Lucene search
K

2379 matches found

NVD
NVD
added yesterday6 views

CVE-2026-53640

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, low-privileged staff accounts may read sensitive data via admin API endpoints that lack permission checks. While sibling write endpoints correctly enforce fine-grained permissions, the corresponding...

2.3CVSS0.00031EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday25 views

CVE-2026-53643 FOSSBilling allows low-privileged staff accounts to perform unauthorized actions via admin API endpoints

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow low-privileged staff accounts to perform unauthorized actions via admin API endpoints. The root cause is a combination of the canalwaysaccess module flag which grants all staff access to certain...

8.7CVSS0.00053EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-53643

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow low-privileged staff accounts to perform unauthorized actions via admin API endpoints. The root cause is a combination of the canalwaysaccess module flag which grants all staff access to certain...

8.7CVSS6AI score0.00053EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added yesterday25 views

CVE-2026-53913 Apache Camel Keycloak: KeycloakSecurityPolicy verifies the bearer access token only inside its role and permission checks, so in the default configuration the token is never verified and any non-null bearer value is accepted

Improper Authentication, Missing Authentication for Critical Function, Not Failing Securely 'Failing Open' vulnerability in Apache Camel Keycloak Component. The KeycloakSecurityPolicy of camel-keycloak guards a route by running KeycloakSecurityProcessor.beforeProcess, which performs three checks ...

0.00291EPSS
Exploits0References1
NVD
NVD
added 4 days ago4 views

CVE-2026-27771

Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information...

8.2CVSS0.40738EPSS
Exploits1References4
NVD
NVD
added 4 days ago4 views

CVE-2026-24690

Gitea versions before 1.25.5 have insufficient permission checks for updating or rebasing pull request branches...

7.5CVSS0.00159EPSS
Exploits0References4
NVD
NVD
added 4 days ago4 views

CVE-2026-20909

Gitea versions before 1.25.5 have insufficient permission checks when listing tracked time entries...

5.3CVSS0.00159EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago37 views

CVE-2026-27771 Gitea Composer package source links use insufficient permission checks

Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information...

8.2CVSS0.40738EPSS
Exploits1References4
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-27660 Gitea draft releases use insufficient permission checks

Gitea versions before 1.25.5 allow draft release data or attachments to be accessed without the required write permission...

0.00166EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-27771

Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information...

8.2CVSS7.3AI score0.40738EPSS
Exploits1References5
CVE
CVE
added 4 days ago77 views

CVE-2026-27771

CVE-2026-27771 affects Gitea container registry prior to 1.26.2. The root cause is ReqContainerAccess not enforcing per-owner visibility, allowing ghost users (UserID: -1) to access private container images via standard OCI/Docker endpoints. Impact: unauthenticated access can expose private/inter...

8.2CVSS7.2AI score0.40738EPSS
Exploits1References4
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-41620

Gitea versions before 1.25.5 have insufficient permission checks for updating or rebasing pull request branches...

6AI score0.00159EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-24690 Gitea pull-request branch updates use insufficient permission checks

Gitea versions before 1.25.5 have insufficient permission checks for updating or rebasing pull request branches...

0.00159EPSS
Exploits0References4
CVE
CVE
added 4 days ago9 views

CVE-2026-24690

Gitea versions before 1.25.5 have insufficient permission checks for updating or rebasing pull request branches...

7.5CVSS6AI score0.00159EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-41615

Gitea versions before 1.25.5 have insufficient permission checks when listing tracked time entries...

6AI score0.00159EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-20909 Gitea tracked-time list endpoint has insufficient permission checks

Gitea versions before 1.25.5 have insufficient permission checks when listing tracked time entries...

0.00159EPSS
Exploits0References4
CVE
CVE
added 4 days ago8 views

CVE-2026-20909

Gitea versions before 1.25.5 have insufficient permission checks when listing tracked time entries...

5.3CVSS6AI score0.00159EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-41214

Craft CMS: Authorship spoofing in entries/save-entry via pre-check/post-mutation authorization gap...

7.6CVSS5.8AI score0.00245EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago9 views

EUVD-2026-40937

The Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized Private Content Disclosure in all versions up to, and including, 4.9.8 via the /wp-json/slim-seo/meta-tags/ai REST API endpoint. This is due to the endpoint's permissioncallback performin...

4.3CVSS5.9AI score0.00257EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/30 3:56 p.m.6 views

EUVD-2026-40356

RuoYi-Vue-Plus through 5.6.2, fixed in commit 88d03d9, exposes workflow task management endpoints under /workflow/task FlwTaskController without any permission check: the controller declares no class-level or method-level authorization annotation, so the endpoints are gated only by global...

7.1CVSS5.9AI score0.00264EPSS
Exploits0References3
Rows per page
Query Builder