Lucene search
K

4 matches found

NVD
NVD
added 2026/05/13 10:16 p.m.16 views

CVE-2026-44426

ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/namespaces/:tenant returns the full namespace object — including the members list user IDs, e-mails, roles, settings, and device counts — to any caller authenticated by an API Key, for any tenant, regardless of the API Key's own...

6.5CVSS0.00308EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.20 views

PT-2026-38405

Name of the Vulnerable Software and Affected Versions ShellHub versions prior to 0.24.2 Description An issue exists where the endpoint "/api/namespaces/:tenant" returns the complete namespace object to any caller authenticated via an API Key, regardless of the API Key's tenant scope. This object...

6.5CVSS5.8AI score0.00308EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/10/29 9:32 a.m.12 views

CVE-2025-41090

microCLAUDIA in v3.2.0 and prior has an improper access control vulnerability. This flaw allows an authenticated user to perform unauthorized actions on other organizations' systems by sending direct API requests. To do so, the attacker can use organization identifiers obtained through a...

7.6CVSS6.8AI score0.00309EPSS
Exploits0References1
OSV
OSV
added 2020/07/08 2:15 p.m.3 views

CVE-2020-3973

The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged...

8.8CVSS7.4AI score0.01119EPSS
Exploits0References1
Rows per page
Query Builder