Lucene search
K

9 matches found

Cvelist
Cvelist
added 2 days ago38 views

CVE-2026-10750 Royal MCP < 1.4.26 - Subscriber+ Insufficient Authorization in MCP Tools

The Royal MCP WordPress plugin before 1.4.26 does not perform capability checks on the majority of its MCP tools after token authentication, allowing authenticated users with a low-privileged role such as Subscriber to read private content, enumerate all users and their roles, and create, modify,...

0.00267EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 6:11 p.m.21 views

CVE-2026-49288

Statamic CMS patch for CVE-2026-49288 fixes a missing authorization on Control Panel fieldtype endpoints that allowed an authenticated CP user to view restricted metadata and content (entries, assets, users, roles, groups, etc.). The issue could disclose titles, custom field values, entry content...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/13 6:58 p.m.13 views

OpenClaw: Discord guild reaction ingress could bypass users and roles allowlists

Summary In affected versions of openclaw, Discord reaction ingestion for guild channels did not enforce the same member users and roles allowlist checks used for normal inbound guild messages. A non-allowlisted guild member could still trigger reaction events that were accepted and queued as...

5.8AI score
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/11 7:8 a.m.4 views

CVE-2026-3638

Improper access control in user and role restore API endpoints in Devolutions Server 2025.3.11.0 and earlier allows a low-privileged authenticated user to restore deleted users and roles via crafted API requests...

5.9CVSS5.8AI score0.00177EPSS
Exploits0References1
NVD
NVD
added 2024/02/01 11:15 a.m.20 views

CVE-2023-51674

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS.This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhance...

6.5CVSS6.4AI score0.00328EPSS
Exploits0References1
Prion
Prion
added 2024/02/01 11:15 a.m.13 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS.This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhance...

4.9CVSS7AI score0.00328EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/12/29 2:15 p.m.19 views

Open redirect

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More.This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.18...

4.9CVSS7.1AI score0.00297EPSS
Exploits0References1Affected Software1
Citrix
Citrix
added 2023/08/22 12:0 a.m.7 views

ADM Cloud Users are not able to view Users & Roles options under settings in Citrix ADM GUI

Invited/cloned users will not have access to Users & Roles access on Citrix ADM Cloud Path ==In the Citrix ADM GUI, navigate to Settings Users & Roles Users...

7AI score
Exploits0
OSV
OSV
added 2021/12/08 4:15 a.m.5 views

CVE-2021-41311

Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an administrator account that has had its access revoked to modify projects' Users & Roles settings, via a Broken Authentication vulnerability in the /plugins/servlet/project-config/PROJECT/roles endpoint. T...

7.5CVSS5.8AI score0.00836EPSS
Exploits0References1
Rows per page
Query Builder