Lucene search
K

428 matches found

EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42241

MISP’s importModule path used getEnabledModule to resolve a single import module by name, but this lookup did not enforce the per-organisation module restriction checked by getEnabledModules. As a result, an authenticated user from an organisation that was not allowed to use a module restricted v...

5.3CVSS5.9AI score0.00207EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 6:0 a.m.16 views

CVE-2026-10835

The CVE-2026-10835 entry concerns the SALESmanago & Leadoo WordPress plugin, affected versions before 3.11.3. The vulnerability arises from improper sanitisation/escaping of a parameter in an AJAX action before it is used in a SQL statement, coupled with missing authorization enforcement for that...

7.7CVSS5.8AI score0.00215EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.9 views

CVE-2026-44413

In JetBrains TeamCity before 2026.1 2025.11.5 authenticated users could expose server API to unauthorised access...

8.2CVSS5.4AI score0.00258EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/22 10:27 a.m.46 views

CVE-2026-3473 Improper file ownership validation in the Boards API allows unauthorised file access

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate file ownership and access control, which allows an authenticated user to access and download files belonging to other users or teams via crafted Boards API requests using valid file IDs...

5.9CVSS0.00149EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 9:20 p.m.8 views

CVE-2026-44448 ERPNext: Unauthorised Document modification due to missing validation

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.102.0 and 16.11.0, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyond their permitted role. This vulnerability is fixed in 15.102.0 and 16.11.0...

5.9CVSS5.8AI score0.00145EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 6:31 p.m.13 views

EUVD-2026-29176

In JetBrains TeamCity before 2026.1 2025.11.5 authenticated users could expose server API to unauthorised access...

8.2CVSS5.8AI score0.00258EPSS
Exploits0References2
NVD
NVD
added 2026/05/11 6:16 p.m.21 views

CVE-2026-44413

In JetBrains TeamCity before 2026.1 2025.11.5 authenticated users could expose server API to unauthorised access...

8.2CVSS0.00258EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/04/06 3:17 p.m.129 views

Exploit for Incorrect Authorization in Pydio Cells

CVE-2023-32749 | Pydio Cells Unauthorised Role Assignment Exp...

8.8CVSS7.2AI score0.14197EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2026/01/26 12:0 a.m.19 views

Dell PowerScale OneFS Unauthorised File Access Vulnerability (DSA-2025-208)

The Dell PowerScale OneFS on the remote device is missing a security patch and is, therefore, affected by a Unauthorised File Access Vulnerability: - Dell PowerScale OneFS, versions 9.5.0.0 = 9.5.1.2 / 9.7.0.0 = 9.7.1.7 / 9.8.0.0 = 9.10.0.1, contain a missing authorization vulnerability in the NF...

9.8CVSS7.3AI score0.00452EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:15 p.m.8 views

CVE-2018-1000640

OpenCart-Overclocked version =1.11.1 contains a Cross Site Scripting XSS vulnerability in User input entered unsanitised within JS function in the template that can result in Unauthorised actions and access to data, stealing session information, denial of service. This attack appear to be...

6.1CVSS6AI score0.00864EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:17 a.m.11 views

CVE-2019-18238

In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account...

7.5CVSS6.3AI score0.00493EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:41 a.m.16 views

CVE-2022-0735

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure...

10CVSS6.1AI score0.13227EPSS
Exploits0References1
NVD
NVD
added 2025/12/18 8:15 a.m.5 views

CVE-2025-13498

The Download Manager plugin for WordPress is vulnerable to unauthorized access of sensitive information in all versions up to, and including, 3.3.32. This is due to missing authorization and capability checks on the wpdmmediaaccess AJAX action. This makes it possible for authenticated attackers,...

4.3CVSS0.00352EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.5 views

PT-2025-52250

In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 an unauthorised user can view configuration files by directly referencing the resource in question. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version...

8.7CVSS6.9AI score0.00262EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/10 1:1 p.m.7 views

EUVD-2024-27069

An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices...

6.5CVSS6.4AI score0.00186EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/26 4:56 p.m.6 views

CVE-2025-41017

Inadequate access control vulnerability in Davantis DDFUSION v6.177.7, which allows unauthorised actors to retrieve perspective parameters from security camera settings by accessing “/cameras//perspective”...

6.9CVSS6.9AI score0.00254EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/24 3:30 p.m.8 views

EUVD-2025-198649

Inadequate access control vulnerability in Davantis DDFUSION v6.177.7, which allows unauthorised actors to retrieve perspective parameters from security camera settings by accessing “/cameras//perspective”...

6.9CVSS6.3AI score0.00254EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/24 12:20 p.m.12 views

CVE-2025-41017 Multiple vulnerabilities in DFUSION by Davantis

Inadequate access control vulnerability in Davantis DDFUSION v6.177.7, which allows unauthorised actors to retrieve perspective parameters from security camera settings by accessing “/cameras//perspective”...

6.9CVSS0.00254EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/24 12:18 p.m.6 views

CVE-2025-41016 Multiple vulnerabilities in DFUSION by Davantis

Inadequate access control vulnerability in Davantis DFUSION v6.177.7, which allows unauthorised actors to extract images and videos related to alarm events through access to “/alarms//”, where the “MEDIA” parameter can take the value of “snapshot” or “video.mp4”. These media files contain images...

8.7CVSS6.5AI score0.00254EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/24 12:18 p.m.13 views

CVE-2025-41016 Multiple vulnerabilities in DFUSION by Davantis

Inadequate access control vulnerability in Davantis DFUSION v6.177.7, which allows unauthorised actors to extract images and videos related to alarm events through access to “/alarms//”, where the “MEDIA” parameter can take the value of “snapshot” or “video.mp4”. These media files contain images...

8.7CVSS0.00254EPSS
Exploits0References1
Rows per page
Query Builder