Lucene search
K

4521 matches found

RedhatCVE
RedhatCVE
added 2026/03/05 1:40 p.m.6 views

CVE-2026-3103

A logic error in the removepassword function in Checkmk GmbH's Checkmk versions 2.4.0p23, 2.3.0p43, and 2.2.0 EOL allows a low-privileged user to cause data loss...

5.4CVSS5.9AI score0.00173EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.7 views

Checkmk 安全漏洞

Checkmk is an IT monitoring platform developed by Checkmk Corporation. Checkmk has a security vulnerability, which stems from a logical error in the removepassword function. This vulnerability could potentially lead to data loss for users with low privileges...

5.4CVSS5.8AI score0.00173EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/27 9:30 a.m.10 views

EUVD-2025-208131

n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass...

5CVSS5.9AI score0.00348EPSS
Exploits0References8
OSV
OSV
added 2026/02/27 8:17 a.m.3 views

UBUNTU-CVE-2025-9572

n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass...

6.5CVSS5.8AI score0.00348EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/27 7:28 a.m.32 views

CVE-2025-9572 Foreman: satellite: graphql api permission bypass leads to information disclosure

n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass...

5CVSS0.00348EPSS
Exploits0References7
OSV
OSV
added 2026/02/27 2:17 a.m.5 views

GO-2026-4560 Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users in github.com/fleetdm/fleet

Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users in github.com/fleetdm/fleet...

6.5CVSS5.8AI score0.00241EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/26 7:57 p.m.6 views

CVE-2026-27151

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the moveposts action only checked canmoveposts? on the source topic but never validated write permissions on the destination topic. This allowed TL4 users and category group moderators to move...

5.3CVSS5.8AI score0.00154EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/02/26 7:53 p.m.4 views

GHSA-2V6M-6XW3-6467 Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users

Summary A vulnerability in Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources associated with the service account. Impact Fleet returns configuration da...

7.1CVSS5.6AI score0.00241EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/26 7:53 p.m.6 views

Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users

Summary A vulnerability in Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources associated with the service account. Impact Fleet returns configuration da...

6.5CVSS5.5AI score0.00241EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/02/26 8:54 a.m.5 views

BIT-SUPERSET-2026-23983 Apache Superset: Sensitive Data Exposure via REST API (disabled by default)

A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The Tag endpoint disabled by default allows users to retrieve a list of objects associated with a specific tag. When these associated objects include Users, the A...

6.5CVSS5.7AI score0.004EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/26 4:15 a.m.5 views

CVE-2026-25131

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a Broken Access Control vulnerability exists in the OpenEMR order types management system, allowing low-privilege users such as Receptionist to add and modify procedure...

8.8CVSS5.4AI score0.00325EPSS
Exploits1References1
OSV
OSV
added 2026/02/26 2:54 a.m.6 views

CVE-2026-27465 Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users

Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources...

5.3CVSS5.7AI score0.00241EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/26 2:54 a.m.3 views

CVE-2026-27465 Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users

Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources...

5.3CVSS5.5AI score0.00241EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/26 2:54 a.m.25 views

CVE-2026-27465 Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users

Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources...

5.3CVSS0.00241EPSS
Exploits0References1
CVE
CVE
added 2026/02/25 1:55 a.m.17 views

CVE-2026-25131

OpenEMR prior to 8.0.0 contains a Broken Access Control issue in the orders types management system. The vulnerability lets low-privilege users (e.g., Receptionist) add or modify procedure types without proper authorization via /openemr/interface/orders/types_edit.php. Version 8.0.0 includes a pa...

8.8CVSS5.4AI score0.00325EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/25 1:50 a.m.4 views

CVE-2026-25124 OpenEMR has Broken Access Control in Report/Clients/Message List CSV Export

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the OpenEMR application is vulnerable to an access control flaw that allows low-privileged users, such as receptionists, to export the entire message list containing...

6.5CVSS5.5AI score0.00264EPSS
Exploits1References2
EUVD
EUVD
added 2026/02/25 1:50 a.m.6 views

EUVD-2026-8583

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the OpenEMR application is vulnerable to an access control flaw that allows low-privileged users, such as receptionists, to export the entire message list containing...

6.5CVSS5.5AI score0.00264EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/25 1:50 a.m.21 views

CVE-2026-25124 OpenEMR has Broken Access Control in Report/Clients/Message List CSV Export

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the OpenEMR application is vulnerable to an access control flaw that allows low-privileged users, such as receptionists, to export the entire message list containing...

6.5CVSS0.00264EPSS
Exploits1References2
CVE
CVE
added 2026/02/25 12:31 a.m.12 views

CVE-2025-67491

OpenEMR vulnerability CVE-2025-67491 affects versions 5.0.0.5–7.0.3.4, with a stored cross-site scripting flaw in the ub04 billing helper. The issue arises when $data is placed in a single-quoted click event handler without proper sanitization, allowing a malicious user to inject JS payloads desp...

8.5CVSS5.2AI score0.00246EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.9 views

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0 contained security...

8.8CVSS5.8AI score0.00325EPSS
Exploits1References2
Rows per page
Query Builder