Lucene search
K

12 matches found

NVD
NVD
added 2026/07/03 9:17 p.m.6 views

CVE-2026-28744

Gitea versions up to and including 1.26.1 allow Git smart HTTP requests authenticated with bearer tokens to bypass repository token scope checks...

8.1CVSS0.00343EPSS
Exploits0References4
OSV
OSV
added 2026/06/26 10:31 p.m.3 views

GHSA-WCR3-9X4C-F5GJ Blnk has an API key authorization bypass in owner and scope enforcement

Blnk API key endpoints had an authorization issue that allowed non-master API keys to perform key-management actions outside their intended authorization boundary. In affected versions, API key operations trusted caller-controlled request values for owner and scope decisions. As a result, a...

5.7AI score
Exploits0References2
EUVD
EUVD
added 2026/06/25 4:16 p.m.5 views

EUVD-2026-39471

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...

8.1CVSS5.8AI score0.00301EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/30 6:20 p.m.30 views

CVE-2026-40904 Chartbrew: Incorrect Access Control in dataset and dataRequest routes via team-scoped permission checks

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest endpoints that authorize low-privileged project members at the team level instead of binding the...

8.1CVSS0.00235EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/28 6:9 p.m.3 views

CVE-2026-41375 OpenClaw < 2026.3.28 - Authorization Bypass in /phone arm and /phone disarm Endpoints

OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the /phone arm and /phone disarm endpoints that fails to properly enforce operator.admin scope checks for external channels. Attackers can bypass authentication restrictions to arm or disarm phone channels without proper...

7.1CVSS5.3AI score0.00331EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/10 7:39 p.m.8 views

Ech0: Scoped admin access tokens can bypass least-privilege controls on privileged endpoints, including backup export

Summary Ech0 scoped access tokens do not reliably enforce least privilege: multiple privileged admin routes omit scope checks, and the backup export handler strips token scope metadata entirely, allowing a low-scope admin access token to reach broader admin functionality than intended. Impact An...

5.9AI score
Exploits0References3Affected Software1
CVE
CVE
added 2026/01/27 9:7 a.m.319 views

CVE-2026-21721

CVE-2026-21721 — Grafana dashboard permissions scope bypass. The exposed issue arises because the dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions:* action. An authenticated user with permission-management rights on one dashboard can ...

8.1CVSS5.9AI score0.00647EPSS
Exploits1References10Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/17 7:43 p.m.12 views

CVE-2024-45606 Improper authorization on muting of alert rules in sentry

Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does not need to be a member of the organization or have permissions on the project. In our review, we...

7.1CVSS7AI score0.00358EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/09/01 2:15 a.m.4 views

CVE-2022-36130

HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized users of another scope. Fixed in Boundary 0.10.2...

9.9CVSS5.8AI score0.00417EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/05/04 1:51 p.m.22 views

CVE-2022-25779 Insufficient scope checks allows adding unrelated audit log entries

Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log. This issue affects: Secomea GateManager versions prior to 9.7...

4.3CVSS4.9AI score0.00517EPSS
Exploits0References1
CNVD
CNVD
added 2018/05/17 12:0 a.m.5 views

Octopus Deploy Security Restriction Bypass Vulnerability

Octopus Deploy is an automation tool from Octopus Deploy Australia for development and deployment of . A security vulnerability exists in Octopus Deploy versions prior to 2018.4.7, which stems from the program's failure to check variable scopes for target and tenant labels against a list of tenan...

7.5CVSS6.8AI score0.01271EPSS
Exploits0References1
CNVD
CNVD
added 2015/02/26 12:0 a.m.3 views

Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2015-01286)

Mozilla Firefox is a web browser developed by the Mozilla Foundation in conjunction with the open source community. Mozilla Firefox suffers from a buffer overflow vulnerability because it fails to scope check properly before copying user-supplied data into a sufficiently sized buffer, allowing an...

6.8CVSS7.7AI score0.06029EPSS
Exploits0References1
Rows per page
Query Builder