Lucene search
K

11 matches found

NVD
NVD
added 2026/05/19 9:16 p.m.16 views

CVE-2026-34233

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, multiple admin controllers expose DataTable endpoints without authorization checks, allowing any authenticated user to access sensitive administrative data that should be restricted to administrators onl...

6.5CVSS0.0028EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/11 4:8 p.m.6 views

CVE-2026-42349 Clerk: Authorization bypass when combining organization, billing, or reverification checks

Clerk JavaScript is the official JavaScript repository for Clerk authentication. has, auth.protect, and related authorization predicates in @clerk/shared, @clerk/nextjs, @clerk/backend, and other framework SDKs can return true for certain combined authorization checks when the result should be...

7.6CVSS5.8AI score0.00246EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 4:8 p.m.38 views

CVE-2026-42349 Clerk: Authorization bypass when combining organization, billing, or reverification checks

Clerk JavaScript is the official JavaScript repository for Clerk authentication. has, auth.protect, and related authorization predicates in @clerk/shared, @clerk/nextjs, @clerk/backend, and other framework SDKs can return true for certain combined authorization checks when the result should be...

7.6CVSS0.00246EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/21 11:41 p.m.5 views

EUVD-2026-24574

pyLoad is a free and open-source download manager written in Python. Versions up to and including 0.5.0b3.dev97 cache role and permission in the session at login and continues to authorize requests using these cached values, even after an admin changes the user's role/permissions in the database...

8.8CVSS5.7AI score0.00325EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/12 2:7 p.m.7 views

EUVD-2026-11406

Winter vulnerable to privilege escalation by authenticated backend users...

9.9CVSS5.8AI score0.00486EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/11 9:25 p.m.30 views

CVE-2026-27591 Winter: Privilege escalation by authenticated backend users

Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Prior to 1.0.477, 1.1.12, and 1.2.12, Winter CMS allowed authenticated backend users to escalate their accounts level of access to the system by modifying the roles / permissions assigned to their...

9.9CVSS0.00486EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/08/14 2:24 a.m.25 views

CVE-2025-42936

The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for different user roles, this issue allows authenticated users to access restricted objects in the barcode interface, leading to privilege escalation. This results in a low impac...

5.4CVSS7AI score0.0017EPSS
Exploits0References1
Veracode
Veracode
added 2024/07/03 8:23 a.m.15 views

Improper Access Control

aimeos/ai-admin-graphql is vulnerable to an Improper Access Control. The vulnerability is due to insufficient restrictions or checks on user roles and permissions, allowing an editor to modify and take over an admin account in the back end...

7.1CVSS6.6AI score0.00439EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/06 12:0 a.m.5 views

PT-2024-34584 · Lunary · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions 1.2.2 through 1.2.25 Description: The issue arises due to insufficient backend validation of roles and permissions, enabling unauthorized users to join a project and potentially exploit roles and permissions not...

5.4CVSS5.6AI score0.00298EPSS
Exploits1References7
The Hacker News
The Hacker News
added 2024/03/07 11:11 a.m.26 views

Human vs. Non-Human Identity in SaaS

In today's rapidly evolving SaaS environment, the focus is on human users. This is one of the most compromised areas in SaaS security management and requires strict governance of user roles and permissions, monitoring of privileged users, their level of activity dormant, active, hyperactive, thei...

6.8AI score
Exploits0
OSV
OSV
added 2022/06/14 10:15 a.m.3 views

CVE-2022-32251

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. There is a missing authentication verification for a resource used to change the roles and permissions of a user. This could allow an attacker to change the permissions of any user and gain the privileges of an...

9.8CVSS5.7AI score0.01105EPSS
Exploits0References2
Rows per page
Query Builder