Lucene search
K

12 matches found

EUVD
EUVD
added 2026/07/02 7:49 p.m.11 views

EUVD-2026-33278

Mautic has an Authorization Bypass in API v2 Endpoints...

7.1CVSS5.8AI score0.00201EPSS
Exploits0References2
CVE
CVE
added 2026/06/11 8:8 p.m.47 views

CVE-2026-53814

OpenClaw before 2026.5.20 contains a privilege-escalation vulnerability in which a hook-triggered agent runs with owner-scoped MCP loopback authority instead of the hook-appropriate scope. Attackers with a valid hook token can use the /hooks/agent endpoint to cause spawned CLI runtimes to access ...

8.7CVSS5.5AI score0.00281EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.16 views

PT-2026-48744

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.20 Description A privilege escalation issue exists where hook-triggered agent runs incorrectly receive owner-scoped MCP loopback authority instead of the appropriate hook scope. This allows attackers possessin...

8.7CVSS5.5AI score0.00281EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.9 views

CVE-2026-9808

An authorization bypass vulnerability exists in the Mautic 7 API v2 endpoints utilizing API Platform. Under certain conditions, roles configured with owner-scope restrictions such as viewown or editown are not properly enforced. This allows low-privilege authenticated API users to bypass...

7.1CVSS5.5AI score0.00201EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/29 1:18 p.m.7 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the enforcement of owner-scope permissions such as viewown or editown. An attacker can gain unauthorized access or modify resources belonging to other users by exploiting improper permission checks in the API...

7.1CVSS5.8AI score0.00201EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/29 1:18 p.m.7 views

Incorrect Authorization

Overview mautic/plugin-focus is a Focus Plugin Affected versions of this package are vulnerable to Incorrect Authorization in the enforcement of owner-scope permissions such as viewown or editown. An attacker can gain unauthorized access or modify resources belonging to other users by exploiting...

7.1CVSS5.8AI score0.00201EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/29 10:30 a.m.36 views

CVE-2026-9808

An authorization bypass vulnerability exists in the Mautic 7 API v2 endpoints utilizing API Platform. Under certain conditions, roles configured with owner-scope restrictions such as viewown or editown are not properly enforced. This allows low-privilege authenticated API users to bypass...

7.1CVSS0.00201EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 10:30 a.m.9 views

CVE-2026-9808

An authorization bypass vulnerability exists in the Mautic 7 API v2 endpoints utilizing API Platform. Under certain conditions, roles configured with owner-scope restrictions such as viewown or editown are not properly enforced. This allows low-privilege authenticated API users to bypass...

7.1CVSS5.8AI score0.00201EPSS
Exploits0References2
CVE
CVE
added 2026/05/29 10:30 a.m.20 views

CVE-2026-9808

CVE-2026-9808 affects Mautic 7 API v2 endpoints (API Platform). Under certain conditions, roles with owner-scope restrictions (viewown/editown) are not properly enforced, allowing low-privilege authenticated API users to bypass ownership-logic and access or modify resources belonging to others. C...

7.1CVSS5.8AI score0.00201EPSS
Exploits0References1
OSV
OSV
added 2026/05/29 10:30 a.m.2 views

CVE-2026-9808

An authorization bypass vulnerability exists in the Mautic 7 API v2 endpoints utilizing API Platform. Under certain conditions, roles configured with owner-scope restrictions such as viewown or editown are not properly enforced. This allows low-privilege authenticated API users to bypass...

7.1CVSS6AI score0.00201EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.12 views

PT-2026-44821

Name of the Vulnerable Software and Affected Versions Mautic versions 7.0.0 through 7.1.1 Description An authorization bypass exists in the API v2 endpoints utilizing API Platform. Roles configured with owner-scope restrictions, such as viewown or editown, are not properly enforced. This allows...

7.1CVSS5.8AI score0.00201EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.23 views

PT-2026-41020

Name of the Vulnerable Software and Affected Versions Crabbox versions prior to 0.12.0 Description An authentication bypass allows non-admin shared-token callers to impersonate other owners or organizations by spoofing identity headers. Attackers can inject malicious X-Crabbox-Owner and...

8.8CVSS5.8AI score0.00361EPSS
Exploits0References9
Rows per page
Query Builder