Lucene search
K

4521 matches found

Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.29 views

PT-2026-42450

Name of the Vulnerable Software and Affected Versions CODESYS Visualization affected versions not specified Description Insufficient isolation of authentication data may cause the remote exposure of credentials between low privileged visualization users during concurrent login operations. This...

6.9CVSS5.8AI score0.00244EPSS
Exploits0References5
CVE
CVE
added 2026/05/19 9:39 a.m.32 views

CVE-2026-45187

CVE-2026-45187 describes an improper authorization flaw in the Apache OFBiz Webtools component. The issue affects OFBiz versions before 24.09.06 and is documented as a vulnerability in the scheduled job creation flow that allows low-privileged users to submit system jobs. The CVSS 3.1 base score ...

6.5CVSS5.8AI score0.00513EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.12 views

PT-2026-41892

Name of the Vulnerable Software and Affected Versions Sparx Pro Cloud Server versions 6.1 build 167 and earlier Description Broken Access Control exists in the communication with the database. Due to a lack of permission checks, a low privileged user can execute arbitrary SQL queries within the...

8.8CVSS6.1AI score0.00598EPSS
Exploits2References8
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.16 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from the possibility for low-privilege users to bypass security controls and disable the implicit flow of OIDC clients, potentially leading to the leakage o...

7.1CVSS5.8AI score0.00344EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.16 views

PT-2026-41638

The Ajax Load More WordPress plugin before 7.8.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

5.8AI score0.00184EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/13 12:48 a.m.11 views

EUVD-2026-29829

PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions...

6.9CVSS5.8AI score0.00161EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/12 4:33 p.m.10 views

EUVD-2026-29537

Zulip is an open-source team collaboration tool. Prior to 12.0, With messageedithistoryvisibilitypolicy set to "moves", /api/v1/messages/id/history still returns historical content values, allowing low-privilege users to recover text that was edited away from other users' messages. This...

6CVSS5.8AI score0.00247EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Subnet Solutions PowerSYSTEM Center 安全漏洞

Subnet Solutions PowerSYSTEM Center is a power solution offered by Subnet Solutions. There is a security vulnerability present in Subnet Solutions PowerSYSTEM Center. This vulnerability stems from insufficient permission restrictions on the REST API endpoints exported by device accounts. As a...

8.4CVSS5.8AI score0.00135EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/08 12:0 a.m.10 views

CVE-2025-67887

1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. NOTE: this is disputed by the Supplier because this is intended behavior for the high-privilege...

6AI score0.01549EPSS
Exploits4References6
CVE
CVE
added 2026/05/07 1:53 p.m.22 views

CVE-2026-41689

CVE-2026-41689 affects Wallos up to version 4.8.4. The webhook notification feature reuses an administrator-configured local-target allowlist for all logged-in users, allowing any normal user to fully control a webhook URL, headers, and body, then send server-side requests to allowlisted internal...

6CVSS5.9AI score0.00176EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/21 12:0 a.m.4 views

CVE-2026-30452

Textpattern CMS 4.9.0 contains a Broken Access Control vulnerability in the article management system that allows authenticated users with low privileges to modify articles owned by users with higher privileges. By manipulating the article ID parameter during the duplicate-and-save workflow in...

5.8AI score0.00247EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/21 12:0 a.m.6 views

CVE-2026-30452

Textpattern CMS 4.9.0 contains a Broken Access Control vulnerability in the article management system that allows authenticated users with low privileges to modify articles owned by users with higher privileges. By manipulating the article ID parameter during the duplicate-and-save workflow in...

5.8AI score0.00247EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.11 views

Fudo Enterprise 安全漏洞

Fudo Enterprise is a security control platform for privileged access management and session auditing developed by the Polish company Fudo. Versions of Fudo Enterprise 5.6.2 and earlier contained security vulnerabilities. These vulnerabilities were due to inadequate protection of API endpoints,...

6.5CVSS5.8AI score0.00257EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.10 views

WordPress plugin Email Encoder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

3.5CVSS5.9AI score0.00213EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.7 views

SAP Human Capital Management 安全漏洞

SAP Human Capital Management is a corporate human resources management and employee lifecycle management system developed by the German company SAP. There is a security vulnerability in SAP Human Capital Management. This vulnerability stems from specific messages returned by the system during...

6.5CVSS5.8AI score0.00269EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/13 6:11 p.m.2 views

CVE-2026-40043 Pachno 1.0.6 Authentication Bypass via runSwitchUser()

Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser action that allows authenticated low-privilege users to escalate privileges by manipulating the originalusername cookie. Attackers can set the client-controlled originalusername cookie to any value and request a...

7.1CVSS5.8AI score0.00304EPSS
Exploits1References2
NVD
NVD
added 2026/04/09 6:17 p.m.5 views

CVE-2026-40071

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the /json/packageorder, /json/linkorder, and /json/abortlink WebUI JSON endpoints enforce weaker permissions than the core API methods they invoke. This allows authenticated low-privileged users to execut...

5.4CVSS0.00219EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/09 5:36 p.m.23 views

CVE-2026-40071 pyLoad WebUI JSON permission mismatch lets ADD/DELETE users invoke MODIFY-only actions

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the /json/packageorder, /json/linkorder, and /json/abortlink WebUI JSON endpoints enforce weaker permissions than the core API methods they invoke. This allows authenticated low-privileged users to execut...

5.4CVSS0.00219EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.6 views

Juniper Networks Junos OS MX 安全漏洞

Juniper Networks Junos OS MX is a network operating system specifically designed for hardware devices used by Juniper Networks. This operating system provides secure programming interfaces and the Junos SDK. There were security vulnerabilities in versions of Junos OS MX prior to 24.4R2-S3 and...

8.8CVSS5.8AI score0.00138EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.9 views

xyOps 安全漏洞

xyOps is a multi-server task scheduling and execution platform developed by Joseph Huckaby. Versions of xyOps prior to 0.9.111 contained security vulnerabilities. These vulnerabilities stemmed from the server’s lack of authorization checks when applying the updateevent key in JSON outputs, allowi...

5.4CVSS6AI score0.00178EPSS
Exploits1References1
Rows per page
Query Builder