761 matches found
CVE-2026-40452
Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB. Authorization bypass in /rest/v2/fastLastQuery exposes last-value data to unauthorized authenticated users. This issue affects Apache IoTDB: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users are recommended to...
EUVD-2026-42838
Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB. Authorization bypass in /rest/v2/fastLastQuery exposes last-value data to unauthorized authenticated users. This issue affects Apache IoTDB: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users are recommended to...
CVE-2026-48955
An improper access check allows unauthorized users to access workflow stage and transition information...
CVE-2026-48958 Joomla! Core - [20260712] - Incorrect Access Control in com_fields webservice endpoints
An improper access check allows unauthorized users to create custom fields via webservices endpoints...
EUVD-2026-42068
An improper access check allows unauthorized users to create custom fields via webservices endpoints...
CVE-2026-48957
An improper access check allows unauthorized users to access comprivacy datasets...
CVE-2026-25038
Gitea 1.26.2 contains a Missing Authorization vulnerability that allows unauthorized users to access labels of private organizations. The issue is confirmed across multiple sources; CVSSv3.1 base score is 7.5 (High), with network attack vector and no user interaction required. A fix is available:...
CVE-2025-14272 Rockwell Automation FactoryTalk Analytics PavilionX
A security issue was identified in Pavilion due to improper authorization enforcement in API endpoints. This vulnerability can allow an unauthorized actor to execute privileged operations, including user/role management and other administrative actions...
PT-2026-48499
🚨 CVE-2026-20259 In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507.23, 10.0.2503.14, and 9.3.2411.131, a user who holds a Splunk role that contains the high-privilege capability edit saved search owne...
Microsoft Exchange Server Remote Code Execution Vulnerability
Improper control of generation of code 'code injection' in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network...
CVE-2026-21789
HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios...
CVE-2026-49002
Access control failure means that an application does not effectively check user access permissions, so that unauthorized users can access system data beyond their permissions, such as viewing and modifying configuration information...
CVE-2026-6713
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an unauthorized user to enumerate private projects due to incorrect authorization checks...
EUVD-2026-30798
HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios...
PT-2026-41722
Name of the Vulnerable Software and Affected Versions HCL Connections affected versions not specified Description Broken access control may allow an unauthorized user to update data in certain scenarios. Recommendations At the moment, there is no information about a newer version that contains a...
chartbrew 安全漏洞
Chartbrew is an open-source data visualization and dashboard building tool developed by Chartbrew. Version 4.9.0 of Chartbrew contains a security vulnerability. This vulnerability stems from the lack of authentication for the POST /api/chart/:chartid/query endpoint. Only the team.allowReportRefre...
[20260709] - Core - Incorrect Access Control in com_workflow
An improper access check allows unauthorized users to access workflow stage and transition information...
GHSA-VJ45-X3PJ-F4W4 Weblate: Improper access control for pending tasks in API
Impact The API for tasks didn't verify user access for pending tasks. This could expose logs of in-progress operations to users who don't have access to given scope. Patches https://github.com/WeblateOrg/weblate/pull/18515 Workarounds The attacker needs to guess the random UUID of the task, so...
CVE-2026-33212
CVE-2026-33212 affects Weblate (web-based localization tool). The vulnerability lies in the tasks API where, in versions prior to 5.17, access control for pending tasks was not enforced, potentially exposing in-progress task logs to users without the proper scope. The attack requires brute-forcin...
EUVD-2026-22649
Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network...