251792 matches found
CVE-2026-44367 Klaw: user lockout due to case sensitivity inconsistency
Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of username case sensitivity, leading to a targeted Denial of Service DoS and complete account...
CVE-2026-44367
Klaw (self-service Apache Kafka Topic Management/Governance tool) is affected prior to v2.10.4 by inconsistent case-sensitivity handling in user registration and login, enabling targeted DoS and complete account lockout. Root cause: username case handling leads to lockout conditions. Impact: Deni...
CVE-2026-7201
CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote authenticated attacker to modify account properties of other users, potentially leading to account...
CVE-2026-7195
CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote unauthenticated attacker to...
CVE-2026-32250
NamelessMC is website software for Minecraft servers. A Reflected Cross-Site Scripting XSS vulnerability was discovered in version 2.2.4 in the id parameter of the endpoint /index.php?route=/queries/user/. The application reflects user-supplied input from the id parameter into the HTML response...
CVE-2026-9522
Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without administrative privileges to delete network discovery scan configurations...
CVE-2026-9590
Improper access control in the permission validation component in Devolutions Server 2026.1.19 and earlier allows an authenticated user with entry edit privileges to modify asset information without the required permission...
CVE-2026-9590
Technical details beyond the description are not publicly provided in the supplied documents. No affected versions, exploit specifics, or remediation steps are confirmed here; monitor for updates from the vendor and standard advisories.
EUVD-2026-33935
Improper access control in the permission validation component in Devolutions Server 2026.1.19 and earlier allows an authenticated user with entry edit privileges to modify asset information without the required permission...
CVE-2026-32250
CVE-2026-32250 affects NamelessMC (Minecraft server website software). The issue is a Reflected XSS in the id parameter of the endpoint “/index.php?route=/queries/user/”. User input is echoed into the HTML response without proper sanitization/output encoding, enabling an attacker to inject JavaSc...
CVE-2026-32250 NamelessMC has Reflected Cross-Site Scripting (XSS) in id parameter of /index.php?route=/queries/user/
NamelessMC is website software for Minecraft servers. A Reflected Cross-Site Scripting XSS vulnerability was discovered in version 2.2.4 in the id parameter of the endpoint /index.php?route=/queries/user/. The application reflects user-supplied input from the id parameter into the HTML response...
CVE-2026-32250
NamelessMC is website software for Minecraft servers. A Reflected Cross-Site Scripting XSS vulnerability was discovered in version 2.2.4 in the id parameter of the endpoint /index.php?route=/queries/user/. The application reflects user-supplied input from the id parameter into the HTML response...
EUVD-2026-33925
NamelessMC is website software for Minecraft servers. A Reflected Cross-Site Scripting XSS vulnerability was discovered in version 2.2.4 in the id parameter of the endpoint /index.php?route=/queries/user/. The application reflects user-supplied input from the id parameter into the HTML response...
CVE-2026-32250 NamelessMC has Reflected Cross-Site Scripting (XSS) in id parameter of /index.php?route=/queries/user/
NamelessMC is website software for Minecraft servers. A Reflected Cross-Site Scripting XSS vulnerability was discovered in version 2.2.4 in the id parameter of the endpoint /index.php?route=/queries/user/. The application reflects user-supplied input from the id parameter into the HTML response...
CVE-2026-7201 CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity
CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote authenticated attacker to modify account properties of other users, potentially leading to account...
CVE-2026-7201
Progress Sitefinity (Progress) is affected by CVE-2026-7201: CWE-639, an authorization bypass through a user-controlled key in web services. A remote authenticated attacker can modify account properties of other users, potentially leading to account compromise, requiring access to values not norm...
CVE-2026-7201 CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity
CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote authenticated attacker to modify account properties of other users, potentially leading to account...
EUVD-2026-33920
CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote authenticated attacker to modify account properties of other users, potentially leading to account...
CVE-2026-7201
CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote authenticated attacker to modify account properties of other users, potentially leading to account...
CVE-2026-7195 CWE-20: Improper Input Validation in web services in Progress Sitefinity
CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote unauthenticated attacker to...