21209 matches found
CVE-2026-43638
Bitwarden Server before 2026.4.1 contains a missing authorization vulnerability that lets any authenticated user write ciphers into an arbitrary organization via POST /ciphers/import-organization by submitting an empty collections array, bypassing the server-side permission check. Affected produc...
Missing Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization in the updatemessagebyid process. An attacker can modify messages authored by other users by sending a request to the message update endpoint with only read permissions in a standard...
Missing Authorization
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Missing Authorization in the updatemessagebyid and deletemessagebyid endpoints due to missing ownership validation for messages. An attacker can alter or remove messages belonging to other users by sending...
EUVD-2026-29044
Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges...
CVE-2026-32658
Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges...
CVE-2026-32658
Dell Automation Platform versions prior to 2.0.0.0 contain a missing authorization vulnerability. A low-privilege attacker with remote access could exploit this to achieve elevation of privileges. The issue is tied to the platform’s access controls and is addressed by Dell’s security update/patch...
CVE-2026-32658
Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges...
CVE-2026-32658
Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges...
CVE-2026-32658
Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges...
PT-2026-39891
Name of the Vulnerable Software and Affected Versions MantisBT affected versions not specified Description A missing authorization check in the file visibility function allows any authenticated user with REPORTER level access or higher to download attachments from private bugnotes they are not...
PT-2026-39586
Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges...
PT-2026-39716
Bitwarden Server prior to v2026.4.0 contains a missing authorization vulnerability that allows a provider service user to add an arbitrary organization to their provider via POST /providers/providerId/clients/existing, resulting in takeover of the target organization; self-hosted installations ar...
CVE-2025-15634
A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page...
CVE-2025-15634 HCL BigFix WebUI is affected by a missing authorization vulnerability
A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page...
CVE-2025-15634 HCL BigFix WebUI is affected by a missing authorization vulnerability
A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page...
EUVD-2025-209754
A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page...
CVE-2025-15634
CVE-2025-15634: In HCL BigFix WebUI, a missing authorization flaw lets an authenticated user with LOW privileges view sensitive environmental information via direct URL access to an unauthorized page. Impact: confidentiality (environmental data) exposed; attack vector: network; complexity: low; r...
CVE-2025-15634
A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized page...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization due to the absence of authentication and authorization checks in the UPI management interface. An attacker can gain unauthorized access to read, modify, or delete UP-node and link topology data by sending...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization through the DeleteUpNodeLink process. An attacker can cause the application to crash and alter the in-memory user-plane topology by sending unauthenticated DELETE requests to the affected endpoint. Remediation...