Lucene search
K

4 matches found

OSV
OSV
added 2026/04/13 5:42 a.m.3 views

BIT-KIBANA-2026-33460 Incorrect Authorization in Kibana Fleet Leading to Information Disclosure

Incorrect Authorization CWE-863 in Kibana can lead to cross-space information disclosure via Privilege Abuse CAPEC-122. A user with Fleet agent management privileges in one Kibana space can retrieve Fleet Server policy details from other spaces through an internal enrollment endpoint. The endpoin...

4.3CVSS5.8AI score0.00175EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/21 3:31 a.m.10 views

Duplicate Advisory: OpenClaw has cross-account DM pairing authorization bypass via unscoped pairing store access

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-vjp8-wprm-2jw9. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.26 contains an authorization bypass vulnerability in the pairing-store access contr...

8.1CVSS5.7AI score0.00165EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/02/09 6:39 p.m.6 views

CVE-2026-24900 MarkUs has a submission-view IDOR exposes all student submissions

MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, the courses//assignments//submissions/htmlcontent accepted a selectfileid parameter to serve SubmissionFile objects containing a record of files submitted by students. This parameter was not correct...

6.5CVSS5.8AI score0.00251EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.3 views

CVE-2026-22251

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, wlc supported providing unscoped API keys in the setting. This practice was discouraged for years, but the code was never removed. This might cause the API key to be leaked to different servers...

5.5CVSS7.1AI score0.00164EPSS
Exploits0References1
Rows per page
Query Builder