CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19 matches found

Tenable Nessus•added 2026/03/30 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2026-21724

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify...

5.4CVSS5.8AI score0.00019EPSS

Exploits0References2

SUSE CVE•added 2026/03/28 6:26 p.m.•1 views

SUSE CVE-2026-21724

A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission...

5.4CVSS5.7AI score0.00019EPSS

Exploits0References6

NVD•added 2026/03/26 9:17 p.m.•1 views

CVE-2026-21724

5.4CVSS0.00019EPSS

Exploits0References1

UbuntuCve•added 2026/03/26 9:17 p.m.•1 views

CVE-2026-21724

5.4CVSS5.7AI score0.00019EPSS

Exploits0References2

CVE•added 2026/03/26 8:6 p.m.•32 views

CVE-2026-21724

Grafana OSS vulnerability CVE-2026-21724: a flaw in the Provisioning Contact Points API allows users with Editor role to bypass authorization and modify protected webhook URLs without the alert.notifications.protected:write permission. Impact is limited to unauthorized changes to protected webhoo...

5.4CVSS5.7AI score0.00019EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/03/26 3:2 p.m.•2 views

CVE-2026-32130

ZITADEL is an open source identity management platform. From 2.68.0 to before 3.4.8 and 4.12.2, Zitadel provides a System for Cross-domain Identity Management SCIM API to provision users from external providers into Zitadel. Request to the API with URL-encoded path values were correctly routed bu...

7.5CVSS5.8AI score0.00255EPSS

Exploits0References1

Positive Technologies•added 2026/03/26 12:0 a.m.•2 views

PT-2026-28321

Name of the Vulnerable Software and Affected Versions Grafana OSS affected versions not specified Description An authorization bypass exists in the provisioning contact points API. This allows users with the Editor role to modify protected webhook URLs without the necessary...

9.8CVSS5.9AI score0.00398EPSS

Exploits4References58

Grafana•added 2026/03/25 12:0 a.m.•5 views

Missing Protected-field Authorization in Provisioning Contact Points API

5.4CVSS5.7AI score0.00019EPSS

Exploits0

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-2361

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00083EPSS

Exploits0References4

NVD•added 2024/11/14 4:15 p.m.•18 views

CVE-2024-52505

matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The provisioning API of the matrix-appservice-irc bridge up to version 3.0.2 contains a vulnerability which can lead to arbitrary IRC command execution as the bridge IRC bot. The vulnerability has been patched in...

5.4CVSS0.0038EPSS

Exploits0References2

Cvelist•added 2024/11/14 3:29 p.m.•19 views

CVE-2024-52505 matrix-appservice-irc allows IRC Command injection in provisioning API

5.4CVSS0.0038EPSS

Exploits0References2

OSV•added 2024/11/14 3:29 p.m.•7 views

CVE-2024-52505 matrix-appservice-irc allows IRC Command injection in provisioning API

5.4CVSS7.2AI score0.0038EPSS

Exploits0References4

CVE•added 2024/11/14 3:29 p.m.•80 views

CVE-2024-52505

CVE-2024-52505 affects the matrix-appservice-irc Node.js IRC bridge. The provisioning API in versions up to 3.0.2 allowed arbitrary IRC command execution by the bridge bot, as described in multiple sources. A fix exists in version 3.0.3, which patches the vulnerability. No exploitation details ar...

5.4CVSS5.7AI score0.0038EPSS

Exploits0References2

Vulnrichment•added 2024/11/14 3:29 p.m.•15 views

CVE-2024-52505 matrix-appservice-irc allows IRC Command injection in provisioning API

5.4CVSS7.2AI score0.0038EPSS

Exploits0References2

Positive Technologies•added 2024/11/14 12:0 a.m.•2 views

PT-2024-35345 · Unknown · Matrix-Appservice-Irc

Name of the Vulnerable Software and Affected Versions: matrix-appservice-irc versions 3.0.2 and earlier Description: The provisioning API of the matrix-appservice-irc bridge contains a vulnerability that can lead to arbitrary IRC command execution as the bridge IRC bot. This issue is related to...

5.4CVSS8AI score0.0038EPSS

Exploits0References7

OSV•added 2023/08/04 5:26 p.m.•14 views

GHSA-VC7J-H8XG-FV5X matrix-appservice-bridge doesn't verify the sub parameter of an openId token exhange, allowing unauthorized access to provisioning APIs

Impact A malicious Matrix server can use a foreign user's MXID in an OpenID exchange, allowing a bad actor to impersonate users when using the provisioning API. Details The library does not check that the servername part of the sub parameter containing the user's claimed MXID is the same as the...

5CVSS5.5AI score0.00083EPSS

Exploits0References4

Prion•added 2023/08/04 5:15 p.m.•12 views

Code injection

matrix-appservice-bridge provides an API for setting up bridges. Starting in version 4.0.0 and prior to versions 8.1.2 and 9.0.1, a malicious Matrix server can use a foreign user's MXID in an OpenID exchange, allowing a bad actor to impersonate users when using the provisioning API. The library...

4CVSS6.4AI score0.00083EPSS

Exploits0References2Affected Software1

Cvelist•added 2023/08/04 4:34 p.m.•14 views

CVE-2023-38691 matrix-appservice-bridge doesn't verify the sub parameter of an openId token exhange, allowing unauthorized access to provisioning APIs

5CVSS6.6AI score0.00083EPSS

Exploits0References2

Vulnrichment•added 2023/08/04 4:34 p.m.•11 views

CVE-2023-38691 matrix-appservice-bridge doesn't verify the sub parameter of an openId token exhange, allowing unauthorized access to provisioning APIs

5CVSS6.7AI score0.00083EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by