Lucene search
K

4 matches found

NVD
NVD
added 2026/06/29 6:16 p.m.7 views

CVE-2026-57950

ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control vulnerability in ErpSaleOrderController that allows attackers with erp:sale-out permissions to gain unauthorized access to sale order operations by exploiting an incorrect permission namespace enforcement...

8.6CVSS0.00294EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/29 5:20 p.m.6 views

CVE-2026-57950

ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control vulnerability in ErpSaleOrderController that allows attackers with erp:sale-out permissions to gain unauthorized access to sale order operations by exploiting an incorrect permission namespace enforcement...

8.6CVSS5.8AI score0.00294EPSS
Exploits0References4
Veracode
Veracode
added 2026/05/16 8:30 a.m.13 views

Authorization Bypass

Kyverno is vulnerable to Authorization Bypass. The vulnerability is due to a critical authorization boundary bypass in namespaced Kyverno Policy apiCall, where the resolved urlPath is executed using the Kyverno admission controller ServiceAccount, with no enforcement that the request is limited t...

9.9CVSS7.5AI score0.00516EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.8 views

Nats-Server 安全漏洞

Nats-Server is a high-performance server developed by Nats Open Source, used for native message delivery systems on Nats.io, cloud, and edge environments. There were security vulnerabilities in versions of Nats-Server before 2.11.15 and 2.12.6. These vulnerabilities stemmed from the lack of ACL...

7.1CVSS6.4AI score0.00259EPSS
Exploits0References3
Rows per page
Query Builder