Lucene search
K

5 matches found

EUVD
EUVD
added 2026/05/12 6:30 p.m.11 views

EUVD-2026-29551

Insufficient ownership checks in clientarea.php allow an authenticated client area user to submit requests using another user’s addonId without any ownership validation leading to unauthorized access to the victim's resources and their cPanel account...

10CVSS5.8AI score0.00319EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 5:46 p.m.10 views

CVE-2026-29204

Insufficient ownership check in clientarea.php allows an authenticated client area user to submit requests using another user’s addonId without any ownership validation leading to unauthorized access to the victim's account...

9.1CVSS5.8AI score0.00319EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/02 12:45 p.m.2 views

CVE-2026-4636 Keycloak: keycloak: uma policy bypass allows authenticated users to gain unauthorized access to victim-owned resources.

A flaw was found in Keycloak. An authenticated user with the umaprotection role can bypass User-Managed Access UMA policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, even if the URL path specifies an attacker-owned...

8.1CVSS5.9AI score0.00346EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/04/02 12:45 p.m.5 views

CVE-2026-4636

A flaw was found in Keycloak. An authenticated user with the umaprotection role can bypass User-Managed Access UMA policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, even if the URL path specifies an attacker-owned...

8.1CVSS5.9AI score0.00346EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.6 views

PT-2026-3868

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.2.0 through 2.54.0, an attacker is able to execute arbitrary JavaScript in a victim user's CVAT UI session, provided that they are able to create a maliciously crafted label in a CVAT task or...

8.6CVSS5.9AI score0.00142EPSS
Exploits0References3
Rows per page
Query Builder