Lucene search
K

14 matches found

NVD
NVD
added 2026/05/29 12:16 p.m.10 views

CVE-2026-9808

An authorization bypass vulnerability exists in the Mautic 7 API v2 endpoints utilizing API Platform. Under certain conditions, roles configured with owner-scope restrictions such as viewown or editown are not properly enforced. This allows low-privilege authenticated API users to bypass...

7.1CVSS0.00201EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 10:30 a.m.11 views

CVE-2026-9808

An authorization bypass vulnerability exists in the Mautic 7 API v2 endpoints utilizing API Platform. Under certain conditions, roles configured with owner-scope restrictions such as viewown or editown are not properly enforced. This allows low-privilege authenticated API users to bypass...

7.1CVSS5.8AI score0.00201EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/11 4:46 p.m.15 views

CVE-2026-44998

OpenClaw before 2026.4.20 contains a tool policy bypass vulnerability allowing bundled MCP and LSP tools to circumvent configured tool restrictions. Attackers with local agent access can append restricted tools to the effective tool set after policy filtering, bypassing profile policies, allow/de...

5.4CVSS5.8AI score0.00706EPSS
Exploits0References4
NVD
NVD
added 2023/10/30 6:15 p.m.24 views

CVE-2023-21389

In Settings, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.8AI score0.001EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/30 5:1 p.m.22 views

CVE-2023-21389

In Settings, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.5AI score0.001EPSS
Exploits0References1
CVE
CVE
added 2023/10/30 5:1 p.m.84 views

CVE-2023-21389

CVE-2023-21389 concerns a bypass of profile owner restrictions in Android Settings due to a missing permission check, enabling local elevation of privilege without extra execution privileges and without user interaction. Multiple connected sources describe this as an Android elevation-of-privileg...

7.8CVSS7.8AI score0.001EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/30 5:1 p.m.22 views

CVE-2023-21389

In Settings, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.4AI score0.001EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/10/30 12:0 a.m.4 views

PT-2023-18164 · Settings · Settings

Name of the Vulnerable Software and Affected Versions: Settings affected versions not specified Description: The issue is related to a missing permission check in Settings, allowing for a bypass of profile owner restrictions. This could lead to local escalation of privilege without requiring...

7.8CVSS7.5AI score0.001EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/12/16 12:0 a.m.4 views

PT-2022-14757 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a missing permission check in the onOptionsItemSelected method of ManageApplications.java, which could allow for a bypass of profile owner restrictions. This might lead to a loc...

4.4CVSS4.9AI score0.0011EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/12/16 12:0 a.m.24 views

CVE-2022-20544

In onOptionsItemSelected of ManageApplications.java, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product...

5.3AI score0.0011EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/06/06 5:15 p.m.7 views

CVE-2022-1783

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for malicious group maintainers to add new members to a project within their...

4CVSS6.4AI score0.00947EPSS
Exploits0References4Affected Software1
Code423n4
Code423n4
added 2021/09/22 12:0 a.m.7 views

No restrictions on owner setting params

Handle goatbug Vulnerability details Impact function setMinLicenseFeeuint256 newMinLicenseFee public override onlyOwner minLicenseFee = newMinLicenseFee; function setAuctionDecrementuint256 newAuctionDecrement public override onlyOwner auctionDecrement = newAuctionDecrement; Proof of Concept Both...

6.9AI score
Exploits0
OSV
OSV
added 2016/02/03 6:59 p.m.3 views

DEBIAN-CVE-2015-8748

Radicale before 1.1 allows remote authenticated users to bypass ownerwrite and owneronly limitations via regex metacharacters in the user name, as demonstrated by "."...

5.3CVSS6.2AI score0.02219EPSS
Exploits0References1
Prion
Prion
added 2016/02/03 6:59 p.m.17 views

Buffer overflow

Radicale before 1.1 allows remote authenticated users to bypass ownerwrite and owneronly limitations via regex metacharacters in the user name, as demonstrated by "."...

5CVSS6.6AI score0.02219EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder