4521 matches found
CVE-2026-3103
A logic error in the removepassword function in Checkmk GmbH's Checkmk versions 2.4.0p23, 2.3.0p43, and 2.2.0 EOL allows a low-privileged user to cause data loss...
Checkmk 安全漏洞
Checkmk is an IT monitoring platform developed by Checkmk Corporation. Checkmk has a security vulnerability, which stems from a logical error in the removepassword function. This vulnerability could potentially lead to data loss for users with low privileges...
EUVD-2025-208131
n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass...
UBUNTU-CVE-2025-9572
n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass...
CVE-2025-9572 Foreman: satellite: graphql api permission bypass leads to information disclosure
n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leading to an authorization bypass...
GO-2026-4560 Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users in github.com/fleetdm/fleet
Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users in github.com/fleetdm/fleet...
CVE-2026-27151
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the moveposts action only checked canmoveposts? on the source topic but never validated write permissions on the destination topic. This allowed TL4 users and category group moderators to move...
GHSA-2V6M-6XW3-6467 Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users
Summary A vulnerability in Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources associated with the service account. Impact Fleet returns configuration da...
Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users
Summary A vulnerability in Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources associated with the service account. Impact Fleet returns configuration da...
BIT-SUPERSET-2026-23983 Apache Superset: Sensitive Data Exposure via REST API (disabled by default)
A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The Tag endpoint disabled by default allows users to retrieve a list of objects associated with a specific tag. When these associated objects include Users, the A...
CVE-2026-25131
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a Broken Access Control vulnerability exists in the OpenEMR order types management system, allowing low-privilege users such as Receptionist to add and modify procedure...
CVE-2026-27465 Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users
Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources...
CVE-2026-27465 Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users
Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources...
CVE-2026-27465 Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users
Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s configuration API could expose Google Calendar service account credentials to authenticated users with low-privilege roles. This may allow unauthorized access to Google Calendar resources...
CVE-2026-25131
OpenEMR prior to 8.0.0 contains a Broken Access Control issue in the orders types management system. The vulnerability lets low-privilege users (e.g., Receptionist) add or modify procedure types without proper authorization via /openemr/interface/orders/types_edit.php. Version 8.0.0 includes a pa...
CVE-2026-25124 OpenEMR has Broken Access Control in Report/Clients/Message List CSV Export
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the OpenEMR application is vulnerable to an access control flaw that allows low-privileged users, such as receptionists, to export the entire message list containing...
EUVD-2026-8583
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the OpenEMR application is vulnerable to an access control flaw that allows low-privileged users, such as receptionists, to export the entire message list containing...
CVE-2026-25124 OpenEMR has Broken Access Control in Report/Clients/Message List CSV Export
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the OpenEMR application is vulnerable to an access control flaw that allows low-privileged users, such as receptionists, to export the entire message list containing...
CVE-2025-67491
OpenEMR vulnerability CVE-2025-67491 affects versions 5.0.0.5–7.0.3.4, with a stored cross-site scripting flaw in the ub04 billing helper. The issue arises when $data is placed in a single-quoted click event handler without proper sanitization, allowing a malicious user to inject JS payloads desp...
OpenEMR 安全漏洞
OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0 contained security...