CVE-2026-30269

Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/username. The role field is accepted by the update model without a manageusers permission check for self-updates, enabling privileg...

doorman 安全漏洞

Doorman is a configuration manager developed by Marcin Wielgoszewski. Versions 0.1.0 and 1.0.2 of Doorman contain security vulnerabilities. These vulnerabilities stem from improper access control, allowing any authenticated user to update their own account role to a non-administrator privilege ro...

SUSE CVE-2026-29196

Netmaker makes networks with WireGuard. Prior to version 1.5.0, a user assigned the platform-user role can retrieve WireGuard private keys of all wireguard configs in a network by calling GET /api/extclients/network or GET /api/nodes/network. While the Netmaker UI restricts visibility, the API...

EUVD-2026-10161

Netmaker: Service User with Network Access Can Access config files with WireGuard Private Keys...

CVE-2026-29196

Netmaker makes networks with WireGuard. Prior to version 1.5.0, a user assigned the platform-user role can retrieve WireGuard private keys of all wireguard configs in a network by calling GET /api/extclients/network or GET /api/nodes/network. While the Netmaker UI restricts visibility, the API...

CVE-2026-29196 Netmaker: Service User with Network Access Can Access config files with WireGuard Private Keys

Netmaker makes networks with WireGuard. Prior to version 1.5.0, a user assigned the platform-user role can retrieve WireGuard private keys of all wireguard configs in a network by calling GET /api/extclients/network or GET /api/nodes/network. While the Netmaker UI restricts visibility, the API...

CVE-2026-29196 Netmaker: Service User with Network Access Can Access config files with WireGuard Private Keys

Netmaker makes networks with WireGuard. Prior to version 1.5.0, a user assigned the platform-user role can retrieve WireGuard private keys of all wireguard configs in a network by calling GET /api/extclients/network or GET /api/nodes/network. While the Netmaker UI restricts visibility, the API...

CVE-2026-29196 Netmaker: Service User with Network Access Can Access config files with WireGuard Private Keys

Netmaker makes networks with WireGuard. Prior to version 1.5.0, a user assigned the platform-user role can retrieve WireGuard private keys of all wireguard configs in a network by calling GET /api/extclients/network or GET /api/nodes/network. While the Netmaker UI restricts visibility, the API...

CVE-2026-29196

CVE-2026-29196 affects Netmaker prior to 1.5.0, where a user with the platform-user role could obtain WireGuard private keys for all configs in a network via API calls to GET /api/extclients/{network} or GET /api/nodes/{network}. The UI restricts visibility, but these API endpoints return full re...

PT-2026-23871

Name of the Vulnerable Software and Affected Versions Netmaker versions prior to 1.5.0 Description Netmaker, a networking tool utilizing WireGuard, contains an issue where a user with the platform-user role can access WireGuard private keys for all configurations within a network. This occurs...

CVE-2024-45605

Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user delete the user issue alert notifications for arbitrary users given a know alert ID. A patch was issued to ensure authorization checks are properly scoped on requests to delete user alert...

CVE-2022-41930 org.xwiki.platform:xwiki-platform-user-profile-ui missing authorization to enable or disable users

org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users. Any user logged in or not with access to the page XWiki.XWikiUserProfileSheet can enable or disable any user profile. This might allow to a disabled user to re-enable themselves, or to an attack...

Session fixation

XS Command-Line Interface CLI user sessions with the SAP HANA Extended Application Services XS, version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even after corresponding...

CVE-2018-2451

XS Command-Line Interface CLI user sessions with the SAP HANA Extended Application Services XS, version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even after corresponding...