Lucene search
K

45 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.12 views

CVE-2026-41657

Admidio is an open-source user management solution. Prior to version 5.0.9, the contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring...

4.9CVSS5.4AI score0.00322EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 9:3 p.m.31 views

CVE-2026-44850 Portainer: Bind-mount restriction bypass via HostConfig.Mounts

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer offers an environment-level Disable bind mounts for...

8.5CVSS0.00206EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/28 9:3 p.m.13 views

EUVD-2026-33062

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer offers an environment-level Disable bind mounts for...

8.5CVSS5.8AI score0.00206EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.11 views

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server from 2026.1.6.0 to 2026.1.16.0, as well as versions prior to 2025.3.20.0, have security...

5.4CVSS5.8AI score0.00142EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.15 views

Open WebUI 信息泄露漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.8.9 contained a vulnerability related to information leakage. This vulnerability occurred when non-administrator users logged in, causing the application to send...

6.5CVSS5.8AI score0.00281EPSS
Exploits1References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/05/14 7:16 a.m.15 views

WPS Office improper access restriction to its named pipe

Overview WPS Office provided by WPS SOFTWARE PTE. LTD. contains a service program running background and providing certain functionalities to the other programs. This service program uses a named pipe to communicate with the other programs. The named pipe above is not properly protected and any...

7.8CVSS7.3AI score0.00333EPSS
Exploits2References4
OSV
OSV
added 2026/04/16 4:44 p.m.4 views

SUSE-SU-2026:1419-1 Security update for NetworkManager

This update for NetworkManager fixes the following issues: - CVE-2025-9615: non-admin users are allowed to use certificates from other users bsc1257359...

3.3CVSS5.8AI score0.00162EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/26 9:30 a.m.7 views

EUVD-2026-16126

The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation folder. If the installation folder is customized to some non-default one, the folder may be left with un-secure ACLs and non-administrative users can alter contents of that folder. It may allow a...

8.5CVSS7.4AI score0.00145EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/11 7:30 a.m.7 views

CVE-2025-12063

An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions...

5.7CVSS5.5AI score0.00186EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:35 p.m.10 views

CVE-2023-49978

Incorrect access control in Customer Support System v1 allows non-administrator users to access administrative pages and execute actions reserved for administrators...

8.8CVSS7.1AI score0.00835EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/01/05 9:41 p.m.30 views

CVE-2025-67732 Dify Vulnerable to Plaintext API Key Exposure via Model Provider Configuration Endpoint

Dify is an open-source LLM app development platform. Prior to version 1.11.0, the API key is exposed in plaintext to the frontend, allowing non-administrator users to view and reuse it. This can lead to unauthorized access to third-party services, potentially consuming limited quotas. Version...

8.4CVSS0.00305EPSS
Exploits1References1
NVD
NVD
added 2025/12/03 5:15 p.m.4 views

CVE-2025-20387

In Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory. This lets non-administrator users on...

8CVSS0.00488EPSS
Exploits0References1
OSV
OSV
added 2025/12/03 5:15 p.m.5 views

CVE-2025-20387

In Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory. This lets non-administrator users on...

6.5CVSS5.8AI score0.00488EPSS
Exploits0References1
CVE
CVE
added 2025/12/03 5:0 p.m.38 views

CVE-2025-20387

CVE-2025-20387 affects Splunk Universal Forwarder for Windows. The issue, observed in versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, arises when installing or upgrading to an affected build, causing incorrect permissions in the Forwarder installation directory. This misconfiguration allows non-...

8CVSS6.4AI score0.00488EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/03 5:0 p.m.15 views

CVE-2025-20386 Incorrect permission assignment on Splunk Enterprise for Windows during new installation or upgrade

In Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Splunk Enterprise for Windows Installation directory. This lets non-administrator users on the machine...

8CVSS0.00488EPSS
Exploits0References1
CVE
CVE
added 2025/12/03 5:0 p.m.37 views

CVE-2025-20386

CVE-2025-20386 affects Splunk Enterprise for Windows prior to versions 10.0.2, 9.4.6, 9.3.8, and 9.2.10. The issue occurs during a new installation or upgrade, where permissions are incorrectly assigned in the Splunk Enterprise for Windows Installation directory, allowing non-administrator users ...

8CVSS6.4AI score0.00488EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.5 views

PT-2025-48958

Name of the Vulnerable Software and Affected Versions Splunk Enterprise for Windows versions prior to 10.0.2 Splunk Enterprise for Windows versions prior to 9.4.6 Splunk Enterprise for Windows versions prior to 9.3.8 Splunk Enterprise for Windows versions prior to 9.2.10 Description A flaw exists...

8CVSS6.4AI score0.00488EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.4 views

PT-2025-48959

Name of the Vulnerable Software and Affected Versions Splunk Universal Forwarder for Windows versions prior to 10.0.2 Splunk Universal Forwarder for Windows versions prior to 9.4.6 Splunk Universal Forwarder for Windows versions prior to 9.3.8 Splunk Universal Forwarder for Windows versions prior...

8CVSS6.5AI score0.00488EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/12/03 12:0 a.m.5 views

Splunk Enterprise 安全漏洞

Splunk Enterprise is a suite of data collection and analytics software from Splunk, Inc. in the United States. A security vulnerability exists in Splunk Enterprise versions prior to 10.0.2, 9.4.6, 9.3.8, and 9.2.10, which stems from improperly assigned permissions during installation or upgrade,...

8CVSS7.8AI score0.00488EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.3 views

Splunk Enterprise 9.2.0 < 9.2.10, 9.3.0 < 9.3.8, 9.4.0 < 9.4.6, 10.0 < 10.0.2 (SVD-2025-1205)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-1205 advisory. - In Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an...

8CVSS7.3AI score0.00488EPSS
Exploits0References2
Rows per page
Query Builder