Lucene search
K

305 matches found

euvd
euvd
added 2026/05/29 7:47 p.m.15 views

EUVD-2026-33437

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, FreeScout allows a non-admin user to permanently delete an internal note private thread from any conversation, even after that user's access to the mailbox containing the conversation has been...

4.3CVSS5.7AI score0.00155EPSS
Exploits0References1
nvd
nvd
added 2026/05/28 10:16 p.m.14 views

CVE-2026-44848

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, The Docker plugin management endpoints /plugins/ were not registered...

9.4CVSS0.00328EPSS
Exploits1References1
cvelist
cvelist
added 2026/05/28 9:8 p.m.36 views

CVE-2026-44848 Portainer: Missing authorization on Docker plugin endpoints allows host RCE

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, The Docker plugin management endpoints /plugins/ were not registered...

9.4CVSS0.00328EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2026/05/28 9:8 p.m.18 views

CVE-2026-44848 Portainer: Missing authorization on Docker plugin endpoints allows host RCE

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, The Docker plugin management endpoints /plugins/ were not registered...

9.4CVSS5.7AI score0.00328EPSS
Exploits1References1
euvd
euvd
added 2026/05/28 9:8 p.m.10 views

EUVD-2026-33064

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, The Docker plugin management endpoints /plugins/ were not registered...

9.4CVSS5.7AI score0.00328EPSS
Exploits1References1
cve
cve
added 2026/05/28 9:8 p.m.156 views

CVE-2026-44848

CVE-2026-44848 concerns Portainer Community Edition where missing authorization on the Docker plugin endpoints allowed a non-admin Portainer user with endpoint access to perform privileged Docker plugin operations directly against the Docker daemon. Affected releases include 2.33.0–2.33.7, 2.39.0...

9.4CVSS5.7AI score0.00328EPSS
Exploits1References1Affected Software1
nvd
nvd
added 2026/05/28 8:16 p.m.19 views

CVE-2026-33590

Insecure default settings of Portainer CE grant regular non-admin users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root equivalent access on the...

9.4CVSS0.00452EPSS
Exploits0References4
euvd
euvd
added 2026/05/28 7:30 p.m.9 views

EUVD-2026-33007

Insecure default settings of Portainer CE grant regular non-admin users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root equivalent access on the...

9.4CVSS5.9AI score0.00452EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/05/28 7:30 p.m.18 views

CVE-2026-33590

Insecure default settings of Portainer CE grant regular non-admin users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root equivalent access on the...

9.4CVSS5.9AI score0.00452EPSS
Exploits0References4
cve
cve
added 2026/05/28 7:30 p.m.35 views

CVE-2026-33590

CVE-2026-33590 affects Portainer CE. Insecure default permissions grant regular (non-admin) users with endpoint access privileges to read host files and potentially obtain root-equivalent access on the host through privileged operations exposed by Portainer. The NVD entry and CVE records describe...

9.4CVSS5.9AI score0.00452EPSS
Exploits0References4
cvelist
cvelist
added 2026/05/28 7:30 p.m.35 views

CVE-2026-33590 Insecure default permissions in Portainer CE

Insecure default settings of Portainer CE grant regular non-admin users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endpoint access can exploit these settings to read host files or obtain root equivalent access on the...

9.4CVSS0.00452EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/05/26 8:14 p.m.11 views

CVE-2026-40166

authentik is an open-source identity provider. In versions prior to 2025.12.5 and 2026.2.0-rc1 through 2026.2.2, authenticated non-admin users with at least one OAuth2 access token can retrieve the clientsecret of confidential OAuth2 providers they have previously authenticated against, exposing...

7.1CVSS5.7AI score0.0046EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/22 6:52 p.m.8 views

CVE-2026-40166 authentik: Non-admin user can retrieve confidential OAuth client_secret via /api/v3/oauth2/access_tokens/

authentik is an open-source identity provider. In versions prior to 2025.12.5 and 2026.2.0-rc1 through 2026.2.2, authenticated non-admin users with at least one OAuth2 access token can retrieve the clientsecret of confidential OAuth2 providers they have previously authenticated against, exposing...

7.1CVSS5.7AI score0.0046EPSS
Exploits0References3
cvelist
cvelist
added 2026/05/22 3:29 p.m.15 views

CVE-2026-9251

Missing authorization in the entry status management feature in Devolutions Server allows a non-administrator authenticated user to bypass the administrator-enforced Pending Approval flow and gain access to an entry's data via a crafted status change request. This issue affects : Devolutions Serv...

0.00142EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/22 3:29 p.m.7 views

CVE-2026-9251

Missing authorization in the entry status management feature in Devolutions Server allows a non-administrator authenticated user to bypass the administrator-enforced Pending Approval flow and gain access to an entry's data via a crafted status change request. This issue affects : Devolutions Serv...

5.4CVSS5.8AI score0.00142EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2026/05/22 12:0 a.m.17 views

PT-2026-42796

Missing authorization in the entry status management feature in Devolutions Server allows a non-administrator authenticated user to bypass the administrator-enforced Pending Approval flow and gain access to an entry's data via a crafted status change request. This issue affects : Devolutions Serv...

5.8AI score0.00142EPSS
Exploits0References1
euvd
euvd
added 2026/05/20 5:28 a.m.10 views

EUVD-2026-31066

Missing authorization vulnerability exists in Movable Type. Under certain conditions, when a user without administrator privileges signs in to the product, unintended update processing may be executed...

5.3CVSS5.8AI score0.00249EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/05/20 5:28 a.m.7 views

CVE-2026-44392

Missing authorization vulnerability exists in Movable Type. Under certain conditions, when a user without administrator privileges signs in to the product, unintended update processing may be executed...

5.3CVSS5.8AI score0.00249EPSS
Exploits0References4Affected Software4
ptsecurity
ptsecurity
added 2026/05/20 12:0 a.m.14 views

PT-2026-42108

Missing authorization vulnerability exists in Movable Type. Under certain conditions, when a user without administrator privileges signs in to the product, unintended update processing may be executed...

5.3CVSS5.8AI score0.00249EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/05/19 1:56 p.m.14 views

CVE-2026-44558

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the channel router does not call filterallowedaccessgrants on either create or update paths. A non-admin user who can create group channels or who owns a channel can submit arbitrary...

5.4CVSS5.9AI score0.0019EPSS
Exploits1References1
Rows per page
Query Builder