95 matches found
CVE-2026-27608
Parse Dashboard is a standalone dashboard for managing Parse Server apps. In versions 7.3.0-alpha.42 through 9.0.0-alpha.7, the AI Agent API endpoint POST /apps/:appId/agent does not enforce authorization. Authenticated users scoped to specific apps can access any other app's agent endpoint by...
Cisco UCS Manager Software 安全漏洞
Cisco UCS Manager Software is a device management software developed by the American company Cisco. There is a security vulnerability in Cisco UCS Manager Software. This vulnerability stems from the unnecessary permissions assigned at the NX-OS CLI permission level, which may allow attackers with...
PT-2026-21836
Name of the Vulnerable Software and Affected Versions Parse Dashboard versions 7.3.0-alpha.42 through 9.0.0-alpha.7 Description Parse Dashboard, a standalone dashboard for managing Parse Server apps, contains an issue where the AI Agent API endpoint POST /apps/:appId lacks proper authorization...
PT-2026-21948
Name of the Vulnerable Software and Affected Versions Cisco UCS Manager Software affected versions not specified Description A flaw exists in the NX-OS CLI privilege levels of Cisco UCS Manager Software that could allow an authenticated, local attacker with read-only privileges to modify files an...
Devolutions Server 安全漏洞
Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server prior to 2025.3.14.0 contained security vulnerabilities. These vulnerabilities stemmed fro...
CVE-2026-26010
OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services Glue / Redshift / Postgres. Any read-only user can gain access to a highly privileged account, typically which has the...
OpenMetadata 安全漏洞
OpenMetadata is an open-source platform for discovery, observability, and governance, supported by a central metadata storage library, deep lineage, and seamless team collaboration. There were security vulnerabilities in versions of OpenMetadata prior to 1.11.8. These vulnerabilities stemmed from...
Fortinet FortiAuthenticator 安全漏洞
Fortinet FortiAuthenticator is a centralized user identity management solution provided by the American company Fortinet. Vulnerabilities exist in versions 6.6.0 to 6.6.6, 6.5 all versions, 6.4 all versions, and 6.3 all versions of FortiAuthenticator. These vulnerabilities stem from the lack of...
CVE-2026-25565
WeKan versions prior to 8.19 contain an authorization vulnerability where certain card update API paths validate only board read access rather than requiring write permission. This can allow users with read-only roles to perform card updates that should require write access...
PT-2026-6928
Name of the Vulnerable Software and Affected Versions WeKan versions prior to 8.19 Description WeKan contains an authorization issue in certain card update API paths. These paths only validate read access to a board instead of requiring write permission. This allows users with read-only roles to...
BIT-GITEA-2026-20888 Gitea Pull Requests Auto-Merge: Read-Only Users Can Cancel Scheduled Auto-Merge via Web Endpoint (Authorization Bypass)
Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface. A user with read access to pull requests may be able to cancel auto-merges scheduled by other users...
CVE-2023-43183
Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows read-only users to arbitrarily change the password of an admin and hijack their account...
Moxa NPort 6100-G2 Series和Moxa NPort 6200-G2 Series 安全漏洞
The Moxa NPort 6100-G2 Series and Moxa NPort 6200-G2 Series are both a series of secure terminal servers from Moxa Corporation of Taiwan, China. A security vulnerability exists in the Moxa NPort 6100-G2 Series and Moxa NPort 6200-G2 Series that originates from an authenticated user with read-only...
PT-2025-51471
Missing Authorization vulnerability in Milestone Systems XProtect VMS allows users with read-only access to Management Server to have full read/write access to MIP Webhooks API...
CVE-2025-66545 Nextcloud Groupfolders users with read-only permissions for team folder can restore deleted files from trash bin
Nextcloud Groupfolders provides admin-configured folders shared by everyone in a group or team. Prior to 14.0.11, 15.3.12, 16.0.15, 17.0.14, 18.1.8, 19.1.8, and 20.1.2, a user with read-only permission can restore a file from the trash bin. This vulnerability is fixed in 14.0.11, 15.3.12, 16.0.15...
CVE-2025-64483
Wazuh is a security detection, visibility, and compliance open source project. From version 4.9.0 to before 4.13.0, the Wazuh API – Agent Configuration in certain configurations allows authenticated users with read-only API roles to retrieve agent enrollment credentials through the...
CVE-2025-37155
A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability could allow an attacker with read-only privileges to gain administrator access on the affected...
CVE-2025-37155
A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability could allow an attacker with read-only privileges to gain administrator access on the affected...
CVE-2025-37155 Authenticated Privilege Escalation Allows Unauthorized Access in Network Management Interface
A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability could allow an attacker with read-only privileges to gain administrator access on the affected...
PT-2025-47791
Name of the Vulnerable Software and Affected Versions Wazuh versions 4.9.0 through 4.12.9 Description Wazuh, a security detection, visibility, and compliance open source project, has an issue where the API – Agent Configuration, in specific setups, permits authenticated users with read-only API...