Lucene search
K

447 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/06 7:10 p.m.3 views

CVE-2026-35182

Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/id lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to...

8.8CVSS5.9AI score0.00336EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/06 7:10 p.m.15 views

CVE-2026-35182 Missing Authorization Privilege Escalation

Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/id lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to...

8.8CVSS0.00336EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/06 7:10 p.m.3 views

CVE-2026-35182 Missing Authorization Privilege Escalation

Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/id lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to...

8.8CVSS5.9AI score0.00336EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/06 7:10 p.m.5 views

EUVD-2026-19458

Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/id lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to...

8.8CVSS5.9AI score0.00336EPSS
Exploits1References1
CVE
CVE
added 2026/04/06 7:10 p.m.12 views

CVE-2026-35182

Brave CMS (open-source) before version 2.0.6 contains a missing authorization check in the POST /rights/update-role/{id} endpoint (routes/web.php). The update-role action lacked the checkUserPermissions:assign-user-roles middleware, allowing any authenticated user to change account roles and prom...

8.8CVSS5.9AI score0.00336EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.4 views

CVE-2026-25836

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP...

7.2CVSS6AI score0.0176EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.5 views

CVE-2026-31874

Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can manually modify the request payload and assign...

9.8CVSS6AI score0.00638EPSS
Exploits1References1
Snyk
Snyk
added 2026/03/25 5:3 p.m.3 views

Command Injection

Overview modoboa is a Mail hosting made simple Affected versions of this package are vulnerable to Command Injection via the execcmd function. An attacker who has Reseller or SuperAdmin privileges can execute arbitrary operating system commands by supplying specially crafted input, such as domain...

8.6CVSS6.1AI score0.00566EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/03/25 12:25 a.m.3 views

SUSE CVE-2026-29195

Netmaker makes networks with WireGuard. Prior to version 1.5.0, the user update handler PUT /api/users/username lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to...

6.9CVSS5.8AI score0.0023EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/23 12:0 a.m.4 views

Siemens APE1808 Improper Privilege Management (CVE-2025-22254)

An Improper Privilege Management vulnerability CWE-269 affecting Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16 and before 6.4.15, FortiProxy version 7.6.0 through 7.6.1 and before 7.4.7 & FortiWeb version 7.6.0 through 7.6.1 and befo...

7.2CVSS5.8AI score0.00712EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.7 views

PT-2026-26654

Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with beautiful visualizations. In versions from 3.5.1 and prior, a mass assignment vulnerability in Checkmate's user profile update endpoint allows any...

8.1CVSS5.8AI score0.00295EPSS
Exploits1References6
NVD
NVD
added 2026/03/11 7:16 p.m.3 views

CVE-2026-31874

Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can manually modify the request payload and assign...

9.8CVSS0.00638EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/11 6:13 p.m.2 views

CVE-2026-31874

Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can manually modify the request payload and assign...

9.8CVSS5.9AI score0.00638EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/11 6:13 p.m.28 views

CVE-2026-31874 Taskosaur Improper Role Assignment via Parameter Manipulation in User Registration

Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can manually modify the request payload and assign...

9.8CVSS0.00638EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/11 6:13 p.m.2 views

EUVD-2026-11284

Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can manually modify the request payload and assign...

9.8CVSS5.9AI score0.00638EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/11 6:13 p.m.3 views

CVE-2026-31874 Taskosaur Improper Role Assignment via Parameter Manipulation in User Registration

Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can manually modify the request payload and assign...

9.8CVSS5.9AI score0.00638EPSS
Exploits1References2
CVE
CVE
added 2026/03/11 6:13 p.m.10 views

CVE-2026-31874

Technical details about this CVE are not publicly provided in the supplied documents; monitor for updates.

9.8CVSS5.9AI score0.00638EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.7 views

PT-2026-24782

Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can manually modify the request payload and assign...

9.8CVSS5.9AI score0.00638EPSS
Exploits1References7
EUVD
EUVD
added 2026/03/10 6:31 p.m.5 views

EUVD-2026-10532

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox Cloud 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP requests...

7.2CVSS5.9AI score0.0176EPSS
Exploits0References2
NVD
NVD
added 2026/03/10 6:18 p.m.2 views

CVE-2026-25836

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP...

7.2CVSS0.0176EPSS
Exploits0References1
Rows per page
Query Builder