Lucene search
K

43 matches found

NVD
NVD
added 4 days ago6 views

CVE-2026-55670

ZITADEL is an open source identity management platform. Prior to 4.15.1, ZITADEL's event store validation can retain the original resource owner for a deleted user identifier, causing a later user recreated with the same identifier in another organization to be provisioned under the original...

2.3CVSS0.00286EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added last week48 views

CVE-2026-28378

The public dashboard deletion endpoint does not enforce organization isolation, allowing an Org Admin in one organization to delete public dashboards belonging to a different organization by supplying the target dashboard's identifiers...

3.1CVSS5.9AI score0.00136EPSS
Exploits0References2Affected Software2
RedhatCVE
RedhatCVE
added 2026/06/25 6:44 p.m.10 views

CVE-2026-47102

A flaw was found in LiteLLM. A user with access to the /user/update endpoint can exploit a privilege escalation vulnerability. By modifying their own userrole to proxyadmin, an attacker can gain full administrative access to LiteLLM, including control over all users, teams, keys, models, and prom...

8.8CVSS6AI score0.00653EPSS
Exploits2References10
EUVD
EUVD
added 2026/05/28 6:8 p.m.14 views

EUVD-2026-31908

OpenCTI: Privilege escalation via graphQL API is abusable by organization admins, due to incorrect ACL on userEdit relationAdd...

7.2CVSS5.8AI score0.00316EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/28 6:8 p.m.26 views

OpenCTI: Privilege escalation via graphQL API is abusable by organization admins, due to incorrect ACL on userEdit relationAdd

Summary An organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization. Impact Full platform access, access to sensitive or proprietary information...

7.2CVSS5.8AI score0.00316EPSS
Exploits0References4Affected Software1
PyPA
PyPA
added 2026/05/26 6:16 p.m.14 views

PYSEC-0000-CVE-2026-44730

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.7, an organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization. This is due to incorrect ACL o...

7.2CVSS5.8AI score0.00316EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/26 5:3 p.m.9 views

CVE-2026-44730 OpenCTI: Privilege escalation via graphQL API abusable by organization admins, due to incorrect ACL on userEdit relationAdd

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.7, an organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization. This is due to incorrect ACL o...

7.2CVSS5.8AI score0.00316EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/21 8:34 p.m.10 views

CVE-2026-47102 LiteLLM < 1.83.10 Privilege Escalation via User Update

LiteLLM prior to 1.83.10 allows a user to modify their own userrole via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxyadmin...

8.8CVSS5.8AI score0.00653EPSS
Exploits2References8
NVD
NVD
added 2026/05/13 9:16 p.m.14 views

CVE-2026-44380

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access control vulnerability in the authentication key reset functionality allowed an authenticated organization administrator to reset authentication keys belonging to site administrator accounts within...

8.6CVSS0.00403EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/13 8:22 p.m.7 views

CVE-2026-42300

DevGuard provides vulnerability management for the full software supply chain. Prior to 1.2.2, the SessionMiddleware accepts a client-supplied X-Admin-Token HTTP request header and uses its raw string value as the authenticated userID when no Kratos session cookie is present. An unauthenticated...

9.3CVSS5.8AI score0.00257EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:29 a.m.13 views

CVE-2019-12794

An issue was discovered in MISP 2.4.108. Organization admins could reset credentials for site admins organization admins have the inherent ability to reset passwords for all of their organization's users. This, however, could be abused in a situation where the host organization of an instance...

6.6CVSS6.9AI score0.00926EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-4377

Malware in sbrugna...

6.6CVSS6.6AI score0.00926EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-2960

Malicious code in bioql PyPI...

2.7CVSS5.2AI score0.00496EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-2733

Malicious code in bioql PyPI...

7.2CVSS7AI score0.01074EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2023-4822

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user...

7.2CVSS7AI score0.01074EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/07/04 12:0 a.m.6 views

Grafana Labs 10.4.x < 10.4.19, 11.2.x < 11.2.10, 11.3.x < 11.3.7, 11.4 < 11.4.5, 11.5 < 11.5.5, 11.6 < 11.6.2, 12.0.x < 12.0.1 Improper Access Control (CVE-2025-3580)

The version of Grafana Labs installed on the remote host is affected by an improper access control vulnerability as referenced in the CVE-2025-3580 advisory. - An access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server...

5.5CVSS7AI score0.00378EPSS
Exploits0References2
OSV
OSV
added 2025/05/28 11:44 a.m.6 views

BIT-GRAFANA-2025-3580

An access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server administrator account. This vulnerability exists in the DELETE /api/org/users/ endpoint. The vulnerability can be exploited when: 1. An Organization administrator...

5.5CVSS6.6AI score0.00378EPSS
Exploits0References2
OSV
OSV
added 2024/12/20 8:15 p.m.3 views

CVE-2024-56335 Privilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwarden

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. In affected versions an attacker is capable of updating or deleting groups from an organization given a few conditions: 1. The attacker has a user account in the server. 2. The attacker's...

7.6CVSS6.8AI score0.00333EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/11/22 3:49 a.m.3 views

SUSE CVE-2024-52009

Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. Atlantis logs contains GitHub credentials tokens ghs... when they are rotated. This enables an attacker able to read these logs to impersonate Atlantis application and to perform actions on...

9.8CVSS7AI score0.00698EPSS
Exploits1References3
Veracode
Veracode
added 2024/11/12 9:37 a.m.5 views

Unauthorized Invite Deletion

github.com/grafana/grafana is vulnerable to unauthorized invite deletion. The vulnerability is due to insufficient access control validation in the system, where organization admins are not properly restricted to actions only within the organization they belong to. It allows admins to delete...

2.7CVSS6.5AI score0.00496EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder