Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Github Security Blog
Github Security Blogadded 2026/05/27 5:17 p.m.6 views

Pimcore: Missing Authorization in WebDAV MOVE via unchecked asset move handling

Summary Pimcore's WebDAV asset endpoint exposes a MOVE operation through /asset/webdavpath without adding an authentication plugin in the WebDAV controller. The Tree::move implementation then performs asset mutation and deletion before checking a current Pimcore user or any asset permissions. An...

6AI score
Exploits0References5Affected Software1
Snyk
Snykadded 2026/03/24 5:28 p.m.1 views

Missing Authorization

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Missing Authorization in the actionMoveToSection process. An attacker can perform unauthorized content changes by sending crafted POST requests to the affected endpoint, allowing them to move...

7.1CVSS5.9AI score0.00013EPSS
Exploits0References2
NVD
NVDadded 2026/02/07 10:16 p.m.3 views

CVE-2026-25566

WeKan versions prior to 8.19 contain an authorization vulnerability in card move logic. A user can specify a destination board/list/swimlane without adequate authorization checks for the destination and without validating that destination objects belong to the destination board, potentially...

7.1CVSS0.00012EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/02/07 9:58 p.m.26 views

CVE-2026-25566 WeKan < 8.19 Cross-board Card Move Without Destination Authorization

WeKan versions prior to 8.19 contain an authorization vulnerability in card move logic. A user can specify a destination board/list/swimlane without adequate authorization checks for the destination and without validating that destination objects belong to the destination board, potentially...

7.1CVSS0.00012EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/02/07 9:58 p.m.5 views

CVE-2026-25566 WeKan < 8.19 Cross-board Card Move Without Destination Authorization

WeKan versions prior to 8.19 contain an authorization vulnerability in card move logic. A user can specify a destination board/list/swimlane without adequate authorization checks for the destination and without validating that destination objects belong to the destination board, potentially...

7.1CVSS5.5AI score0.00012EPSS
Exploits0References3
CNNVD
CNNVDadded 2023/07/24 12:0 a.m.2 views

OTRS 安全漏洞

OTRS is an application from OTRS Germany. A service management software. A security vulnerability exists in OTRS version 8.0.X prior to 8.0.35, which stems from incorrect privilege checking during a move operation, allowing any agent-authenticated attacker to perform a ticket move without the...

4.3CVSS5.1AI score0.00204EPSS
Exploits0References2
Rows per page
Query Builder