Lucene search
K

13 matches found

NVD
NVD
added 3 days ago7 views

CVE-2026-12686

An authenticated user could manipulate a company ID parameter in a POST request to the backend to gain unauthorised access to other companies hosted within the same subdomain environment. The application does not adequately verify whether the requested company ID belongs to the authenticated user...

9.3CVSS0.00309EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.6 views

PT-2026-51591

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description A query-construction flaw in client list endpoints allows authenticated clients to bypass tenant scoping and retrieve data from other clients. The issue occurs in the getSearchQuery functions of...

7.1CVSS5.8AI score0.00282EPSS
Exploits0References8
NVD
NVD
added 2026/06/12 4:17 a.m.15 views

CVE-2026-47365

Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account...

9.9CVSS0.00409EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.14 views

CVE-2026-39910

STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT...

9.8CVSS5.6AI score0.00302EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 8:47 p.m.18 views

CVE-2026-43948

Summary (CVE-2026-43948 / GHSA-mhc8-p3jx-84mm): In wger, password reset and gym-permissions edits allow a user with gym.manage_gym and gym=None to reset another gym=None user’s password and receive the plaintext password in the HTML response. Root cause: Django ORM object comparison (request.user...

9.9CVSS5.9AI score0.00371EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/13 7:23 p.m.3 views

CVE-2026-32252

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.9.0, a cross-tenant authorization bypass exists in Chartbrew in GET /team/:teamid/template/generate/:projectid. The GET handler calls checkAccessreq,...

7.7CVSS5.8AI score0.00285EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/10 7:17 p.m.19 views

CVE-2026-32252 Chartbrew Cross-Tenant Template Export and Secret Disclosure in `GET /team/:team_id/template/generate/:project_id`

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.9.0, a cross-tenant authorization bypass exists in Chartbrew in GET /team/:teamid/template/generate/:projectid. The GET handler calls checkAccessreq,...

7.7CVSS0.00285EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.3 views

PT-2026-24189

Name of the Vulnerable Software and Affected Versions OneUptime versions prior to 10.0.21 Description A low-privileged user can bypass authorization and tenant isolation in OneUptime by sending a forged is-multi-tenant-query header along with a controlled projectid header. The server incorrectly...

9.9CVSS5.8AI score0.00494EPSS
Exploits1References12
RedhatCVE
RedhatCVE
added 2026/03/09 8:2 a.m.5 views

CVE-2026-30857

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a cross-tenant authorization bypass in the knowledge base copy endpoint allows any authenticated user to clone duplicate another tenant’s knowledge base into their own tena...

5.3CVSS5.7AI score0.00222EPSS
Exploits1References1
NVD
NVD
added 2026/03/07 5:15 p.m.7 views

CVE-2026-30857

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a cross-tenant authorization bypass in the knowledge base copy endpoint allows any authenticated user to clone duplicate another tenant’s knowledge base into their own tena...

5.3CVSS0.00222EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/07 12:0 a.m.8 views

WeKnora 访问控制错误漏洞

WeKnora is an open-source framework based on LLM developed by Tencent. It features deep document understanding using the RAG paradigm, semantic retrieval, and context-aware answers. Prior to version 0.3.2 of WeKnora, there was an access control vulnerability. This vulnerability stemmed from an...

8.8CVSS7.4AI score0.00328EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.6 views

PT-2026-23800

Name of the Vulnerable Software and Affected Versions WeKnora versions prior to 0.3.0 Description WeKnora is a framework for deep document understanding and semantic retrieval. A cross-tenant authorization bypass exists in the knowledge base copy endpoint. An authenticated user can clone another...

9.9CVSS5.8AI score0.22162EPSS
Exploits70References137
OSV
OSV
added 2012/01/13 6:55 p.m.1 views

DEBIAN-CVE-2012-0030

Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified projectid URI parameter...

4.9CVSS6.8AI score0.01758EPSS
Exploits0References1
Rows per page
Query Builder