Lucene search
K

3202 matches found

Snyk
Snyk
added 2026/06/12 4:39 p.m.7 views

Authorization Bypass Through User-Controlled Key

Overview chromadb is a Chroma. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the V1 collection-level endpoints passing None for tenant and database to the authorization layer. An attacker can gain unauthorized access to resources by...

8.8CVSS5.4AI score0.00284EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.29 views

PT-2026-48932

Summary A NoSQL injection vulnerability existed in MongoDBSaver where checkpoint identifier fields from config.configurable were used in MongoDB queries without strict type enforcement. In vulnerable versions, attacker-controlled object payloads for example MongoDB operators like $gt and $ne coul...

6.7CVSS5.4AI score0.00022EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/11 2:34 p.m.12 views

CVE-2026-7870 IBM i is Affected by Privilege Escalation []

IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege...

8.8CVSS5.5AI score0.00343EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 9:16 a.m.15 views

CVE-2023-40200

Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo Showcase Responsive Slider and Carousel allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Logo Showcase Responsive Slider and Carousel: from n/a through 3.6...

5.3CVSS0.00188EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 7:11 a.m.13 views

EUVD-2023-60588

Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo Showcase Responsive Slider and Carousel allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Logo Showcase Responsive Slider and Carousel: from n/a through 3.6...

5.3CVSS5.5AI score0.00188EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 7:11 a.m.8 views

CVE-2023-40200 WordPress WP Logo Showcase Responsive Slider and Carousel plugin <= 3.6 - Broken Access Control vulnerability

Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo Showcase Responsive Slider and Carousel allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Logo Showcase Responsive Slider and Carousel: from n/a through 3.6...

5.3CVSS7.7AI score0.00188EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 7:11 a.m.32 views

CVE-2023-40200 WordPress WP Logo Showcase Responsive Slider and Carousel plugin <= 3.6 - Broken Access Control vulnerability

Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo Showcase Responsive Slider and Carousel allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Logo Showcase Responsive Slider and Carousel: from n/a through 3.6...

5.3CVSS0.00188EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 7:11 a.m.35 views

CVE-2023-40200

CVE-2023-40200 affects the WordPress plugin WP Logo Showcase Responsive Slider and Carousel (versions

5.3CVSS7.7AI score0.00188EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 10:16 a.m.19 views

CVE-2026-11853

Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages .dsc and upload artifacts .changes are manifest files that name the files that make up the artifact. The parser used to read these files in Debusine accepted arbitrary fully...

6.5CVSS0.00269EPSS
Exploits0References3
CVE
CVE
added 2026/06/10 9:10 a.m.30 views

CVE-2026-11853

CVE-2026-11853 affects Debusine. The vulnerability arises in the parser for Debian source packages (.dsc) and upload artifacts (.changes), where it accepts arbitrary fully user-controlled paths. The mergeuploads task could be exploited to create arbitrary symbolic links on a worker, overwriting a...

6.5CVSS5.7AI score0.00269EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/10 9:10 a.m.10 views

CVE-2026-11853

Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages .dsc and upload artifacts .changes are manifest files that name the files that make up the artifact. The parser used to read these files in Debusine accepted arbitrary fully...

6.5CVSS5.7AI score0.00269EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.9 views

CVE-2026-44083

An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges. We have already fixed the vulnerability in the following version: QuMagie 2.9.1 and later...

9.8CVSS5.5AI score0.0046EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 11:54 p.m.26 views

CVE-2026-46546

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to version 2.53.0, an authenticated user could supply specially crafted content in certain user-editable fields that, when surfaced in page metadata, caused visitors' browsers to navigate to...

5.4CVSS5.4AI score0.00234EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/09 8:16 a.m.11 views

CVE-2026-44083

An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges. We have already fixed the vulnerability in the following version: QuMagie 2.9.1 and later...

9.8CVSS0.0046EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 6:20 a.m.9 views

CVE-2026-44083 QuMagie

An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges. We have already fixed the vulnerability in the following version: QuMagie 2.9.1 and later...

8.7CVSS5.5AI score0.0046EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:41 a.m.10 views

EUVD-2026-35307

The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the userId parameter of the sixstoragegetuserinfo and sixstorageupdateprofile AJAX actions. This is due to the sixstoragegetUserInfo and...

7.5CVSS5.5AI score0.00403EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.26 views

PT-2026-47684

Name of the Vulnerable Software and Affected Versions 6Storage Rentals versions prior to 2.22.1 Description An authorization bypass exists in the 6Storage Rentals plugin for WordPress. Unauthenticated attackers can read and modify arbitrary tenant profile data, including names, email addresses,...

7.5CVSS5.3AI score0.00403EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-47703

Name of the Vulnerable Software and Affected Versions QuMagie versions prior to 2.9.1 Description An authorization bypass occurs through a user-controlled key, allowing remote attackers to gain unintended privileges. Recommendations Update to version 2.9.1 or later...

9.8CVSS5.3AI score0.0046EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.11 views

MongoDB Server 安全漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from insufficie...

7.1CVSS5.3AI score0.00368EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.14 views

PT-2026-47333

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in wojtekmach Req allows multipart parameter smuggling via attacker-influenced part metadata. Req.Utils.encode form part/2 in lib/req/utils.ex builds the per-part headers by interpolating the caller-supplied name, filename,...

2.1CVSS5.6AI score0.00178EPSS
Exploits0References5
Rows per page
Query Builder