Lucene search
K

761 matches found

NVD
NVD
added 3 days ago4 views

CVE-2026-40452

Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB. Authorization bypass in /rest/v2/fastLastQuery exposes last-value data to unauthorized authenticated users. This issue affects Apache IoTDB: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users are recommended to...

7.5CVSS0.00256EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-42838

Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB. Authorization bypass in /rest/v2/fastLastQuery exposes last-value data to unauthorized authenticated users. This issue affects Apache IoTDB: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users are recommended to...

7.5CVSS6.1AI score0.00256EPSS
Exploits0References1
NVD
NVD
added 6 days ago11 views

CVE-2026-48955

An improper access check allows unauthorized users to access workflow stage and transition information...

6.5CVSS0.00208EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-48958 Joomla! Core - [20260712] - Incorrect Access Control in com_fields webservice endpoints

An improper access check allows unauthorized users to create custom fields via webservices endpoints...

6.4CVSS0.00262EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42068

An improper access check allows unauthorized users to create custom fields via webservices endpoints...

6.4CVSS6AI score0.00262EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-48957

An improper access check allows unauthorized users to access comprivacy datasets...

6.4CVSS6AI score0.0024EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/03 8:19 p.m.14 views

CVE-2026-25038

Gitea 1.26.2 contains a Missing Authorization vulnerability that allows unauthorized users to access labels of private organizations. The issue is confirmed across multiple sources; CVSSv3.1 base score is 7.5 (High), with network attack vector and no user interaction required. A fix is available:...

7.5CVSS7.2AI score0.00482EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/16 1:51 p.m.28 views

CVE-2025-14272 Rockwell Automation FactoryTalk Analytics PavilionX

A security issue was identified in Pavilion due to improper authorization enforcement in API endpoints. This vulnerability can allow an unauthorized actor to execute privileged operations, including user/role management and other administrative actions...

8.3CVSS0.00235EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.18 views

PT-2026-48499

🚨 CVE-2026-20259 In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability edit saved search owne...

5.5CVSS5.2AI score0.00189EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.10 views

Microsoft Exchange Server Remote Code Execution Vulnerability

Improper control of generation of code 'code injection' in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network...

8.1CVSS5.7AI score0.00475EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.11 views

CVE-2026-21789

HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios...

4.6CVSS5.5AI score0.00122EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.10 views

CVE-2026-49002

Access control failure means that an application does not effectively check user access permissions, so that unauthorized users can access system data beyond their permissions, such as viewing and modifying configuration information...

9.1CVSS5.5AI score0.00293EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:55 p.m.10 views

CVE-2026-6713

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an unauthorized user to enumerate private projects due to incorrect authorization checks...

5.3CVSS5.8AI score0.00322EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/18 7:17 p.m.14 views

EUVD-2026-30798

HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios...

4.6CVSS5.8AI score0.00122EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.10 views

PT-2026-41722

Name of the Vulnerable Software and Affected Versions HCL Connections affected versions not specified Description Broken access control may allow an unauthorized user to update data in certain scenarios. Recommendations At the moment, there is no information about a newer version that contains a...

4.6CVSS5.8AI score0.00122EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.10 views

chartbrew 安全漏洞

Chartbrew is an open-source data visualization and dashboard building tool developed by Chartbrew. Version 4.9.0 of Chartbrew contains a security vulnerability. This vulnerability stems from the lack of authentication for the POST /api/chart/:chartid/query endpoint. Only the team.allowReportRefre...

7.5CVSS5.8AI score0.00326EPSS
Exploits0References1
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/04/22 12:0 a.m.5 views

[20260709] - Core - Incorrect Access Control in com_workflow

An improper access check allows unauthorized users to access workflow stage and transition information...

6.5CVSS6AI score0.00208EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/04/16 8:41 p.m.3 views

GHSA-VJ45-X3PJ-F4W4 Weblate: Improper access control for pending tasks in API

Impact The API for tasks didn't verify user access for pending tasks. This could expose logs of in-progress operations to users who don't have access to given scope. Patches https://github.com/WeblateOrg/weblate/pull/18515 Workarounds The attacker needs to guess the random UUID of the task, so...

3.1CVSS5.8AI score0.00221EPSS
Exploits0References5
CVE
CVE
added 2026/04/15 5:48 p.m.14 views

CVE-2026-33212

CVE-2026-33212 affects Weblate (web-based localization tool). The vulnerability lies in the tasks API where, in versions prior to 5.17, access control for pending tasks was not enforced, potentially exposing in-progress task logs to users without the proper scope. The attack requires brute-forcin...

3.1CVSS5.8AI score0.00221EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/14 6:30 p.m.11 views

EUVD-2026-22649

Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network...

4.3CVSS5.8AI score0.03447EPSS
Exploits5References2
Rows per page
Query Builder