure vulnerability due to a missing permissions check in the ActionsAndOperations resour...

5.3CVSS5.6AI score0.01866EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/05/19 12:0 a.m.78 views

RHEL 8 : samba (RHSA-2021:1647)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1647 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...

10CVSS7.8AI score0.99512EPSS
Exploits75References22
NVD
NVD
added 2021/04/09 2:15 a.m.20 views

CVE-2020-36287

The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions check...

5.3CVSS0.08951EPSS
Exploits1References1
Prion
Prion
added 2021/04/09 2:15 a.m.19 views

Open redirect

The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions check...

5CVSS5.1AI score0.08951EPSS
Exploits1References1Affected Software4
Positive Technologies
Positive Technologies
added 2021/04/09 12:0 a.m.8 views

PT-2021-11994 · Atlassian · Jira +1

Name of the Vulnerable Software and Affected Versions: Jira Server versions prior to 8.13.5 Jira Server versions 8.14.0 through 8.15.0 Jira Data Center versions prior to 8.13.5 Jira Data Center versions 8.14.0 through 8.15.0 Description: The issue allows remote anonymous attackers to obtain gadge...

5.3CVSS5AI score0.08951EPSS
Exploits1References7
Prion
Prion
added 2021/04/01 3:15 a.m.21 views

Design/Logic Flaw

The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to determine if a username is valid or not via a missing permissions check...

5CVSS5.2AI score0.01591EPSS
Exploits0References1Affected Software4
Tenable Nessus
Tenable Nessus
added 2020/12/09 12:0 a.m.28 views

SUSE SLES15 Security Update : samba (SUSE-SU-2020:3087-1)

This update for samba fixes the following issues : CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records bsc1177613. CVE-2020-14323: Unprivileged user can crash winbind; bsc1173994. CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify bsc1173902...

6.5CVSS6.8AI score0.0218EPSS
Exploits0References10
OSV
OSV
added 2020/10/15 10:15 p.m.2 views

CVE-2020-14185

Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before version 8.12.2...

5.3CVSS6.1AI score0.01866EPSS
Exploits0References1
NVD
NVD
added 2020/10/15 10:15 p.m.17 views

CVE-2020-14185

Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before version 8.12.2...

5.3CVSS0.01866EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/10/15 9:25 p.m.17 views

CVE-2020-14185

Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before version 8.12.2...

5.3AI score0.01866EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/04/10 12:0 a.m.402 views

CentOS 7 : kernel (RHSA-2020:1016)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1016 advisory. - In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size...

9.8CVSS7.8AI score0.12651EPSS
Exploits8References26
Rows per page
Query Builder