Lucene search
K

6 matches found

NVD
NVD
added 2026/06/19 7:16 p.m.10 views

CVE-2026-49338

gonic is a music streaming server / free-software subsonic server API implementation. Prior to version 0.21.0, the Subsonic API endpoints /rest/deletePlaylist.view and /rest/getPlaylist.view perform no per-resource authorization. Once authenticated as any user admin or not, an attacker can delete...

7.1CVSS0.00168EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 7:8 p.m.22 views

CVE-2026-49338

The CVE covers gonic, a Subsonic-compatible music server. Before 0.21.0, Subsonic API endpoints /rest/deletePlaylist.view and /rest/getPlaylist.view allowed any authenticated user to delete or read any other user’s private playlist due to missing per-resource authorization. The playlist ID is bas...

7.1CVSS5.9AI score0.00168EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.4 views

PT-2026-29091

Nginx-UI and Affected Versions Nginx-UI versions 2.3.3 and prior Description Nginx-UI contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access, modify, and delete resources belonging to other users. The application's base Model struct lacks a us...

9.9CVSS5.9AI score0.60368EPSS
Exploits18References49
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.15 views

Craft CMS 安全漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions prior to 4.17.8 and 5.9.14 of Craft CMS had security vulnerabilities. These vulnerabilities stemmed from lack of resource-based authorization verification, which could allow unauthorized access to private asset...

5.3CVSS5.8AI score0.00215EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/09/13 9:50 a.m.27 views

Moderate: Red Hat Security Advisory: booth security update

An update for booth is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

6.5CVSS6.5AI score0.00924EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2015/08/12 5:4 a.m.5 views

foreman: API not scoping resources to taxonomies

A flaw was found in the way foreman authorized user actions on resources via the API when an organization was not explicitly set. A remote attacker could use this flaw to obtain additional information about resources they were not authorized to access...

4CVSS5.8AI score0.01925EPSS
Exploits0References4
Rows per page
Query Builder