Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

36 matches found

EUVD
EUVDadded yesterday6 views

EUVD-2026-38093

Capgo before 12.128.2 contains a cross-tenant authorization bypass vulnerability in PostgREST endpoints that allows org-scoped read API keys to access other tenants' webhook secrets and delivery logs. Attackers can query the webhooks and webhookdeliveries endpoints to exfiltrate HMAC signing...

7.1CVSS5.9AI score
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/06/05 7:40 p.m.6 views

CVE-2026-43917

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.19.0 and earlier, the protectedProcedure middleware only verifies the user is authenticated - it does NOT enforce organization scoping. Each endpoint must individually verify the resource's org matches the session's...

5.3CVSS5.4AI score0.00225EPSS
Exploits0References1
NVD
NVDadded 2026/05/29 6:17 p.m.10 views

CVE-2026-45632

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.7 and earlier, the schedule router does not enforce organization/role checks. As a result, any authenticated user can create, update, run, or delete schedules belonging to other organizations if they know the scheduleId/serverId...

9.9CVSS0.00256EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/29 4:40 p.m.6 views

CVE-2026-43917

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.19.0 and earlier, the protectedProcedure middleware only verifies the user is authenticated - it does NOT enforce organization scoping. Each endpoint must individually verify the resource's org matches the session's...

5.3CVSS5.8AI score0.00225EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/29 4:40 p.m.10 views

CVE-2026-43917 Dokploy: Cross-Organization IDOR - Multiple tRPC endpoints missing activeOrganizationId validation

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.19.0 and earlier, the protectedProcedure middleware only verifies the user is authenticated - it does NOT enforce organization scoping. Each endpoint must individually verify the resource's org matches the session's...

5.3CVSS5.8AI score0.00225EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/29 4:11 p.m.6 views

CVE-2026-45632

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.7 and earlier, the schedule router does not enforce organization/role checks. As a result, any authenticated user can create, update, run, or delete schedules belonging to other organizations if they know the scheduleId/serverId...

9.9CVSS6AI score0.00256EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/28 3:27 a.m.9 views

CVE-2026-9791

A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connect OIDC token with the 'organization' scope. This allows organization metadata to be disclosed in...

4.3CVSS5.7AI score0.00196EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/05/28 3:12 a.m.9 views

CVE-2026-9791

A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connect OIDC token with the 'organization' scope. This allows organization metadata to be disclosed in...

4.3CVSS5.7AI score0.00196EPSS
Exploits0References3
Packet Storm News
Packet Storm Newsadded 2026/05/28 12:0 a.m.14 views

An Organization-Scoped LLM Agent Runtime Architecture for Regulated Cybersecurity Operations

Regulated cybersecurity workflows lack a runtime substrate that enforces organization-level scope across retrieval, tool calls, memory, findings, reports, and audit while remaining model-agnostic and locally deployable. Recent large language model LLM agent systems report strong results on isolat...

5.8AI score
Exploits0
Positive Technologies
Positive Technologiesadded 2026/05/14 12:0 a.m.9 views

PT-2026-41020

Crabbox prior to v0.12.0 contains an authentication bypass vulnerability that allows non-admin shared-token callers to impersonate other owners or organizations by spoofing identity headers. Attackers can inject malicious X-Crabbox-Owner and X-Crabbox-Org headers in requests authenticated with a...

8.8CVSS5.8AI score0.00361EPSS
Exploits0References5
NVD
NVDadded 2026/05/08 5:16 a.m.8 views

CVE-2026-42279

solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/organization/time-entries/timeEntry API accepts a route-bound timeEntry from another organization when the caller has time-entries:update:all in the URL organization, allowing a known foreign time-entr...

5.8CVSS0.00266EPSS
Exploits1References3
EUVD
EUVDadded 2026/04/07 3:30 p.m.1 views

EUVD-2026-19694

An issue that allowed administrators to create and update users outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N 5.8 Medium. This issue was fix...

5.8CVSS5.8AI score0.00191EPSS
Exploits0References3
EUVD
EUVDadded 2026/04/07 3:30 p.m.2 views

EUVD-2026-19696

An issue that allowed MCP agents to access certificate information from outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N 3.0 Low. This issue wa...

3CVSS5.8AI score0.00118EPSS
Exploits0References3
EUVD
EUVDadded 2026/04/07 3:30 p.m.4 views

EUVD-2026-19698

An issue that could expose task information outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N 2.2 Low. This issue was fixed in version 4.0.260205....

2.2CVSS5.8AI score0.00174EPSS
Exploits0References3
NVD
NVDadded 2026/04/07 3:17 p.m.5 views

CVE-2026-5378

An issue that allowed administrators to create and update users outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N 5.8 Medium. This issue was fix...

6.8CVSS0.00191EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/04/07 2:12 p.m.1 views

CVE-2026-5383 runZero Explorer missing authorization check

An issue that could allow access to Explorer groups from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:L 4.4 Medium. This issue was fixed in...

4.4CVSS5.8AI score0.00179EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/04/07 2:12 p.m.17 views

CVE-2026-5382 runZero Platform MCP endpoint information leak

An issue that could expose records outside of the authorized organization scope through the MCP endpoints has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N 3.0 Low. This issue was fixed in...

3CVSS0.00174EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/04/07 2:11 p.m.16 views

CVE-2026-5378 runZero Platform user creation leak

An issue that allowed administrators to create and update users outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N 5.8 Medium. This issue was fix...

5.8CVSS0.00191EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/04/07 2:11 p.m.0 views

CVE-2026-5378

An issue that allowed administrators to create and update users outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N 5.8 Medium. This issue was fix...

5.8CVSS5.8AI score0.00191EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/04/07 2:11 p.m.4 views

CVE-2026-5378 runZero Platform user creation leak

An issue that allowed administrators to create and update users outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N 5.8 Medium. This issue was fix...

5.8CVSS5.8AI score0.00191EPSS
Exploits0References2
Rows per page
Query Builder