Lucene search
K

53 matches found

EUVD
EUVD
added 2026/06/24 12:30 a.m.9 views

EUVD-2026-38636

Fortra File Integrity Monitoring FIM, formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permissions to users created by the tetool import command while FIM is running, particularly when the import also creates or changes roles or role-permission...

4.4CVSS5.9AI score0.00101EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 10:16 a.m.12 views

CVE-2026-53911

Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. In affected entities that did not explicitly mark id as inaccessible, an authenticated attacker could submit a crafted edit...

6.3CVSS0.00207EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 8:35 p.m.9 views

GHSA-C3QP-2GGW-XJG7 Shopper: Authorization bypass and RBAC privilege escalation in team settings

Impact Two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system: - Settings/Team/Index had no mount authorization. Any authenticated user could load the page and use its public actions to create new roles and delete other users,...

9.9CVSS5.6AI score0.00321EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:58 p.m.9 views

CVE-2026-47744

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/Index had no mount authorization. Any authenticated user could load the page and use its public...

9.9CVSS6AI score0.00321EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/18 4:34 p.m.2 views

GHSA-F946-9QP6-VGCH shopper/framework: Authorization bypass in multiple Livewire admin components

Impact Multiple Livewire components in the admin panel allowed an authenticated low-privilege user to mutate data without the required permission: - Order detail Filament actions cancel, mark paid, mark complete, capture payment, archive, start processing were callable with readorders only and di...

8.1CVSS5.8AI score0.00258EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.13 views

PT-2026-40838

Name of the Vulnerable Software and Affected Versions Drupal Colorbox Inline versions 0.0.0 through 2.1.0 Description An issue in the Drupal Colorbox Inline module, which allows opening page content within a colorbox, occurs because the module does not sufficiently sanitize the data-colorbox-inli...

5.8AI score0.00177EPSS
Exploits0References3
CVE
CVE
added 2026/05/11 4:8 p.m.31 views

CVE-2026-42349

CVE-2026-42349 - Clerk authorization bypass : Cler k JS ecosystem components (@clerk/shared, @clerk/nextjs, @clerk/backend, and related SDKs) can incorrectly return true for combined authorization checks in has()/auth.protect(), allowing a gated action to proceed when a user does not satisfy all ...

8.1CVSS5.8AI score0.00246EPSS
Exploits0References1Affected Software17
Github Security Blog
Github Security Blog
added 2026/04/24 4:17 p.m.16 views

Kimai has Missing Object-Level Authorization in the Team API

Summary The Team API endpoints use IsGranted'editteam' instead of IsGranted'edit', 'team', causing Symfony TeamVoter to abstain from voting. This removes entity-level ownership checks on team operations, allowing any user with the editteam permission to modify any team, not just teams they are...

3.3CVSS5.5AI score0.00247EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/04/22 12:16 a.m.7 views

CVE-2026-41133

pyLoad is a free and open-source download manager written in Python. Versions up to and including 0.5.0b3.dev97 cache role and permission in the session at login and continues to authorize requests using these cached values, even after an admin changes the user's role/permissions in the database...

8.8CVSS0.00325EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/21 11:41 p.m.5 views

CVE-2026-41133

pyLoad is a free and open-source download manager written in Python. Versions up to and including 0.5.0b3.dev97 cache role and permission in the session at login and continues to authorize requests using these cached values, even after an admin changes the user's role/permissions in the database...

8.8CVSS5.7AI score0.00325EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/08 7:13 a.m.11 views

CVE-2026-2075

A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected is the function saveRolePermission of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\RoleController.java of the component Role-Permission Binding Handler. The...

8.8CVSS6.1AI score0.00309EPSS
Exploits1References1
OSV
OSV
added 2026/02/07 6:16 a.m.5 views

CVE-2026-2075

A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected is the function saveRolePermission of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\RoleController.java of the component Role-Permission Binding Handler. The...

8.8CVSS5.4AI score0.00309EPSS
Exploits1References6
EUVD
EUVD
added 2026/02/07 5:2 a.m.9 views

EUVD-2026-5748

A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected is the function saveRolePermission of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\RoleController.java of the component Role-Permission Binding Handler. The...

6.5CVSS5.1AI score0.00309EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/02/07 5:2 a.m.4 views

CVE-2026-2075 yeqifu warehouse Role-Permission Binding RoleController.java saveRolePermission access control

A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected is the function saveRolePermission of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\RoleController.java of the component Role-Permission Binding Handler. The...

6.5CVSS5.2AI score0.00309EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/02/07 5:2 a.m.30 views

CVE-2026-2075 yeqifu warehouse Role-Permission Binding RoleController.java saveRolePermission access control

A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected is the function saveRolePermission of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\RoleController.java of the component Role-Permission Binding Handler. The...

6.5CVSS0.00309EPSS
Exploits1References6
CVE
CVE
added 2026/02/07 5:2 a.m.17 views

CVE-2026-2075

The CVE-2026-2075 entry concerns yeqifu warehouse. Affected component is the Role-Permission Binding Handler, specifically saveRolePermission in dataset/repos/warehouse/src/main/java/com/yeqifu/sys/controller/RoleController.java. The flaw is improper access controls, enabling remote exploitation....

8.8CVSS6.2AI score0.00309EPSS
Exploits1References6Affected Software1
CNNVD
CNNVD
added 2026/02/07 12:0 a.m.8 views

warehouse 访问控制错误漏洞

Warehouse is a small-scale warehouse logistics management system developed by Yeqifu, based on Spring Boot. There is an access control vulnerability in Warehouse, which stems from improper access control in the role permission binding processing program...

8.8CVSS6.6AI score0.00309EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/02/07 12:0 a.m.12 views

PT-2026-6876

Name of the Vulnerable Software and Affected Versions yeqifu warehouse versions prior to aaf29962ba407d22d991781de28796ee7b4670e4 Description A security flaw exists due to improper access controls. The issue is located in the saveRolePermission function within the file...

6.5CVSS5.4AI score0.00309EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-16067

Malware in sbrugna...

8.8CVSS8.8AI score0.0065EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-44157

Malicious code in bioql PyPI...

7.7CVSS6.6AI score0.0053EPSS
Exploits0References3
Rows per page
Query Builder