Lucene search
K

52 matches found

EUVD
EUVD
added 3 days ago5 views

EUVD-2026-42249

Capgo before 12.128.2 contains a broken access control vulnerability in the organization management API where a scoped API key limitedtoorgs inherits its owner-user's permissions, allowing destructive cross-organization actions. When a user is an admin in two organizations and creates a write-mod...

8.1CVSS6AI score0.00223EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:18 p.m.5 views

CVE-2026-52800

Gogs is an open source self-hosted Git service. Prior to 0.14.3, organization team member management can be performed via GET requests without CSRF protection. If a victim who is an organization owner is logged in and is tricked into visiting a crafted link, an attacker-controlled user can be add...

8.8CVSS5.9AI score0.00248EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/06/21 1:26 p.m.8 views

EUVD-2026-38166

Capgo before 12.128.2 contains a potential privilege escalation vulnerability in the public.applyusageoverage SECURITY DEFINER function, which performs sensitive billing operations without enforcing internal authorization checks no validation of auth.uid, org membership, or checkminrights. Becaus...

7.6CVSS6AI score0.00199EPSS
Exploits0References2
NVD
NVD
added 2026/06/01 7:16 p.m.12 views

CVE-2026-22872

Capsule is a multi-tenancy and policy-based framework for Kubernetes. The Capsule Controller runs with cluster-admin privileges. Although the TenantResource RawItems processing logic forcibly sets the namespace, this is ineffective for cluster-scoped resources. Prior to version 0.13.0, tenant...

9.1CVSS0.0043EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/04/20 7:22 p.m.6 views

CVE-2026-40258

The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.0 through 3.11.0 have a path traversal vulnerability Zip Slip in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with...

9.1CVSS5.9AI score0.00401EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/29 12:0 a.m.10 views

PT-2026-28446

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.12 Description OpenClaw before version 2026.3.12 has an insufficient access control issue in the /config and /debug command handlers. Command-authorized non-owners can access owner-only surfaces, allowing them...

8.8CVSS5.9AI score0.00251EPSS
Exploits0References7
Snyk
Snyk
added 2026/02/11 8:56 p.m.3 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the command execution functionality. An attacker can execute a malicious binary through the application, which will run with the privileges of the service owner. Remediation There is no fixed version for...

9.8CVSS5.9AI score0.00553EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/01/08 12:40 a.m.6 views

postgresql: CREATE STATISTICS does not check for schema CREATE privilege

A vulnerability has been identified in PostgreSQL’s CREATE STATISTICS command where the database does not check that the user has the required schema CREATE privilege. A table owner user could create a statistics object in any schema, blocking other users who legitimately hold CREATE STATISTICS...

3.1CVSS5.7AI score0.00201EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/11/10 12:0 a.m.3 views

Google Looker 安全漏洞

Google Looker is an intelligent business platform from Google, Inc USA. A security vulnerability exists in Google Looker that originates from a user being able to inject malicious SQL statements, which could lead to the execution of a SQL injection attack with report owner privileges...

7.6CVSS7.7AI score0.00303EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2018-11878

Malware in sbrugna...

9CVSS9.2AI score0.02524EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-5453

Malware in sbrugna...

7.5CVSS7.6AI score0.01024EPSS
Exploits0References3
OSV
OSV
added 2025/09/08 9:17 p.m.11 views

CVE-2025-57817 Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with client:create or client:update permissions to escalate thei...

8.6CVSS6.8AI score0.00392EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/09/08 9:17 p.m.22 views

CVE-2025-57817 Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with client:create or client:update permissions to escalate thei...

8.6CVSS0.00392EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 2:58 a.m.4 views

CVE-2023-1084

An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A malicious project Maintainer may create a Project Access Token with Owner level privileges using a crafted request...

2.7CVSS6.8AI score0.00806EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/02/21 10:48 p.m.17 views

Leantime allows Cross-Site Request Forgery (CSRF)

CSRF Summary A cross-site request forgery vulnerability allows a remote actor to create an account with Owner privileges. By luring an Owner or Administrator into clicking a button on an attacker-controlled website, a request will be issued, generating an account with the attacker's information a...

7.1AI score
Exploits0References2Affected Software1
CISA KEV Catalog
CISA KEV Catalog
added 2024/03/26 12:0 a.m.48 views

Microsoft SharePoint Server Code Injection Vulnerability

Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely...

7.2CVSS7.3AI score0.85395EPSS
In wildExploits7
OSV
OSV
added 2024/03/12 8:24 a.m.16 views

BIT-GITLAB-2024-1299 Privilege Chaining in GitLab

A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. It was possible for a user with custom role of managegroupaccesstokens to rotate group access tokens with owner privileges...

8.1CVSS6.9AI score0.0054EPSS
Exploits1References4
Veracode
Veracode
added 2024/03/10 9:14 a.m.29 views

Improper Authorization

GitLab is vulnerable to Improper Authorization. The vulnerability is due to a privilege escalation flaw in GitLab. Users with a custom role of managegroupaccesstokens could rotate group access tokens with owner privileges, allowing them to escalate their privileges within the system...

8.1CVSS6.9AI score0.0054EPSS
Exploits1References4Affected Software1
UbuntuCve
UbuntuCve
added 2024/03/07 1:15 a.m.27 views

CVE-2024-1299

A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. It was possible for a user with custom role of managegroupaccesstokens to rotate group access tokens with owner privileges...

8.1CVSS6.9AI score0.0054EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/03/07 12:0 a.m.4 views

PT-2024-17852 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 16.8 prior to 16.8.4 GitLab versions 16.9 prior to 16.9.2 Description: A privilege escalation issue was discovered in GitLab. It was possible for a user with a custom role of manage group access tokens to rotate group access...

8.1CVSS7AI score0.0054EPSS
Exploits1References12
Rows per page
Query Builder