Lucene search
K

8 matches found

EUVD
EUVD
added yesterday10 views

EUVD-2026-33278

Mautic has an Authorization Bypass in API v2 Endpoints...

7.1CVSS5.8AI score0.00201EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/02 3:50 p.m.10 views

CVE-2026-35443 NamelessMC: Forum reactions bypass the "view own topics only" restriction

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/classes/ForumPostReactionContext.php only verifies that the caller can view the forum, but it does not re-enforce topic-level viewothertopics authorization. As a result, in forums where users may enter the forum...

5.3CVSS5.8AI score0.00235EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 3:50 p.m.28 views

CVE-2026-35443 NamelessMC: Forum reactions bypass the "view own topics only" restriction

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/classes/ForumPostReactionContext.php only verifies that the caller can view the forum, but it does not re-enforce topic-level viewothertopics authorization. As a result, in forums where users may enter the forum...

5.3CVSS0.00235EPSS
Exploits0References1
CVE
CVE
added 2026/06/02 3:50 p.m.15 views

CVE-2026-35443

NamelessMC (website software for Minecraft servers) is affected in version 2.2.4. The vulnerability lies in modules/Forum/classes/ForumPostReactionContext.php, where topic-level view_other_topics authorization is not re-enforced, allowing reactions on other users’ topics to be read and modified. ...

5.3CVSS5.8AI score0.00235EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/29 1:18 p.m.6 views

Incorrect Authorization

Overview mautic/plugin-focus is a Focus Plugin Affected versions of this package are vulnerable to Incorrect Authorization in the enforcement of owner-scope permissions such as viewown or editown. An attacker can gain unauthorized access or modify resources belonging to other users by exploiting...

7.1CVSS5.8AI score0.00201EPSS
Exploits0References2
OSV
OSV
added 2025/02/26 1:15 p.m.4 views

CVE-2024-47053

This advisory addresses an authorization vulnerability in Mautic's HTTP Basic Authentication implementation. This flaw could allow unauthorized access to sensitive report data. Improper Authorization: An authorization flaw exists in Mautic's API Authorization implementation. Any authenticated use...

7.7CVSS6.7AI score
Exploits0References3
OSV
OSV
added 2020/05/27 3:32 p.m.2 views

DRUPAL-CONTRIB-2020-020

Drupal Commerce is used to build eCommerce websites and applications. It's possible to configure commerce to permit orders by anonymous users. In this configuration, customers who do not choose to create an account upon checkout completion remain anonymous, and the resulting orders are never...

6.5AI score
Exploits0References1
OSV
OSV
added 2019/10/16 4:9 p.m.6 views

DRUPAL-CONTRIB-2019-074

The Bat module provides a foundation through which a wide range of availability management, reservation and booking use cases can be addressed. The routes used to view events don't sufficiently guard access for non-privileged users. Specifically, a user with the 'View own' permission for bat even...

6.7AI score
Exploits0References1
Rows per page
Query Builder