Lucene search
K

86 matches found

NVD
NVD
added 5 days ago8 views

CVE-2026-56776

n8n before 1.123.55, 2.25.7, and 2.26.2 contains an authorization bypass in the POST /workflows/workflowId/test-runs/new endpoint, which authorizes access using the workflow:read scope instead of workflow:execute. An authenticated user with read-only access to a workflow can trigger a real...

7.4CVSS0.00161EPSS
Exploits0References2
NVD
NVD
added 5 days ago8 views

CVE-2026-56778

n8n before 2.25.7 and 2.26.x before 2.26.2 contains an authorization bypass in the Public API execution retry endpoint, which authorizes access using the workflow:read scope instead of workflow:execute. An authenticated user with read-only access to a shared workflow can use the Public API to ret...

6.4CVSS0.00174EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-60124 MISP importModule missing authorization allows read-only users to modify events via misp_standard imports

An authorization bypass in MISP’s EventsController::importModule allowed authenticated users or read-only API keys with event view access to persist data to events they were not allowed to modify. When an import module returned results in the mispstandard format, the write path did not verify eve...

5.3CVSS0.0022EPSS
Exploits0References1
NVD
NVD
added 2026/07/03 9:16 p.m.8 views

CVE-2026-26231

Gitea versions up to and including 1.26.1 allow the Allow edits from maintainers permission path to authorize commits to repositories that the user can read but should not be able to write...

8.5CVSS0.00291EPSS
Exploits0References5
OSV
OSV
added 2026/06/16 12:37 p.m.4 views

BIT-DISCOURSE-2026-45085 Discourse: Chat misauthorization and information disclosure

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.4, 2026.3.0 to before 2026.3.1, and 2026.4.0 to before 2026.4.1, four authorization/disclosure issues in the chat plugin one also involving discourse-calendar: read-only category users could create chat...

5.3CVSS5.2AI score0.00213EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 9:16 p.m.17 views

CVE-2026-45085

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, four authorization/disclosure issues in the chat plugin one also involving discourse-calendar: read-only category users...

5.3CVSS0.00213EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 8:25 p.m.33 views

CVE-2026-45085 Discourse: Chat misauthorization and information disclosure

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, four authorization/disclosure issues in the chat plugin one also involving discourse-calendar: read-only category users...

5.3CVSS0.00213EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:25 p.m.10 views

EUVD-2026-36558

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, four authorization/disclosure issues in the chat plugin one also involving discourse-calendar: read-only category users...

5.3CVSS5.3AI score0.00213EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.11 views

CVE-2026-45544

Nextcloud is an open source content collaboration platform. From version 0.8.0 to before version 1.0.4, the view filter criteria is exposed to users with read-only permissions in Nextcloud Tables. This issue has been patched in versions 1.0.4 and 2.0.0...

4.3CVSS5.3AI score0.00222EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 7:16 p.m.11 views

CVE-2026-45544

Nextcloud is an open source content collaboration platform. From version 0.8.0 to before version 1.0.4, the view filter criteria is exposed to users with read-only permissions in Nextcloud Tables. This issue has been patched in versions 1.0.4 and 2.0.0...

4.3CVSS0.00222EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/01 5:3 p.m.9 views

CVE-2026-45544 Nextcloud: Information Disclosure of view filter metdata via Broken Sensitive Data Masking in ViewService

Nextcloud is an open source content collaboration platform. From version 0.8.0 to before version 1.0.4, the view filter criteria is exposed to users with read-only permissions in Nextcloud Tables. This issue has been patched in versions 1.0.4 and 2.0.0...

4.3CVSS5.7AI score0.00222EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/01 5:3 p.m.38 views

CVE-2026-45544 Nextcloud: Information Disclosure of view filter metdata via Broken Sensitive Data Masking in ViewService

Nextcloud is an open source content collaboration platform. From version 0.8.0 to before version 1.0.4, the view filter criteria is exposed to users with read-only permissions in Nextcloud Tables. This issue has been patched in versions 1.0.4 and 2.0.0...

4.3CVSS0.00222EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/01 5:3 p.m.19 views

EUVD-2026-33714

Nextcloud is an open source content collaboration platform. From version 0.8.0 to before version 1.0.4, the view filter criteria is exposed to users with read-only permissions in Nextcloud Tables. This issue has been patched in versions 1.0.4 and 2.0.0...

4.3CVSS5.7AI score0.00222EPSS
Exploits0References3
CVE
CVE
added 2026/06/01 5:3 p.m.26 views

CVE-2026-45544

CVE-2026-45544 affects Nextcloud Tables, part of the Nextcloud platform. From version 0.8.0 to before 1.0.4, the view filter criteria was exposed to users with read‑only permissions, enabling potential disclosure of metadata through the table view. The issue is mitigated by upgrading to Nextcloud...

4.3CVSS5.7AI score0.00222EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

Nextcloud Tables 安全漏洞

NextCloud Tables is an open-source table application developed by NextCloud. There were security vulnerabilities in the version of NextCloud Tables from 0.8.0 to 1.0.4. These vulnerabilities stemmed from view filter conditions being exposed to users with read-only permissions...

4.3CVSS5.3AI score0.00222EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.26 views

PT-2026-45532

Name of the Vulnerable Software and Affected Versions Nextcloud Tables versions 0.8.0 through 1.0.3 Description In Nextcloud Tables, the view filter criteria is exposed to users who possess read-only permissions. Recommendations Update to version 1.0.4 or 2.0.0...

4.3CVSS5.4AI score0.00222EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/26 4:2 p.m.43 views

CVE-2026-44314 Traccar: Missing edit authorization on device image upload allows read-only users to write files

Traccar is an open source GPS tracking system. Prior to 6.13.0, DeviceResource.uploadImage authorizes the target device only through Condition.PermissionUser.class, getUserId, Device.class and then immediately streams the uploaded body into mediaManager.createFileStream.... Unlike the generic...

5.3CVSS0.00185EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

Oban Web 安全漏洞

Oban Web is an embedded real-time backend task monitoring dashboard developed under the Oban Framework open source project. Versions of Oban Web from 2.12.0 to 2.12.5 contained a security vulnerability. This vulnerability originated from the Elixir.Oban.Web.Jobs.DetailComponent module, where the...

5.3CVSS5.8AI score0.0041EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/15 8:36 p.m.7 views

CVE-2026-45386

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, Pin/Unpin is a write operation modifies the message's ispinned , pinnedby, pinnedat fields, but in standard channels it only checks read permission, allowing users with read-only...

4.3CVSS5.8AI score0.00204EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/05/15 7:26 p.m.41 views

CVE-2026-44564 Open WebUI: Read-Only Users Can Modify Collaborative Documents via Socket.IO

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the ydoc:document:update Socket.IO event handler checks whether the sender is a member of the document's Socket.IO room line 678 but does not verify that the sender has write...

5.4CVSS0.0022EPSS
Exploits1References1
Rows per page
Query Builder