Lucene search
K

3168 matches found

Snyk
Snyk
added 2026/06/16 5:34 p.m.6 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the monitor API endpoints, which lack proper ownership enforcement. An attacker can read, modify, rename, or permanently delete another user's messages, sessions, build artifacts, and...

8.8CVSS5.9AI score0.00291EPSS
Exploits1References2
NVD
NVD
added 2026/06/15 11:16 p.m.10 views

CVE-2026-48599

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In...

7.6CVSS0.00273EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/15 9:55 p.m.33 views

CVE-2026-48599 Authorization bypass via path binding override in elixir-grpc/grpc HTTP transcoding

Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. In...

7.6CVSS0.00273EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/15 5:22 p.m.6 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the two-way property binding. An attacker can execute arbitrary JavaScript in the context of the user's browser by supplying crafted input to a sensitive DOM property bound with two-way binding syntax. Note:...

8.3CVSS5.9AI score0.00195EPSS
Exploits0References2
OSV
OSV
added 2026/06/15 4:51 p.m.6 views

GHSA-692R-GRFM-V8X7 @angular/core: Angular Template and Dynamic Component Namespace Bypass leading to Cross-Site Scripting (XSS)

An issue in the @angular/core package allows bypassing script-execution restrictions during dynamic component creation. Specifically, the dynamic component instantiation mechanism createComponent failed to reject mounting components directly onto a or namespaced script element such as . This...

5.3CVSS6.2AI score0.00238EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/15 4:51 p.m.30 views

@angular/core: Angular Template and Dynamic Component Namespace Bypass leading to Cross-Site Scripting (XSS)

An issue in the @angular/core package allows bypassing script-execution restrictions during dynamic component creation. Specifically, the dynamic component instantiation mechanism createComponent failed to reject mounting components directly onto a or namespaced script element such as . This...

6.1CVSS6.1AI score0.00238EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49532

Name of the Vulnerable Software and Affected Versions elixir-grpc versions 0.8.0 through 0.9.x Description Authenticated attackers can access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body. This occurs in...

7.6CVSS5.3AI score0.00273EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/12 6:13 p.m.34 views

CVE-2026-42947 Naxclow IoT Platform Authorization bypass through User-Controlled key

A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account. Because the affected endpoints validate request signatures but do not confirm legitimate ownership, an attacker with any account can...

8.8CVSS0.00312EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/12 4:39 p.m.7 views

Authorization Bypass Through User-Controlled Key

Overview chromadb is a Chroma. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to insufficient authorization checks when UUID is provided. An attacker can gain unauthorized access to read, write, update, or delete data belonging to other...

8.8CVSS5.3AI score0.00345EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/12 4:39 p.m.7 views

Authorization Bypass Through User-Controlled Key

Overview chromadb is a Chroma. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the V1 collection-level endpoints passing None for tenant and database to the authorization layer. An attacker can gain unauthorized access to resources by...

8.8CVSS5.4AI score0.00284EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.29 views

PT-2026-48932

Summary A NoSQL injection vulnerability existed in MongoDBSaver where checkpoint identifier fields from config.configurable were used in MongoDB queries without strict type enforcement. In vulnerable versions, attacker-controlled object payloads for example MongoDB operators like $gt and $ne coul...

6.7CVSS5.4AI score0.00022EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/11 2:34 p.m.11 views

CVE-2026-7870 IBM i is Affected by Privilege Escalation []

IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege...

8.8CVSS5.5AI score0.00343EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 9:16 a.m.14 views

CVE-2023-40200

Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo Showcase Responsive Slider and Carousel allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Logo Showcase Responsive Slider and Carousel: from n/a through 3.6...

5.3CVSS0.00188EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 7:11 a.m.33 views

CVE-2023-40200

CVE-2023-40200 affects the WordPress plugin WP Logo Showcase Responsive Slider and Carousel (versions

5.3CVSS7.7AI score0.00188EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 7:11 a.m.31 views

CVE-2023-40200 WordPress WP Logo Showcase Responsive Slider and Carousel plugin <= 3.6 - Broken Access Control vulnerability

Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo Showcase Responsive Slider and Carousel allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Logo Showcase Responsive Slider and Carousel: from n/a through 3.6...

5.3CVSS0.00188EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 7:11 a.m.8 views

CVE-2023-40200 WordPress WP Logo Showcase Responsive Slider and Carousel plugin <= 3.6 - Broken Access Control vulnerability

Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo Showcase Responsive Slider and Carousel allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Logo Showcase Responsive Slider and Carousel: from n/a through 3.6...

5.3CVSS7.7AI score0.00188EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 7:11 a.m.12 views

EUVD-2023-60588

Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo Showcase Responsive Slider and Carousel allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Logo Showcase Responsive Slider and Carousel: from n/a through 3.6...

5.3CVSS5.5AI score0.00188EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:16 a.m.17 views

CVE-2026-11853

Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages .dsc and upload artifacts .changes are manifest files that name the files that make up the artifact. The parser used to read these files in Debusine accepted arbitrary fully...

6.5CVSS0.00269EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/10 9:10 a.m.9 views

CVE-2026-11853

Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages .dsc and upload artifacts .changes are manifest files that name the files that make up the artifact. The parser used to read these files in Debusine accepted arbitrary fully...

6.5CVSS5.7AI score0.00269EPSS
Exploits0
CVE
CVE
added 2026/06/10 9:10 a.m.26 views

CVE-2026-11853

CVE-2026-11853 affects Debusine. The vulnerability arises in the parser for Debian source packages (.dsc) and upload artifacts (.changes), where it accepts arbitrary fully user-controlled paths. The mergeuploads task could be exploited to create arbitrary symbolic links on a worker, overwriting a...

6.5CVSS5.7AI score0.00269EPSS
Exploits0References3
Rows per page
Query Builder