Lucene search
K

19 matches found

RedhatCVE
RedhatCVE
added 2026/05/11 8:25 p.m.10 views

CVE-2026-42160

Data Space Portal is an open-source Software as a Service SaaS solution designed to streamline Dataspace management. From version 2.1.1 to before version 7.3.2, there is insufficient authorization in the dataspace-portal backend regarding self-registered "PENDING" organization / user accounts. Th...

10CVSS5.7AI score0.00249EPSS
Exploits0References1
NVD
NVD
added 2026/05/08 8:16 p.m.27 views

CVE-2026-42160

Data Space Portal is an open-source Software as a Service SaaS solution designed to streamline Dataspace management. From version 2.1.1 to before version 7.3.2, there is insufficient authorization in the dataspace-portal backend regarding self-registered "PENDING" organization / user accounts. Th...

10CVSS0.00249EPSS
Exploits0References2
CVE
CVE
added 2026/05/08 7:46 p.m.17 views

CVE-2026-42160

Data Space Portal (open-source SaaS) has a vulnerability in the backend authorization for self-registered PENDING organizations/users, affecting versions 2.1.1 up to before 7.3.2. The root cause is insufficient authorization checks, combined with client-side enforcement of server-side security, e...

10CVSS5.7AI score0.00249EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/08 7:46 p.m.7 views

CVE-2026-42160

Data Space Portal is an open-source Software as a Service SaaS solution designed to streamline Dataspace management. From version 2.1.1 to before version 7.3.2, there is insufficient authorization in the dataspace-portal backend regarding self-registered "PENDING" organization / user accounts. Th...

10CVSS5.7AI score0.00249EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/08 7:46 p.m.9 views

CVE-2026-42160 Data Space Portal: Incorrect Authorization and Client-Side Enforcement of Server-Side Security in ghcr.io/sovity/ds-portal-ce-backend

Data Space Portal is an open-source Software as a Service SaaS solution designed to streamline Dataspace management. From version 2.1.1 to before version 7.3.2, there is insufficient authorization in the dataspace-portal backend regarding self-registered "PENDING" organization / user accounts. Th...

10CVSS5.7AI score0.00249EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/08 7:46 p.m.45 views

CVE-2026-42160 Data Space Portal: Incorrect Authorization and Client-Side Enforcement of Server-Side Security in ghcr.io/sovity/ds-portal-ce-backend

Data Space Portal is an open-source Software as a Service SaaS solution designed to streamline Dataspace management. From version 2.1.1 to before version 7.3.2, there is insufficient authorization in the dataspace-portal backend regarding self-registered "PENDING" organization / user accounts. Th...

10CVSS0.00249EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/08 7:46 p.m.18 views

EUVD-2026-28817

Data Space Portal is an open-source Software as a Service SaaS solution designed to streamline Dataspace management. From version 2.1.1 to before version 7.3.2, there is insufficient authorization in the dataspace-portal backend regarding self-registered "PENDING" organization / user accounts. Th...

10CVSS5.7AI score0.00249EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.10 views

dataspace-portal 安全漏洞

Dataspace-portal is an open-source data space management portal developed by Sovity. Versions of Dataspace-portal from 2.1.1 to 7.3.2 had security vulnerabilities, which were caused by insufficient authorization for self-registered “PENDING” organization/user accounts...

10CVSS5.8AI score0.00249EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.20 views

PT-2026-39190

Name of the Vulnerable Software and Affected Versions Data Space Portal versions 2.1.1 through 7.3.1 Description Data Space Portal is an open-source Software as a Service SaaS solution for Dataspace management. The backend contains insufficient authorization regarding self-registered organization...

10CVSS5.8AI score0.00249EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/04 4:57 p.m.33 views

CVE-2026-29069 Craft has an unauthenticated activation email trigger with potential user enumeration

Craft is a content management system CMS. Prior to 5.9.0-beta.2 and 4.17.0-beta.2, the actionSendActivationEmail endpoint is accessible to unauthenticated users and does not require a permission check for pending users. An attacker with no prior access can trigger activation emails for any pendin...

6.9CVSS0.00273EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/11 11:20 a.m.4 views

CVE-2025-7374

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to authorization bypass in all versions up to, and including, 7.6. This is due to insufficient login restrictions on inactive and pending accounts. This makes it possible for authenticated attackers, with Candidate- a...

5.4CVSS6.2AI score0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/10 12:30 p.m.4 views

EUVD-2025-33709

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to authorization bypass in all versions up to, and including, 7.6. This is due to insufficient login restrictions on inactive and pending accounts. This makes it possible for authenticated attackers, with Candidate- a...

5.4CVSS5.7AI score0.00175EPSS
Exploits0References3
NVD
NVD
added 2025/10/10 12:15 p.m.6 views

CVE-2025-7374

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to authorization bypass in all versions up to, and including, 7.6. This is due to insufficient login restrictions on inactive and pending accounts. This makes it possible for authenticated attackers, with Candidate- a...

5.4CVSS0.00175EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/10 11:17 a.m.1 views

CVE-2025-7374 WP JobHunt <= 7.6 Authenticated (Custom+) Authorization Bypass

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to authorization bypass in all versions up to, and including, 7.6. This is due to insufficient login restrictions on inactive and pending accounts. This makes it possible for authenticated attackers, with Candidate- a...

5.4CVSS5.8AI score0.00175EPSS
Exploits0References2
CVE
CVE
added 2025/10/10 11:17 a.m.17 views

CVE-2025-7374

CVE-2025-7374 affects the WordPress plugin WP JobHunt (versions up to and including 7.6). The vulnerability is an authorization bypass caused by insufficient login restrictions on inactive and pending accounts, allowing authenticated users with Candidate- or Employer-level access and above to log...

5.4CVSS5.8AI score0.00175EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/10 11:17 a.m.8 views

CVE-2025-7374 WP JobHunt <= 7.6 Authenticated (Custom+) Authorization Bypass

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to authorization bypass in all versions up to, and including, 7.6. This is due to insufficient login restrictions on inactive and pending accounts. This makes it possible for authenticated attackers, with Candidate- a...

5.4CVSS0.00175EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/10 12:0 a.m.4 views

PT-2025-41557

Name of the Vulnerable Software and Affected Versions WP JobHunt plugin for WordPress versions prior to 7.7 Description The WP JobHunt plugin for WordPress, used with the JobCareer theme, has a flaw that allows authorized users with Candidate- or Employer-level access, or higher, to log in even i...

5.4CVSS6.6AI score0.00175EPSS
Exploits0References5
OSV
OSV
added 2022/04/19 9:15 p.m.3 views

CVE-2022-0992

The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up that allows unauthenticated and unauthorized users to configure 2FA for pending...

9.8CVSS7.3AI score0.02878EPSS
Exploits3References3
NVD
NVD
added 2022/04/19 9:15 p.m.40 views

CVE-2022-0992

The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows unauthenticated users to log in as administrative users due to missing identity verification on initial 2FA set-up that allows unauthenticated and unauthorized users to configure 2FA for pending...

9.8CVSS0.02878EPSS
Exploits3References3
Rows per page
Query Builder