Lucene search
K

15 matches found

CVE
CVE
added 2026/06/24 1:20 p.m.10 views

CVE-2026-57307

CVE-2026-57307 describes a vulnerability in the Jenkins Zowe zDevOps Plugin (1.1.3.50.ve350c9b_450b_1 and earlier) where a missing permission check allows users with Overall/Read to initiate connections to attacker-specified URLs using attacker-specified credentials IDs. This can lead to credenti...

4.2CVSS5.8AI score0.0014EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/23 2:48 p.m.3 views

BIT-MONGODB-2026-11933 Post-authentication use-after-free in server-side JavaScript BSON-to-array conversion

A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...

8.8CVSS5.8AI score0.00384EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.13 views

CVE-2026-47744

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/Index had no mount authorization. Any authenticated user could load the page and use its public...

9.9CVSS5.6AI score0.00321EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 7:16 p.m.17 views

CVE-2026-47744

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/Index had no mount authorization. Any authenticated user could load the page and use its public...

9.9CVSS0.00321EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.19 views

PT-2026-44944

Name of the Vulnerable Software and Affected Versions Shopper versions prior to 2.8.0 Description Two authorization defects in the team settings allow an authenticated user to compromise the Role-Based Access Control RBAC system. The endpoint "Settings/Team/Index" lacks mount authorization,...

9.9CVSS6AI score0.00321EPSS
Exploits0References10
CVE
CVE
added 2026/02/24 12:54 p.m.35 views

CVE-2026-23980

Apache Superset CVE-2026-23980 describes an SQL injection issue (improper neutralization of special elements) that can be exploited by an authenticated user with read access via sqlExpression or where parameters. Affected software: Superset versions before 6.0.0. Impact as per CVSS: MEDIUM (5.3),...

6.5CVSS5.7AI score0.00503EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2026/02/24 12:54 p.m.20 views

CVE-2026-23980 Apache Superset: Improper Neutralization of Special Elements used in a SQL Command

Improper Neutralization of Special Elements used in a SQL Command 'SQL Injection' vulnerability in Apache Superset allows an authenticated user with read access to conduct error-based SQL injection via the sqlExpression or where parameters. This issue affects Apache Superset: before 6.0.0. Users...

5.3CVSS0.00503EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/11/12 2:3 p.m.6 views

CVE-2025-11862

A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users to read, update, and delete users via the API...

8.4CVSS6.7AI score0.00311EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/11 1:43 p.m.15 views

CVE-2025-11862 Verve Asset Manager Access Control Vulnerability

A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users to read, update, and delete users via the API...

8.4CVSS0.00311EPSS
Exploits0References1
Prion
Prion
added 2022/03/03 10:15 p.m.19 views

Design/Logic Flaw

A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite existing ones. However, any new or modified rules would not be enabled, and a user with this...

4CVSS4.4AI score0.00544EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/03/03 9:50 p.m.32 views

CVE-2022-23709

A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite existing ones. However, any new or modified rules would not be enabled, and a user with this...

4.3CVSS6.5AI score0.00544EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/03/03 9:50 p.m.42 views

CVE-2022-23709

A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite existing ones. However, any new or modified rules would not be enabled, and a user with this...

4.7AI score0.00544EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/10/23 12:0 a.m.9 views

PT-2019-11868 · Jenkins · Jenkins Global Post Script Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Global Post Script Plugin affected versions not specified Description: The issue is related to a missing permission check in the Jenkins Global Post Script Plugin. This allows users with Overall/Read access to list the scripts availab...

4.3CVSS4.1AI score0.00677EPSS
Exploits0References7
CNVD
CNVD
added 2019/08/23 12:0 a.m.3 views

CloudBees Jenkins VMware Lab Manager Slaves Plugin Authorization Issue Vulnerability (CNVD-2019-30405)

CloudBees Jenkins Hudson Labs is a set of Java-based continuous integration tools from CloudBees, Inc. The product is mainly used to monitor continuous software version release/testing projects and some timed tasks.VMware Lab Manager Slaves Plugin is used in which a plugin for controlling virtual...

6.5CVSS6.9AI score0.01536EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/04/04 12:0 a.m.4 views

PT-2019-11389 · Jenkins · Jenkins Openid Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins openid Plugin affected versions not specified Description: A missing permission check in the OpenIdSsoSecurityRealm.DescriptorImpldoValidate form validation method allows attackers with Overall/Read permission to initiate a connection...

6.5CVSS6.2AI score0.01549EPSS
Exploits0References8
Rows per page
Query Builder