Lucene search
K

15 matches found

Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.13 views

PT-2026-52574

Name of the Vulnerable Software and Affected Versions Bitwarden Server versions prior to 2026.5.0 Description An issue exists where authenticated Custom users with the ManageUsers permission can escalate privileges to remove Admin accounts from an organization. This occurs due to a missing role...

7.1CVSS5.8AI score0.00277EPSS
Exploits1References8
EUVD
EUVD
added 2026/06/23 3:34 p.m.9 views

EUVD-2026-38463

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role authorization. Attackers with a valid questionId can approve or reject privileged actions like package installation by submitting approval response...

7.1CVSS5.9AI score0.00213EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 3:16 p.m.11 views

CVE-2026-45549

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, agentaction app/routes/smon/agentroutes.py:166-179 has decorators @bp.post'/agent/action/' and @jwtrequired only — no role check, no group ownership check on the serverip form...

8.5CVSS0.00199EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.11 views

PT-2026-45063

Summary Type: Authorization bypass enabling owner lockout. The DELETE /workspaces/workspace id/members/user id endpoint is gated only by require workspace memberworkspace id default min role="member". Any member can remove any other member, including the workspace owner, using a single DELETE...

8.1CVSS5.8AI score0.00041EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/28 8:12 p.m.16 views

CVE-2026-46425

Budibase is an open-source low-code platform. Prior to 3.38.2, packages/worker/src/api/routes/global/scim.ts attaches only two middlewares to the SCIM router: requireSCIM checks the Enterprise feature flag and SCIM config and doInScimContext sets the SCIM request context. There is no role check...

9.9CVSS5.8AI score0.00286EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.8 views

Budibase 安全漏洞

Budibase is an open-source low-code platform developed by Budibase in the UK. It allows for the creation of internal applications, workflows, and management panels within minutes. Versions of Budibase prior to 3.38.2 contained security vulnerabilities. These vulnerabilities stemmed from a lack of...

9.9CVSS5.9AI score0.00286EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/08 7:23 p.m.13 views

CVE-2026-42185 People: Privilege Escalation via Missing Role Ceiling in Mail Domain Invitation

People is an application to handle users and teams, and distribute permissions across La Suite. Prior to version 1.25.0, a user holding the Administrator role on a mail domain could send a crafted invitation request to promote any existing user including users with no current domain access to the...

5.5CVSS5.8AI score0.00263EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/08 7:23 p.m.38 views

CVE-2026-42185 People: Privilege Escalation via Missing Role Ceiling in Mail Domain Invitation

People is an application to handle users and teams, and distribute permissions across La Suite. Prior to version 1.25.0, a user holding the Administrator role on a mail domain could send a crafted invitation request to promote any existing user including users with no current domain access to the...

5.5CVSS0.00263EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2009-0010

Malware in sbrugna...

7.5CVSS6.1AI score0.01968EPSS
Exploits1References12
CVE
CVE
added 2025/09/02 7:48 p.m.13 views

CVE-2025-6685

ATEN eco DC contains a missing authorization flaw in its web-based interface that can enable privilege escalation. The issue arises from not validating the assigned user role when handling requests, allowing an attacker with network access to escalate privileges to restricted resources; authentic...

8.8CVSS6.6AI score0.00654EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/07/01 12:0 a.m.8 views

WordPress plugin Opal Estate Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

9.8CVSS6.3AI score0.22334EPSS
Exploits12References5
OSV
OSV
added 2024/02/14 5:15 p.m.3 views

CVE-2024-24966

When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

5.5CVSS5.8AI score0.00203EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/06/13 12:0 a.m.3 views

Couchbase Server 授权问题漏洞

Couchbase Server is a distributed, open source NoSQL non-relational database from Couchbase, Inc. that supports data querying, full-text searching, and active global replication. A security vulnerability exists in versions of Couchbase Server prior to 7.0.4, which stems from a lack of role checki...

7.5CVSS7.3AI score0.00957EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/06/01 7:45 p.m.38 views

CVE-2022-31022 Missing Role Based Access Control for the REST handlers in bleve/http package

Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s filesystem where the bleve index resides, if the user has used bleve’s own HTTP bleve/http handlers fo...

6.2CVSS6.6AI score0.00332EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/04/21 12:0 a.m.5 views

Sourcecodester Baby Care System SQL注入漏洞

Sourcecodester Baby Care System is an application of the Sourcecodester community in the United States. Sourcecodester Baby Care System v1.0 contains a SQL injection vulnerability that originates in /admin/siteoptions.php & action=displaygoal & value=1 & roleid= where the roleid parameter is...

9.8CVSS6.2AI score0.01185EPSS
Exploits1References2
Rows per page
Query Builder