Lucene search
K

2380 matches found

NVD
NVD
added 2 days ago6 views

CVE-2026-53640

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, low-privileged staff accounts may read sensitive data via admin API endpoints that lack permission checks. While sibling write endpoints correctly enforce fine-grained permissions, the corresponding...

2.3CVSS0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-53643 FOSSBilling allows low-privileged staff accounts to perform unauthorized actions via admin API endpoints

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow low-privileged staff accounts to perform unauthorized actions via admin API endpoints. The root cause is a combination of the canalwaysaccess module flag which grants all staff access to certain...

8.7CVSS0.00226EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago5 views

CVE-2026-53643

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow low-privileged staff accounts to perform unauthorized actions via admin API endpoints. The root cause is a combination of the canalwaysaccess module flag which grants all staff access to certain...

8.7CVSS6AI score0.00226EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-53913 Apache Camel Keycloak: KeycloakSecurityPolicy verifies the bearer access token only inside its role and permission checks, so in the default configuration the token is never verified and any non-null bearer value is accepted

Improper Authentication, Missing Authentication for Critical Function, Not Failing Securely 'Failing Open' vulnerability in Apache Camel Keycloak Component. The KeycloakSecurityPolicy of camel-keycloak guards a route by running KeycloakSecurityProcessor.beforeProcess, which performs three checks ...

0.00291EPSS
Exploits0References1
Snyk
Snyk
added 5 days ago2 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to insufficient permission checks in the process for updating or rebasing pull request branches. An attacker can gain unauthorized access or modify protected branches by exploiting this weakness. Remediation...

7.5CVSS6AI score0.00159EPSS
Exploits0References2
NVD
NVD
added 5 days ago4 views

CVE-2026-27771

Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information...

8.2CVSS0.40738EPSS
Exploits1References4
NVD
NVD
added 5 days ago4 views

CVE-2026-24690

Gitea versions before 1.25.5 have insufficient permission checks for updating or rebasing pull request branches...

7.5CVSS0.00159EPSS
Exploits0References4
NVD
NVD
added 5 days ago4 views

CVE-2026-20909

Gitea versions before 1.25.5 have insufficient permission checks when listing tracked time entries...

5.3CVSS0.00159EPSS
Exploits0References4
CVE
CVE
added 5 days ago77 views

CVE-2026-27771

CVE-2026-27771 affects Gitea container registry prior to 1.26.2. The root cause is ReqContainerAccess not enforcing per-owner visibility, allowing ghost users (UserID: -1) to access private container images via standard OCI/Docker endpoints. Impact: unauthenticated access can expose private/inter...

8.2CVSS7.2AI score0.40738EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-27771

Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information...

8.2CVSS7.3AI score0.40738EPSS
Exploits1References5
Cvelist
Cvelist
added 5 days ago37 views

CVE-2026-27771 Gitea Composer package source links use insufficient permission checks

Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information...

8.2CVSS0.40738EPSS
Exploits1References4
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-27660 Gitea draft releases use insufficient permission checks

Gitea versions before 1.25.5 allow draft release data or attachments to be accessed without the required write permission...

0.00166EPSS
Exploits0References4
CVE
CVE
added 5 days ago9 views

CVE-2026-24690

Gitea before version 1.25.5 contains insufficient permission checks when updating or rebasing pull request branches, enabling an access control bypass. The issue affects the pull service logic (e.g., related to PR update/rebase paths) and has been addressed by upgrading to Gitea 1.25.5 or later. ...

7.5CVSS6AI score0.00159EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-41620

Gitea versions before 1.25.5 have insufficient permission checks for updating or rebasing pull request branches...

6AI score0.00159EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-24690 Gitea pull-request branch updates use insufficient permission checks

Gitea versions before 1.25.5 have insufficient permission checks for updating or rebasing pull request branches...

0.00159EPSS
Exploits0References4
CVE
CVE
added 5 days ago8 views

CVE-2026-20909

Gitea (go-gitea/gitea) versions before 1.25.5 are affected by an access control issue in the tracked-time list endpoint, allowing potential disclosure of time-tracking data due to insufficient permission checks. The vulnerability is mitigated by upgrading to version 1.25.5 or higher (as per the l...

5.3CVSS6AI score0.00159EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-41615

Gitea versions before 1.25.5 have insufficient permission checks when listing tracked time entries...

6AI score0.00159EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-20909 Gitea tracked-time list endpoint has insufficient permission checks

Gitea versions before 1.25.5 have insufficient permission checks when listing tracked time entries...

0.00159EPSS
Exploits0References4
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-41214

Craft CMS: Authorship spoofing in entries/save-entry via pre-check/post-mutation authorization gap...

7.6CVSS5.8AI score0.00245EPSS
Exploits0References3
EUVD
EUVD
added last week9 views

EUVD-2026-40937

The Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized Private Content Disclosure in all versions up to, and including, 4.9.8 via the /wp-json/slim-seo/meta-tags/ai REST API endpoint. This is due to the endpoint's permissioncallback performin...

4.3CVSS5.9AI score0.00257EPSS
Exploits0References8
Rows per page
Query Builder