Lucene search
+L

244 matches found

NVD
NVD
added 4 days ago4 views

CVE-2026-59235

Missing Authorization CWE-862 in BankAccountListController app/Http/Controllers/Api/BankAccount/BankAccountListController.php, exposed at GET /api/bank-account, in Prospero Flow CRM companyid-get, performing only company scoping and no role or permission check before returning the data. This...

8.7CVSS0.00413EPSS
Exploits0References3
NVD
NVD
added 4 days ago6 views

CVE-2026-11580

The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.17 does not perform a per-object capability check in its post-duplication AJAX action, allowing users with Contributor-level access or above to duplicate any post regardless of owner, post type, or status into a...

5.5CVSS0.00189EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-60060

Summary Apollo Portal versions before 2.5.0 do not verify application and namespace permissions when an authenticated user requests a release by ID through GET /envs/env/releases/releaseId. When configView.memberOnly.envs is enabled for the requested environment, a low-privileged Portal user can...

6.5CVSS6.1AI score0.00415EPSS
Exploits0References7
NVD
NVD
added 2026/07/01 10:16 p.m.5 views

CVE-2026-54261

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, due to a missing permission check on the image preview endpoint, a user with access to the Wagtail admin can preview any image. The existing data of the image object itself is not...

6.5CVSS0.00201EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 9:10 p.m.8 views

CVE-2026-54261

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, due to a missing permission check on the image preview endpoint, a user with access to the Wagtail admin can preview any image. The existing data of the image object itself is not...

6.5CVSS5.6AI score0.00201EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/30 5:16 p.m.10 views

CVE-2026-58373

CVAT before 2.69.0 contains an improper authorization vulnerability in QualityReportViewSet.getqueryset that allows authenticated attackers to enumerate quality report identifiers belonging to other organizations by exploiting a missing checkobjectpermissions call on the parentid query parameter ...

5.3CVSS0.002EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.6 views

CVE-2026-57304

A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username and password...

5.4CVSS5.8AI score0.00161EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 1:20 p.m.14 views

EUVD-2026-38780

Missing permission checks in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allow attackers with Overall/Read permission to enumerate the names of configured Contrast metadata...

5.9AI score0.00167EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 1:20 p.m.25 views

CVE-2026-57285

CVE-2026-57285: A missing permission check in Jenkins GitHub Branch Source Plugin (versions 1967.1969.v205fd594c821 and earlier) allows users with Overall/Read permission to obtain the URLs of GitHub Enterprise servers configured in the global plugin configuration. Affected component: Jenkins Git...

4.3CVSS5.9AI score0.00216EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51690

Name of the Vulnerable Software and Affected Versions Devs Accounting – Simple Accounting and Invoicing Solution versions prior to 1.2.1 Description A missing capability check in the delete single account function allows unauthorized modification or deletion of data. The REST route...

5.3CVSS5.9AI score0.00227EPSS
Exploits0References9
Jenkins Security Advisories
Jenkins Security Advisories
added 2026/06/24 12:0 a.m.10 views

CSRF vulnerability and missing permission check in zdevops

zdevops 1.1.3.50.ve350c9b450b1 and earlier does not perform a permission check in an HTTP endpoint implementing a connection test. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

4.2CVSS5.8AI score0.0014EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/06/17 7:21 a.m.14 views

CVE-2026-28587

CVE-2026-28587 affects the MmsSmsProvider component (MmsSmsProvider.java), enabling local information disclosure via a missing permission check. Exploitation requires no user interaction and does not require additional privileges; impact is confined to information disclosure. The vulnerability is...

10CVSS5.5AI score0.00115EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.24 views

PT-2026-50236

Name of the Vulnerable Software and Affected Versions Package Manager affected versions not specified Description A missing permission check in Package Manager allows for a device lock controller bypass. This issue enables local escalation of privilege without requiring additional execution...

10CVSS5.5AI score0.00218EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/16 9:32 p.m.15 views

EUVD-2026-37216

In smmuattachdev of arm-smmu-v3.c, there is a possible way to sign malicious Android Runtime bootclass artifacts due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5AI score0.00067EPSS
Exploits0References2
OSV
OSV
added 2026/06/10 2:16 p.m.2 views

CVE-2026-53438

A missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Cancel permission, but lacking Item/Read permission, to cancel queue items they do not have permission to view...

4.3CVSS6AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.13 views

PT-2026-48423

Name of the Vulnerable Software and Affected Versions Jenkins versions prior to 2.568 Jenkins LTS versions prior to 2.555.3 Description A missing permission check allows attackers who possess the Item/Cancel permission, but lack the Item/Read permission, to cancel queue items that they are not...

4.3CVSS5.2AI score0.00213EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/02 12:31 a.m.20 views

EUVD-2026-33801

In multiple functions of PackageInstallerService.java, there is a possible way to install unverified apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00067EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/01 9:14 p.m.36 views

CVE-2025-26418

In setUserDisclaimerAcknowledged of CarDevicePolicyService.java, there is a possible way to bypass the user dialog when adding an account to a managed device due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User...

0.00068EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 5:38 p.m.20 views

EUVD-2026-33728

In addInputMethodListener of com.android.server.inputmethod.InputMethodManagerService, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS5.9AI score0.00122EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/14 8:15 p.m.12 views

Open WebUI: Missing permission check in files API allows authenticated users to list, access and delete every uploaded file

Summary A missing permission check in all files related API endpoints allows any authenticated user to list, access and delete every file uploaded by every user to the platform. Details All files/ related endpoints lack permission checks. Listing all files For example, let's see how file listing ...

8.1CVSS5.8AI score0.00273EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder