Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/04/10 7:17 p.m.5 views

CVE-2026-32252 Chartbrew Cross-Tenant Template Export and Secret Disclosure in `GET /team/:team_id/template/generate/:project_id`

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.9.0, a cross-tenant authorization bypass exists in Chartbrew in GET /team/:teamid/template/generate/:projectid. The GET handler calls checkAccessreq,...

7.7CVSS5.8AI score0.00285EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/27 8:24 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the host transfer API due to missing authorization checks on the source team. An attacker can gain unauthorized control over hosts belonging to other teams by initiating a transfer, resulting in the ability to...

8.8CVSS6AI score0.00315EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/26 7:40 p.m.6 views

EUVD-2026-8828

Fleet: Authorization Bypass in certificate template batch deletion for team administrators...

5.1CVSS5.2AI score0.00191EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.10 views

Fleet 安全漏洞

Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. Versions of Fleet prior to 4.80.1 contained security...

6.5CVSS7.3AI score0.00191EPSS
Exploits0References1
Rows per page
Query Builder