Lucene search
K

34 matches found

NVD
NVD
added 2026/06/17 11:17 p.m.9 views

CVE-2026-53676

ThingsBoard contains a prototype pollution vulnerability which may lead to arbitrary code execution within a sandboxed context by a user who can log in to the affected product with the tenant administrator privilege TENANTADMIN...

8.6CVSS0.00603EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/17 10:53 p.m.24 views

CVE-2026-53676

ThingsBoard contains a prototype pollution vulnerability which may lead to arbitrary code execution within a sandboxed context by a user who can log in to the affected product with the tenant administrator privilege TENANTADMIN...

8.6CVSS0.00603EPSS
Exploits0References3
CVE
CVE
added 2026/06/17 10:53 p.m.18 views

CVE-2026-53676

Technical details for CVE-2026-53676 are not publicly provided in the supplied documents. Monitor for updates from official advisories.

8.6CVSS7.8AI score0.00603EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.9 views

CVE-2026-29200

A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call...

9.9CVSS5.4AI score0.00297EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.12 views

CVE-2026-32999

Insufficient character filtering in backup agent signing module on Comet Backup server allows authenticated tenant administrator to execute an arbitrary code on behalf of a privileged user on the affected server and connected devices...

9CVSS6AI score0.00313EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 5:16 a.m.14 views

CVE-2026-32999

Insufficient character filtering in backup agent signing module on Comet Backup server allows authenticated tenant administrator to execute an arbitrary code on behalf of a privileged user on the affected server and connected devices...

9CVSS0.00313EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 4:1 a.m.11 views

CVE-2026-32999

Insufficient character filtering in backup agent signing module on Comet Backup server allows authenticated tenant administrator to execute an arbitrary code on behalf of a privileged user on the affected server and connected devices...

9CVSS6.2AI score0.00313EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 4:1 a.m.29 views

CVE-2026-32999

CVE-2026-32999 affects Comet Backup server; the issue is insufficient character filtering in the backup agent signing module. This vulnerability allows an authenticated tenant administrator to execute arbitrary code on behalf of a privileged user on the affected server and connected devices. The ...

9CVSS6.2AI score0.00313EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 4:1 a.m.34 views

CVE-2026-32999

Insufficient character filtering in backup agent signing module on Comet Backup server allows authenticated tenant administrator to execute an arbitrary code on behalf of a privileged user on the affected server and connected devices...

9CVSS0.00313EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/04 5:42 a.m.6 views

CVE-2026-29200

A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call...

9.9CVSS5.8AI score0.00297EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/04 5:42 a.m.15 views

EUVD-2026-26893

A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call...

9.9CVSS5.8AI score0.00297EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/04 5:42 a.m.6 views

CVE-2026-29200

A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call...

9.9CVSS5.8AI score0.00297EPSS
Exploits0References1
CVE
CVE
added 2026/05/04 5:42 a.m.27 views

CVE-2026-29200

Summary: CVE-2026-29200 is a critical IDOR in Comet Backup affecting versions 20.11.0 through 26.1.1 and 26.2.1. A tenant administrator can impersonate any end-user account of other tenants on the same server via a vulnerable API call. The CVSS score is 9.9 (CRITICAL) with network attack vector, ...

9.9CVSS5.8AI score0.00297EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.14 views

PT-2026-36771

Name of the Vulnerable Software and Affected Versions Comet Backup versions 20.11.0 through 26.1.1 Comet Backup version 26.2.1 Description An Insecure Direct Object Reference IDOR—a flaw where an application provides direct access to objects based on user-supplied input—exists that allows a tenan...

9.9CVSS5.8AI score0.00297EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/22 2:31 p.m.13 views

@saltcorn/data: Tenant user role is used for tenant creation role check

Summary When a tenant admin is logged out of the root domain e.g., saltcorn.com but logged in to their own tenant space as admin, they can simply append /tenant/create to their tenant URL. The system reads the role from the tenant context admin, and a new tenant is created on the root domain in...

5.8AI score
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 8:51 a.m.6 views

CVE-2021-28052

A tenant administrator Hitachi Content Platform HCP may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user non-administrator may view configuration in another tenant without authorization. Thi...

7.5CVSS6.6AI score0.00663EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-14759

Malware in sbrugna...

7.5CVSS6AI score0.00663EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2017-11793

Malware in sbrugna...

4.9CVSS5AI score0.01472EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-51041

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00986EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:27 a.m.6 views

CVE-2024-22272

VMware Cloud Director contains an Improper Privilege Management vulnerability. An authenticated tenant administrator for a given organization within VMware Cloud Director may be able to accidentally disable their organization leading to a Denial of Service for active sessions within their own...

4.9CVSS6.7AI score0.00369EPSS
Exploits0References1
Rows per page
Query Builder