Lucene search
+L

95 matches found

NVD
NVD
added 2026/02/25 3:16 a.m.10 views

CVE-2026-27608

Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint POST /apps/:appId/agent does not enforce authorization. Authenticated users scoped to specific apps can access any other app's agent endpoint by...

9.3CVSS0.0022EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.11 views

Cisco UCS Manager Software 安全漏洞

Cisco UCS Manager Software is a device management software developed by the American company Cisco. There is a security vulnerability in Cisco UCS Manager Software. This vulnerability stems from the unnecessary permissions assigned at the NX-OS CLI permission level, which may allow attackers with...

4.4CVSS5.8AI score0.00095EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.7 views

PT-2026-21836

Name of the Vulnerable Software and Affected Versions Parse Dashboard versions 7.3.0-alpha.42 through 9.0.0-alpha.7 Description Parse Dashboard, a standalone dashboard for managing Parse Server apps, contains an issue where the AI Agent API endpoint POST /apps/:appId lacks proper authorization...

9.3CVSS5.9AI score0.0022EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.47 views

PT-2026-21948

Name of the Vulnerable Software and Affected Versions Cisco UCS Manager Software affected versions not specified Description A flaw exists in the NX-OS CLI privilege levels of Cisco UCS Manager Software that could allow an authenticated, local attacker with read-only privileges to modify files an...

4.4CVSS5.2AI score0.00095EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.21 views

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server prior to 2025.3.14.0 contained security vulnerabilities. These vulnerabilities stemmed fro...

6.5CVSS5.8AI score0.00301EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/13 1:30 a.m.7 views

CVE-2026-26010

OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services Glue / Redshift / Postgres. Any read-only user can gain access to a highly privileged account, typically which has the...

7.6CVSS5.5AI score0.00331EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.8 views

OpenMetadata 安全漏洞

OpenMetadata is an open-source platform for discovery, observability, and governance, supported by a central metadata storage library, deep lineage, and seamless team collaboration. There were security vulnerabilities in versions of OpenMetadata prior to 1.11.8. These vulnerabilities stemmed from...

7.6CVSS7.1AI score0.00331EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.8 views

Fortinet FortiAuthenticator 安全漏洞

Fortinet FortiAuthenticator is a centralized user identity management solution provided by the American company Fortinet. Vulnerabilities exist in versions 6.6.0 to 6.6.6, 6.5 all versions, 6.4 all versions, and 6.3 all versions of FortiAuthenticator. These vulnerabilities stem from the lack of...

7.2CVSS5.8AI score0.00336EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/07 9:58 p.m.5 views

CVE-2026-25565

WeKan versions prior to 8.19 contain an authorization vulnerability where certain card update API paths validate only board read access rather than requiring write permission. This can allow users with read-only roles to perform card updates that should require write access...

7.1CVSS5.3AI score0.00277EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/07 12:0 a.m.13 views

PT-2026-6928

Name of the Vulnerable Software and Affected Versions WeKan versions prior to 8.19 Description WeKan contains an authorization issue in certain card update API paths. These paths only validate read access to a board instead of requiring write permission. This allows users with read-only roles to...

7.1CVSS5.4AI score0.00277EPSS
Exploits0References6
OSV
OSV
added 2026/01/30 8:40 a.m.3 views

BIT-GITEA-2026-20888 Gitea Pull Requests Auto-Merge: Read-Only Users Can Cancel Scheduled Auto-Merge via Web Endpoint (Authorization Bypass)

Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface. A user with read access to pull requests may be able to cancel auto-merges scheduled by other users...

4.3CVSS5.9AI score0.00303EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/09 12:39 p.m.4 views

CVE-2023-43183

Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows read-only users to arbitrarily change the password of an admin and hijack their account...

8.8CVSS7AI score0.01178EPSS
Exploits3References1
CNNVD
CNNVD
added 2025/12/31 12:0 a.m.4 views

Moxa NPort 6100-G2 Series和Moxa NPort 6200-G2 Series 安全漏洞

The Moxa NPort 6100-G2 Series and Moxa NPort 6200-G2 Series are both a series of secure terminal servers from Moxa Corporation of Taiwan, China. A security vulnerability exists in the Moxa NPort 6100-G2 Series and Moxa NPort 6200-G2 Series that originates from an authenticated user with read-only...

7.7CVSS6.3AI score0.0032EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.6 views

PT-2025-51471

Missing Authorization vulnerability in Milestone Systems XProtect VMS allows users with read-only access to Management Server to have full read/write access to MIP Webhooks API...

6.3CVSS6.9AI score0.00186EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/05 5:44 p.m.28 views

CVE-2025-66545 Nextcloud Groupfolders users with read-only permissions for team folder can restore deleted files from trash bin

Nextcloud Groupfolders provides admin-configured folders shared by everyone in a group or team. Prior to 14.0.11, 15.3.12, 16.0.15, 17.0.14, 18.1.8, 19.1.8, and 20.1.2, a user with read-only permission can restore a file from the trash bin. This vulnerability is fixed in 14.0.11, 15.3.12, 16.0.15...

3.5CVSS0.00239EPSS
Exploits0References4
NVD
NVD
added 2025/11/21 6:15 p.m.8 views

CVE-2025-64483

Wazuh is a security detection, visibility, and compliance open source project. From version 4.9.0 to before 4.13.0, the Wazuh API – Agent Configuration in certain configurations allows authenticated users with read-only API roles to retrieve agent enrollment credentials through the...

5.3CVSS0.00228EPSS
Exploits0References2
OSV
OSV
added 2025/11/18 7:15 p.m.6 views

CVE-2025-37155

A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability could allow an attacker with read-only privileges to gain administrator access on the affected...

7.8CVSS5.8AI score0.00114EPSS
Exploits0References1
NVD
NVD
added 2025/11/18 7:15 p.m.7 views

CVE-2025-37155

A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability could allow an attacker with read-only privileges to gain administrator access on the affected...

7.8CVSS0.00114EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/18 6:40 p.m.14 views

CVE-2025-37155 Authenticated Privilege Escalation Allows Unauthorized Access in Network Management Interface

A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability could allow an attacker with read-only privileges to gain administrator access on the affected...

7.8CVSS0.00114EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/05 12:0 a.m.18 views

PT-2025-47791

Name of the Vulnerable Software and Affected Versions Wazuh versions 4.9.0 through 4.12.9 Description Wazuh, a security detection, visibility, and compliance open source project, has an issue where the API – Agent Configuration, in specific setups, permits authenticated users with read-only API...

6.5CVSS5.4AI score0.00228EPSS
Exploits0References9
Rows per page
Query Builder