13 matches found
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the monitor API endpoints, which lack proper ownership enforcement. An attacker can read, modify, rename, or permanently delete another user's messages, sessions, build artifacts, and...
CVE-2026-34579
Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior are vulnerable to Authorization Bypass through the private issue monitoring feature . Using a crafted POST request to bugmonitoradd.php, a user with project-level access can add themselves as a monitor for a...
EUVD-2024-54667
Malicious code in bioql PyPI...
BIT-KIBANA-2024-43706 Kibana Improper Authorization
Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint...
BIT-ELK-2024-43706 Kibana Improper Authorization
Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint...
CVE-2024-43706
Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint...
CVE-2024-43706
Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint...
CVE-2024-43706 Kibana Improper Authorization
Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint...
CVE-2024-43706 Kibana Improper Authorization
Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint...
CVE-2024-43706
Kibana has a vulnerability CVE-2024-43706 described as Improper authorization that enables privilege abuse through a direct HTTP request to a Synthetic monitor endpoint. Multiple sources summarize that affected versions include Kibana up to 8.12.0, with a fix released in 8.12.1 (ESA-2024-21). The...
PT-2025-24819 · Elastic · Kibana
Name of the Vulnerable Software and Affected Versions: Elasticsearch Kibana affected versions not specified Description: The issue is related to improper authorization in Kibana, which can be exploited to abuse privileges. This can be achieved by sending a direct HTTP request to a Synthetic monit...
Selesta Visual Access Manager 安全漏洞
Selesta Visual Access Manager is a visual access manager from Selesta. A SQL injection vulnerability exists in Selesta Visual Access Manager, which can be exploited by an attacker to perform SQL injection in multiple parameters of /monitor/snormalizedtrans.php...
Improper Authorization
Overview PyNinja is a Lightweight OS-agnostic service monitoring API Affected versions of this package are vulnerable to Improper Authorization due to the ability to access the '/monitor' page, which exposes sensitive information. Remediation Upgrade PyNinja to version 1.1.0 or higher. References...