Lucene search
K

1763 matches found

NVD
NVD
added 2 days ago8 views

CVE-2026-57676

Authorization Bypass Through User-Controlled Key vulnerability in Matteo Manna Simple User Avatar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple User Avatar: from n/a through 4.9...

4.3CVSS0.00183EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-40056

Authorization Bypass Through User-Controlled Key vulnerability in Matteo Manna Simple User Avatar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Simple User Avatar: from n/a through 4.9...

4.3CVSS5.8AI score0.00183EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in golang-github-emicklei-go-restful

Authorization bypass through user-controlled keys in the GitHub repository in the emicklei/go-restful library, prior to version 3.8.0...

9.3CVSS7.4AI score0.02737EPSS
Exploits1References1
Snyk
Snyk
added 2026/06/16 5:34 p.m.6 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the monitor API endpoints, which lack proper ownership enforcement. An attacker can read, modify, rename, or permanently delete another user's messages, sessions, build artifacts, and...

8.8CVSS5.9AI score0.00291EPSS
Exploits1References2
NVD
NVD
added 2026/06/15 11:16 p.m.10 views

CVE-2026-48599

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In...

7.6CVSS0.00273EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49532

Name of the Vulnerable Software and Affected Versions elixir-grpc versions 0.8.0 through 0.9.x Description Authenticated attackers can access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. This occurs in...

7.6CVSS5.3AI score0.00273EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/12 6:13 p.m.31 views

CVE-2026-42947 Naxclow IoT Platform Authorization bypass through User-Controlled key

A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account. Because the affected endpoints validate request signatures but do not confirm legitimate ownership, an attacker with any account can...

8.8CVSS0.00312EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/12 4:39 p.m.7 views

Authorization Bypass Through User-Controlled Key

Overview chromadb is a Chroma. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the V1 collection-level endpoints passing None for tenant and database to the authorization layer. An attacker can gain unauthorized access to resources by...

8.8CVSS5.4AI score0.00284EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/12 4:39 p.m.7 views

Authorization Bypass Through User-Controlled Key

Overview chromadb is a Chroma. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to insufficient authorization checks when UUID is provided. An attacker can gain unauthorized access to read, write, update, or delete data belonging to other...

8.8CVSS5.3AI score0.00345EPSS
Exploits0References2
NVD
NVD
added 2026/06/11 9:16 a.m.13 views

CVE-2023-40200

Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo Showcase Responsive Slider and Carousel allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Logo Showcase Responsive Slider and Carousel: from n/a through 3.6...

5.3CVSS0.00188EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 7:11 a.m.9 views

EUVD-2023-60588

Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo Showcase Responsive Slider and Carousel allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Logo Showcase Responsive Slider and Carousel: from n/a through 3.6...

5.3CVSS5.5AI score0.00188EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 7:11 a.m.29 views

CVE-2023-40200 WordPress WP Logo Showcase Responsive Slider and Carousel plugin <= 3.6 - Broken Access Control vulnerability

Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo Showcase Responsive Slider and Carousel allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Logo Showcase Responsive Slider and Carousel: from n/a through 3.6...

5.3CVSS0.00188EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 7:11 a.m.8 views

CVE-2023-40200 WordPress WP Logo Showcase Responsive Slider and Carousel plugin <= 3.6 - Broken Access Control vulnerability

Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo Showcase Responsive Slider and Carousel allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Logo Showcase Responsive Slider and Carousel: from n/a through 3.6...

5.3CVSS7.7AI score0.00188EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 7:11 a.m.33 views

CVE-2023-40200

CVE-2023-40200 affects the WordPress plugin WP Logo Showcase Responsive Slider and Carousel (versions

5.3CVSS7.7AI score0.00188EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.7 views

CVE-2026-44083

An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges. We have already fixed the vulnerability in the following version: QuMagie 2.9.1 and later...

9.8CVSS5.5AI score0.0046EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 8:16 a.m.9 views

CVE-2026-44083

An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges. We have already fixed the vulnerability in the following version: QuMagie 2.9.1 and later...

9.8CVSS0.0046EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 6:20 a.m.7 views

CVE-2026-44083 QuMagie

An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges. We have already fixed the vulnerability in the following version: QuMagie 2.9.1 and later...

8.7CVSS5.5AI score0.0046EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:41 a.m.9 views

EUVD-2026-35307

The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the userId parameter of the sixstoragegetuserinfo and sixstorageupdateprofile AJAX actions. This is due to the sixstoragegetUserInfo and...

7.5CVSS5.5AI score0.00403EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.12 views

PT-2026-47703

Name of the Vulnerable Software and Affected Versions QuMagie versions prior to 2.9.1 Description An authorization bypass occurs through a user-controlled key, allowing remote attackers to gain unintended privileges. Recommendations Update to version 2.9.1 or later...

9.8CVSS5.3AI score0.0046EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.22 views

PT-2026-47684

Name of the Vulnerable Software and Affected Versions 6Storage Rentals versions prior to 2.22.1 Description An authorization bypass exists in the 6Storage Rentals plugin for WordPress. Unauthenticated attackers can read and modify arbitrary tenant profile data, including names, email addresses,...

7.5CVSS5.3AI score0.00403EPSS
Exploits0References15
Rows per page
Query Builder