Lucene search
K

2391 matches found

CVE
CVE
added yesterday3 views

CVE-2026-47422

CVE-2026-47422 affects the Frappe framework. An endpoint in reportview allowed unrestricted access to save_report due to missing permission checks prior to versions 15.107.5 and 16.18.2. The issue is fixed in those versions (15.107.5 and 16.18.2). The provided references include a GitHub advisory...

5.3CVSS6.1AI score
Exploits0References1
NVD
NVD
added yesterday7 views

CVE-2026-59796

In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks...

8.1CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday4 views

CVE-2026-59796

In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks...

8.1CVSS
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-42914

In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks...

8.1CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-59796

CVE-2026-59796 affects JetBrains TeamCity prior to 2026.1.2. The issue arises from improper permission checks that could allow pipeline modification. Documented impact is pipeline modification with high impact on confidentiality and integrity (per CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). N...

8.1CVSS6.1AI score
Exploits0References1
NVD
NVD
added 5 days ago8 views

CVE-2026-53640

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, low-privileged staff accounts may read sensitive data via admin API endpoints that lack permission checks. While sibling write endpoints correctly enforce fine-grained permissions, the corresponding...

2.3CVSS0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-53643 FOSSBilling allows low-privileged staff accounts to perform unauthorized actions via admin API endpoints

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow low-privileged staff accounts to perform unauthorized actions via admin API endpoints. The root cause is a combination of the canalwaysaccess module flag which grants all staff access to certain...

8.7CVSS0.00226EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-53643

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow low-privileged staff accounts to perform unauthorized actions via admin API endpoints. The root cause is a combination of the canalwaysaccess module flag which grants all staff access to certain...

8.7CVSS6AI score0.00226EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-53913 Apache Camel Keycloak: KeycloakSecurityPolicy verifies the bearer access token only inside its role and permission checks, so in the default configuration the token is never verified and any non-null bearer value is accepted

Improper Authentication, Missing Authentication for Critical Function, Not Failing Securely 'Failing Open' vulnerability in Apache Camel Keycloak Component. The KeycloakSecurityPolicy of camel-keycloak guards a route by running KeycloakSecurityProcessor.beforeProcess, which performs three checks ...

0.00619EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56036

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description Low-privileged staff accounts can perform unauthorized actions through admin API endpoints. This issue stems from the can always access module flag, which grants all staff access to specific...

8.7CVSS6AI score0.00226EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-56033

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description Low-privileged staff accounts can read sensitive data through admin API endpoints that lack proper permission checks. Although write endpoints enforce fine-grained permissions, the corresponding...

2.3CVSS6AI score0.00226EPSS
Exploits0References5
Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to insufficient permission checks in the process for updating or rebasing pull request branches. An attacker can gain unauthorized access or modify protected branches by exploiting this weakness. Remediation...

7.5CVSS6AI score0.00322EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 9:16 p.m.5 views

CVE-2026-27771

Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information...

8.2CVSS0.40738EPSS
Exploits1References4
NVD
NVD
added 2026/07/03 9:16 p.m.5 views

CVE-2026-24690

Gitea versions before 1.25.5 have insufficient permission checks for updating or rebasing pull request branches...

7.5CVSS0.00322EPSS
Exploits0References4
NVD
NVD
added 2026/07/03 9:16 p.m.6 views

CVE-2026-20909

Gitea versions before 1.25.5 have insufficient permission checks when listing tracked time entries...

5.3CVSS0.00286EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.35 views

CVE-2026-27660 Gitea draft releases use insufficient permission checks

Gitea versions before 1.25.5 allow draft release data or attachments to be accessed without the required write permission...

0.00345EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.6 views

CVE-2026-27771

Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information...

8.2CVSS7.3AI score0.40738EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.39 views

CVE-2026-27771 Gitea Composer package source links use insufficient permission checks

Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information...

8.2CVSS0.40738EPSS
Exploits1References4
CVE
CVE
added 2026/07/03 8:19 p.m.81 views

CVE-2026-27771

CVE-2026-27771 affects Gitea container registry prior to 1.26.2. The root cause is ReqContainerAccess not enforcing per-owner visibility, allowing ghost users (UserID: -1) to access private container images via standard OCI/Docker endpoints. Impact: unauthenticated access can expose private/inter...

8.2CVSS7.2AI score0.40738EPSS
Exploits1References4
CVE
CVE
added 2026/07/03 8:19 p.m.10 views

CVE-2026-24690

Gitea before version 1.25.5 contains insufficient permission checks when updating or rebasing pull request branches, enabling an access control bypass. The issue affects the pull service logic (e.g., related to PR update/rebase paths) and has been addressed by upgrading to Gitea 1.25.5 or later. ...

7.5CVSS6AI score0.00322EPSS
Exploits0References4
Rows per page
Query Builder