Lucene search
+L

68 matches found

euvd
euvd
added 2026/06/24 7:14 a.m.12 views

EUVD-2026-38701

In the Linux kernel, the following vulnerability has been resolved: batman-adv: tpmeter: avoid use of uninit sender vars batadvtprecvack and batadvtpstop are only valid for tpvars in the BATADVTPSENDER role. When called with a BATADVTPRECEIVER role, it proceeds to read sender-only members that we...

5.8AI score0.00404EPSS
Exploits0References8
euvd
euvd
added 2026/06/23 3:34 p.m.10 views

EUVD-2026-38463

NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the handleApprovalsResponse function that fails to verify responder role authorization. Attackers with a valid questionId can approve or reject privileged actions like package installation by submitting approval response...

7.1CVSS5.9AI score0.00213EPSS
Exploits0References3
osv
osv
added 2026/06/23 2:25 p.m.3 views

CVE-2026-27604 FOSSBilling: Improper API Role Validation (system) Enables Unauthenticated Access to Privileged Admin Functions

FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization bypass in the API role handling allows unauthenticated access to privileged /api/system/ endpoints. Because system resolves to the cron admin identity,...

10CVSS5.9AI score0.00408EPSS
Exploits0References5
veracode
veracode
added 2026/05/23 5:47 a.m.6 views

Improper Authorization

Open WebUI is vulnerable to improper authorization. The vulnerability is due to improper validation of authorized user roles in the API, which allows a pending user account to bypass intended access restrictions and gain unauthorized access to the web application...

7.3CVSS5.8AI score0.0023EPSS
Exploits1References2Affected Software1
redhatcve
redhatcve
added 2026/05/20 7:57 p.m.9 views

CVE-2026-31070

The LalanaChami Pharmacy Management System commit 5c3d028 allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/signup endpoint fails to validate the role parameter in the request body...

9.8CVSS5.8AI score0.00476EPSS
Exploits0References1
nvd
nvd
added 2026/05/19 4:16 p.m.32 views

CVE-2026-31070

The LalanaChami Pharmacy Management System commit 5c3d028 allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/signup endpoint fails to validate the role parameter in the request body...

9.8CVSS0.00476EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/19 12:0 a.m.12 views

Pharmacy Management System 安全漏洞

The Pharmacy Management System MPMS is a multilingual pharmacy management system developed by Mayuri K. The Pharmacy Management System 5c3d028 version has a security vulnerability. This vulnerability stems from the /api/user/signup endpoint, which fails to validate the role parameter in the reque...

9.8CVSS5.8AI score0.00476EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/05/19 12:0 a.m.6 views

CVE-2026-31070

The LalanaChami Pharmacy Management System commit 5c3d028 allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/signup endpoint fails to validate the role parameter in the request body...

5.8AI score0.00476EPSS
Exploits0References3
euvd
euvd
added 2026/05/19 12:0 a.m.12 views

EUVD-2026-30945

The LalanaChami Pharmacy Management System commit 5c3d028 allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/signup endpoint fails to validate the role parameter in the request body...

5.8AI score0.00476EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/05/15 8:59 p.m.8 views

CVE-2026-44567

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, the API does not properly validate that the user has an authorized user role of user. By default, when Open WebUI is configured with new sign-ups enabled, the default user role is...

7.3CVSS5.8AI score0.0023EPSS
Exploits1References2Affected Software1
euvd
euvd
added 2026/05/15 8:59 p.m.18 views

EUVD-2026-30643

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, the API does not properly validate that the user has an authorized user role of user. By default, when Open WebUI is configured with new sign-ups enabled, the default user role is...

7.3CVSS5.8AI score0.0023EPSS
Exploits1References1
nvd
nvd
added 2026/05/15 9:16 a.m.26 views

CVE-2026-6228

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field update mechanism combined with overly permissive capabilities for the adminform post type. The...

8.8CVSS0.00325EPSS
Exploits0References5
nvd
nvd
added 2026/05/14 7:16 a.m.38 views

CVE-2026-5193

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.5.13. This is due to insufficient role validation in the 'registeruser' function, which only blocks the 'administrator' rol...

6.5CVSS0.00238EPSS
Exploits0References2
euvd
euvd
added 2026/05/14 6:44 a.m.10 views

EUVD-2026-30248

The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.5.13. This is due to insufficient role validation in the 'registeruser' function, which only blocks the 'administrator' rol...

6.5CVSS5.8AI score0.00238EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/04/28 6:9 p.m.4 views

CVE-2026-41382 OpenClaw < 2026.3.31 - Discord Voice Ingress Authorization Bypass via Channel and Role Validation Gaps

OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord voice ingress that allows attackers to bypass channel and member allowlist restrictions. Attackers can exploit stale-role validation gaps and improper channel name validation to gain unauthorized access to...

5.4CVSS5.2AI score0.00222EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/04/28 6:9 p.m.3 views

CVE-2026-41382

OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord voice ingress that allows attackers to bypass channel and member allowlist restrictions. Attackers can exploit stale-role validation gaps and improper channel name validation to gain unauthorized access to...

5.4CVSS5.2AI score0.00222EPSS
Exploits0References4
cvelist
cvelist
added 2026/04/28 6:9 p.m.36 views

CVE-2026-41382 OpenClaw < 2026.3.31 - Discord Voice Ingress Authorization Bypass via Channel and Role Validation Gaps

OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord voice ingress that allows attackers to bypass channel and member allowlist restrictions. Attackers can exploit stale-role validation gaps and improper channel name validation to gain unauthorized access to...

5.4CVSS0.00222EPSS
Exploits0References3
cve
cve
added 2026/04/28 6:9 p.m.11 views

CVE-2026-41382

OpenClaw npm package contains an authorization bypass vulnerability in Discord voice ingress prior to version 2026.3.31. The issue stems from channel and member allowlist validation gaps, including stale-role validation and improper channel name validation, enabling access to restricted voice cha...

5.4CVSS5.3AI score0.00222EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/04/28 6:9 p.m.3 views

CVE-2026-41382 OpenClaw < 2026.3.31 - Discord Voice Ingress Authorization Bypass via Channel and Role Validation Gaps

OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord voice ingress that allows attackers to bypass channel and member allowlist restrictions. Attackers can exploit stale-role validation gaps and improper channel name validation to gain unauthorized access to...

2.3CVSS6AI score0.00222EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/04/28 12:0 a.m.10 views

PT-2026-35767

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description An authorization bypass exists in the Discord voice ingress. This issue allows attackers to circumvent channel and member allowlist restrictions by exploiting improper channel name validation an...

5.4CVSS5.8AI score0.00222EPSS
Exploits0References6
Rows per page
Query Builder