Lucene search
K

1201 matches found

NVD
NVD
added 2026/06/08 5:16 p.m.17 views

CVE-2026-48507

Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular users.edit permission to lock every admin out of the instance by editing the activated flag which determines whether or not a user can login and the...

7.1CVSS0.00194EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/08 4:51 p.m.7 views

CVE-2026-46481

OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TESTCONNECTION workflow for a Database Service and receive, in the HTTP 201 response of POST /api/v1/automations/workflows, both the cleartext database password in...

8.3CVSS5.4AI score0.00241EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/08 4:51 p.m.8 views

CVE-2026-46481 OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users

OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TESTCONNECTION workflow for a Database Service and receive, in the HTTP 201 response of POST /api/v1/automations/workflows, both the cleartext database password in...

8.3CVSS5.4AI score0.00241EPSS
Exploits0References1
CVE
CVE
added 2026/06/08 4:51 p.m.41 views

CVE-2026-46481

OpenMetadata 1.12.1 is affected by a vulnerability in the TEST_CONNECTION workflow (POST /api/v1/automations/workflows) where a non-admin SSO user can trigger a TEST_CONNECTION and receive both the cleartext database password in the response and a valid ingestion-bot JWT in openMetadataServerConn...

8.3CVSS5.4AI score0.00241EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 4:51 p.m.12 views

EUVD-2026-35136

OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TESTCONNECTION workflow for a Database Service and receive, in the HTTP 201 response of POST /api/v1/automations/workflows, both the cleartext database password in...

8.3CVSS5.4AI score0.00241EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/08 3:41 p.m.11 views

CVE-2026-48507 Snipe-IT: Bulk editing users allowed `ldap_import` and `activated_in` bulk editing users

Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular users.edit permission to lock every admin out of the instance by editing the activated flag which determines whether or not a user can login and the...

7.1CVSS5.5AI score0.00194EPSS
Exploits0References2
CVE
CVE
added 2026/06/08 3:41 p.m.27 views

CVE-2026-48507

Snipe-IT (IT asset/license management system) has a vulnerability affecting versions before 8.6.0. A non-admin user with only the granular users.edit permission can lock out admins by editing the activated flag (login eligibility) and the ldap_import flag (password reset requests). The issue is f...

7.1CVSS5.5AI score0.00194EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:41 p.m.7 views

CVE-2026-48507

Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular users.edit permission to lock every admin out of the instance by editing the activated flag which determines whether or not a user can login and the...

7.1CVSS5.5AI score0.00194EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/08 3:41 p.m.42 views

CVE-2026-48507 Snipe-IT: Bulk editing users allowed `ldap_import` and `activated_in` bulk editing users

Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular users.edit permission to lock every admin out of the instance by editing the activated flag which determines whether or not a user can login and the...

7.1CVSS0.00194EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.11 views

PT-2026-47618

Name of the Vulnerable Software and Affected Versions FUXA versions prior to 1.3.2 Description An authorization issue in the Scheduler API allows authenticated non-admin users to create or modify scheduled actions that are restricted to administrators. The API fails to correctly enforce...

6.3CVSS5.6AI score0.00048EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.13 views

Snipe-IT 安全漏洞

Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT prior to 8.6.0 contained security vulnerabilities. These vulnerabilities stemmed from the ability for non-administrator users to have the "users.edit" permission, allowing them to...

7.1CVSS5.4AI score0.00194EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.6 views

OpenMetadata 安全漏洞

OpenMetadata is an open-source platform for discovery, observability, and governance, supported by a central metadata storage repository, deep lineage, and seamless team collaboration. Prior to OpenMetadata 1.12.4, there were security vulnerabilities. These vulnerabilities stemmed from a workflow...

8.3CVSS5.3AI score0.00241EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/08 12:0 a.m.13 views

Security update for NetworkManager (moderate)

openSUSE security update: security update for networkmanager ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20911-1 Rating: moderate References: bsc1257359 bsc1257366 Cross-References: CVE-2025-9615 CVSS scores: CVE-2025-9615 SUSE : 5.5...

5.5CVSS5.4AI score0.00162EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.16 views

PT-2026-47559

Summary An authorization issue in the Scheduler API allowed authenticated non-admin users to create or modify scheduled actions that should be restricted to administrators. Details The Scheduler API did not correctly enforce administrator permissions when processing scheduler modifications. As a...

6.3CVSS5.7AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.15 views

PT-2026-47386

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.6.0 Description An issue in this IT asset and license management system allows a non-admin user with the users.edit permission to lock all administrators out of the instance. This is achieved by modifying the...

7.1CVSS5.5AI score0.00194EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.9 views

CVE-2026-9522

Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without administrative privileges to delete network discovery scan configurations...

5.4CVSS5.5AI score0.00138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.11 views

CVE-2026-39957

Lychee is a free, open-source photo-management tool. Prior to 7.5.4, a SQL operator-precedence bug in SharingController::listAll causes the orWhereNotNull'usergroupid' clause to escape the ownership filter applied by the when block. Any authenticated non-admin user with upload permission who owns...

4.3CVSS5.6AI score0.00208EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.9 views

CVE-2026-41660

Admidio is an open-source user management solution. Prior to version 5.0.9, a logic error in Admidio's two-factor authentication reset inverts the authorization check. Non-admin users cannot remove their own TOTP configuration, but they can remove other users' TOTP, including administrators. A...

7.1CVSS5.4AI score0.00297EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.11 views

CVE-2026-39454

SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may b...

8.5CVSS7.4AI score0.00112EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.10 views

CVE-2026-0237

An improper protection of alternate path vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to an internal automation bridge. This allows a locally authenticated non-admin user to leverage an exposed communication channel to send unauthorized commands t...

7.3CVSS5.5AI score0.00149EPSS
Exploits0References1
Rows per page
Query Builder