Lucene search
+L

13 matches found

snyk
snyk
added 2026/06/16 5:34 p.m.8 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the monitor API endpoints, which lack proper ownership enforcement. An attacker can read, modify, rename, or permanently delete another user's messages, sessions, build artifacts, and...

8.8CVSS5.9AI score0.00291EPSS
Exploits1References2
redhatcve
redhatcve
added 2026/06/07 12:43 a.m.15 views

CVE-2026-7047

The Frontend User Notes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the funpajaxmodifynotes function. This makes it possible for unauthenticated attackers to trick a logged-in...

4.3CVSS5.3AI score0.00132EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:27 p.m.11 views

CVE-2026-40214

In OpenStack Cyborg before 16.0.1, the Accelerator Request ARQ API does not enforce project ownership at any layer. The projectid column in the database is never populated NULL for every ARQ, database queries have no project filtering, and policy checks are self-referential the authorizewsgi...

6.3CVSS5.5AI score0.00206EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/04 1:5 p.m.12 views

CVE-2026-10855

An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application checked whether a matching template already existed but did not verify that the importing user belonged to the organization that owned the...

5.1CVSS5.8AI score0.00154EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/07 12:0 a.m.11 views

OpenStack Cyborg 安全漏洞

OpenStack Cyborg is an open-source acceleration resource management and scheduling service component of OpenStack. Versions of OpenStack Cyborg prior to 16.0.1 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the accelerator request API did not enforce project...

6.3CVSS5.8AI score0.00206EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/04/29 8:48 p.m.6 views

CVE-2026-41910

OpenClaw before 2026.4.8 omits owner-only enforcement for cross-channel allowlist writes in the /allowlist endpoint. An authorized non-owner sender can bypass access controls to perform allowlist modifications against different channels, violating the intended trust model...

4.3CVSS5.2AI score0.00237EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/03/23 12:0 a.m.8 views

PT-2026-27197

Name of the Vulnerable Software and Affected Versions New API versions prior to 0.11.4-alpha.2 Description The software features an Insecure Direct Object Reference IDOR in the video proxy endpoint. Any authenticated user can access video content belonging to other users by exploiting a missing...

6.5CVSS5.8AI score0.00274EPSS
Exploits1References8
ptsecurity
ptsecurity
added 2025/12/17 12:0 a.m.7 views

PT-2025-51890

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 20.1 Description AVideo versions prior to 20.1 contain an insecure direct object reference issue. Users with upload permissions can modify the rotation metadata of any video. The ''/video/id'' endpoint verifies upload...

8.1CVSS6.6AI score0.00248EPSS
Exploits0References7
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-9596

Malware in sbrugna...

6.5CVSS6.6AI score0.00875EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-13476

Malware in sbrugna...

4CVSS3.8AI score0.0059EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/05/22 12:59 p.m.13 views

CVE-2018-20938

cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls SEC-324...

4CVSS7AI score0.0059EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 7:1 a.m.7 views

CVE-2017-18480

cPanel before 62.0.4 does not enforce account ownership for hasmycnfforcpuser WHM API calls SEC-210...

6.5CVSS7AI score0.00875EPSS
Exploits0References1
nvd
nvd
added 2019/08/01 5:15 p.m.24 views

CVE-2018-20938

cPanel before 68.0.27 does not enforce ownership during addpkgext and delpkgext WHM API calls SEC-324...

4CVSS3.9AI score0.0059EPSS
Exploits0References1
Rows per page
Query Builder