Lucene search
+L

47 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.12 views

CVE-2026-4109

The Eventin – Events Calendar, Event Booking, Ticket & Registration AI Powered plugin for WordPress is vulnerable to unauthorized access of data due to a improper capability check on the getitempermissionscheck function in all versions up to, and including, 4.1.8. This makes it possible for...

4.3CVSS5.6AI score0.00179EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/18 9:31 a.m.11 views

Mattermost doesn't check the create_post channel permission during post edit operations

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check the createpost channel permission during post edit operations which allows an authenticated attacker with revoked posting privileges to modify their existing posts via direct API requests to the post update and...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References4Affected Software2
Cvelist
Cvelist
added 2026/05/18 8:9 a.m.53 views

CVE-2026-3117 Instance and webhook GitLab plugin commands were able to be run by non-admin users

Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to uninstall instances or setup webhook connections via the gitlab instance option or the /gitlab webhook option commands...

6.5CVSS0.00228EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 8:27 a.m.6 views

CVE-2026-1934

The Motors – Car Dealership & Classified Listings plugin for WordPress is vulnerable to Payment Bypass via insecure user meta update in all versions up to, and including, 1.4.103 This is due to the stmsaveuserextrafields function updating sensitive user meta fields from POST data without verifyin...

4.3CVSS5.8AI score0.00222EPSS
Exploits0References7
Snyk
Snyk
added 2026/05/06 8:11 p.m.9 views

Incorrect Authorization

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Incorrect Authorization in the userHasPermission process. An attacker can gain unauthorized access to sensitive administrative data by sending requests ...

7.1CVSS5.8AI score0.00303EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/08 12:4 a.m.14 views

File Browser share links remain accessible after Share/Download permissions are revoked

When an admin revokes a user's Share and Download permissions, existing share links created by that user remain fully accessible to unauthenticated users. The public share download handler does not re-check the share owner's current permissions. Verified with a running PoC against v2.62.2 commit...

8.2CVSS5.9AI score0.00332EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/20 6:18 p.m.6 views

CVE-2026-23721

OpenProject is an open-source, web-based project management software. When using groups in OpenProject to manage users, the group members should only be visible to users that have the View Members permission in any project that the group is also a member of. Prior to versions 17.0.1 and 16.6.5, d...

4.3CVSS5.5AI score0.00176EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/19 5:52 p.m.6 views

CVE-2026-23721 OpenProject users with "View Members" permission in any project can view all Group memberships

OpenProject is an open-source, web-based project management software. When using groups in OpenProject to manage users, the group members should only be visible to users that have the View Members permission in any project that the group is also a member of. Prior to versions 17.0.1 and 16.6.5, d...

4.3CVSS5.4AI score0.00176EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:53 a.m.10 views

CVE-2022-33913

In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2, files can sometimes be downloaded through thumb.php with no permission check...

7.5CVSS6.9AI score0.01019EPSS
Exploits1References1
OSV
OSV
added 2025/12/11 9:15 p.m.4 views

CVE-2025-13663

Under certain circumstances, the Quartus Prime Pro Installer for Windows does not check the permissions of the Quartus target installation directory if the target installation directory already exists...

5.4CVSS5.8AI score0.00084EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/11/09 12:24 a.m.7 views

SUSE CVE-2025-58075

Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the RelayState...

8.1CVSS6.9AI score0.00314EPSS
Exploits0References2
CVE
CVE
added 2025/10/16 8:44 a.m.29 views

CVE-2025-58073

Mattermost Server (versions 10.11.x up to 10.11.1, 10.10.x up to 10.10.2, 10.5.x up to 10.5.10) is affected by CVE-2025-58073 due to insufficient verification of a user’s permission to join a team when using the original invite token. The underlying issue is the lack of proper authorization check...

8.1CVSS6.5AI score0.00388EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/16 8:20 a.m.1 views

CVE-2025-58075 Arbitrary Mattermost Team can be joined by manipulating the SAML RelayState

Mattermost versions 10.11.x = 10.11.1, 10.10.x = 10.10.2, 10.5.x = 10.5.10 fail to verify a user has permission to join a Mattermost team using the original invite token which allows any attacked to join any team on a Mattermost server regardless of restrictions via manipulating the RelayState...

8.1CVSS6.5AI score0.00314EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-1960

Malware in sbrugna...

3.3CVSS4.5AI score0.0015EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2012-1613

Malware in sbrugna...

5CVSS6.2AI score0.00982EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2021-1426

Malware in sbrugna...

4.3CVSS4.7AI score0.0164EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-4825

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00615EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-25565

Malicious code in bioql PyPI...

3.3CVSS4.7AI score0.00089EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-6362

Malicious code in bioql PyPI...

4.3CVSS4.9AI score0.00581EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-33188

Malicious code in bioql PyPI...

6.5CVSS5.1AI score0.00548EPSS
Exploits0References1
Rows per page
Query Builder