Export limit exceeded: 11486 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11486 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-45552 | 1 Roxy-wi | 1 Roxy-wi | 2026-06-10 | 9.9 Critical |
| Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the install blueprint declares only bp.before_request → @jwt_required() (app/routes/install/routes.py:36-39). The individual endpoints install_exporter, install_waf, install_geoip, check_geoip, get_exporter_version, and get_task_status are not wrapped in page_for_admin and do not call roxywi_common.is_user_has_access_to_its_group(server_ip) or check_is_server_in_group(server_ip). Only the GET index page (install_monitoring) gates on roxywi_auth.page_for_admin(level=2). Because the missing decorators omit both role and group checks, any logged-in user — including the default guest role 4 — can install/reconfigure exporters, WAF, and GeoIP databases on every server in the Roxy-WI database, regardless of tenant ownership. The Ansible playbooks run with the per-server SSH credential stored in Roxy-WI, which the credentials' rightful owner (a different tenant) has provisioned with sudo rights for the management workflow. At time of publication, there are no publicly available patches. | ||||
| CVE-2026-45563 | 1 Roxy-wi | 1 Roxy-wi | 2026-06-10 | 4.3 Medium |
| Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, GET /history/<service>/<server_ip> re-uses the server_ip path parameter as a user-id when service == 'user', with no authorization check. Any authenticated user — even a guest in an unrelated group — can list any other user's full action audit trail (server IPs touched, configs deployed, services restarted). At time of publication, there are no publicly available patches. | ||||
| CVE-2026-47281 | 1 Microsoft | 1 Visual Studio Code | 2026-06-10 | 9.6 Critical |
| Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2026-44750 | 1 Sap Se | 1 Sap Mdg (review Match Groups Application) | 2026-06-10 | 4.3 Medium |
| SAP MDG (Review Match Groups Application) does not perform the necessary authorization checks for authenticated users. This could allow a low-privileged user to perform actions that would otherwise be restricted, resulting in escalation of privileges. This has a low impact on integrity, while confidentiality and availability are not impacted. | ||||
| CVE-2026-44751 | 1 Sap Se | 1 Sap Netweaver And Abap Platform | 2026-06-10 | 7.1 High |
| Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belonging to another user, resulting in escalation of privileges. This has high impact on integrity with low impact on availability and no impact on confidentiality of the application. | ||||
| CVE-2026-11577 | 1 Redhat | 8 Build Keycloak, Build Of Keycloak, Data Grid and 5 more | 2026-06-09 | 7.2 High |
| A flaw was found in Keycloak. A limited administrator can exploit an improper access control vulnerability in the POST /admin/realms/{realm}/partialImport endpoint. This allows them to bypass Fine-Grained Admin Permissions (FGAP) and escalate their privileges to a full realm administrator by importing users with realm-admin role mappings. | ||||
| CVE-2024-38179 | 1 Microsoft | 3 Azure Stack Hci, Azure Stack Hci Os 22h2, Azure Stack Hci Os 23h2 | 2026-06-09 | 8.8 High |
| Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability | ||||
| CVE-2024-38190 | 1 Microsoft | 1 Power Platform | 2026-06-09 | 8.6 High |
| Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector. | ||||
| CVE-2026-49956 | 1 Nesquena | 1 Hermes-webui | 2026-06-09 | 6.5 Medium |
| Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions search handler to retrieve session titles and transcript message content from profiles other than their own active profile. | ||||
| CVE-2026-49948 | 1 Mem0ai | 1 Mem0 | 2026-06-09 | 8.1 High |
| Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider and embedder configuration but only verifies authentication via JWT or X-API-Key without validating the caller's role. Any authenticated user holding a distributed API key can redirect all LLM and embedder traffic to an attacker-controlled server, with the malicious configuration persisted to PostgreSQL and surviving server restarts to affect all users and API keys on the instance. | ||||
| CVE-2026-48507 | 2 Grokability, Snipeitapp | 2 Snipe-it, Snipe-it | 2026-06-09 | 7.1 High |
| Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular `users.edit` permission to lock every admin out of the instance by editing the `activated` flag (which determines whether or not a user can login) and the `ldap_import` flag, which determines whether or not the user can request a password reset. Version 8.6.0 contains a patch. | ||||
| CVE-2026-4986 | 2 Wordpress, Wpforms | 2 Wordpress, Wpforms | 2026-06-09 | 5.3 Medium |
| The WPForms WordPress plugin before 1.10.0.5 does not verify the authenticity of incoming PayPal webhook events before processing them, allowing unauthenticated attackers to forge webhook payloads and manipulate the payment state of arbitrary transactions. | ||||
| CVE-2026-39910 | 1 Stackit | 1 Iaas Api | 2026-06-09 | 9.8 Critical |
| STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT servers service-accounts endpoint to attach high-privileged service accounts and query the Instance Metadata Service to retrieve OAuth2 tokens, bypassing tenant boundaries and gaining unauthorized control over the entire organization environment. | ||||
| CVE-2026-7765 | 1 Checkmk | 1 Checkmk | 2026-06-09 | 5.3 Medium |
| Incorrect authorization in the User Messages dashboard widget in Checkmk <2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by sending requests to the underlying endpoint, even without a User Messages widget present. | ||||
| CVE-2026-44754 | 1 Sap Se | 1 Odp Data Replication Apis | 2026-06-09 | 6.6 Medium |
| The Remote Function Call (RFC) modules of the Operational Data Provisioning Data Replication API (ODP-RFC) are missing caller identification of permitted SAP-internal applications and are being used by customer or third-party applications in ways that are not aligned with its intended usage. Which could lead to unintended disclosure of data, but does not affect integrity, and poses minimal availability concerns for the application. | ||||
| CVE-2026-4058 | 2 Wedevs, Wordpress | 2 User Frontend: Ai Powered Frontend Posting, User Directory, Profile, Membership & User Registration, Wordpress | 2026-06-09 | 4.3 Medium |
| The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the user_subscription_cancel() function in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to cancel any user's subscription pack, including administrators. | ||||
| CVE-2026-47349 | 1 Typo3 | 1 Typo3 | 2026-06-09 | N/A |
| Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31 and 14.0.0-14.3.3. | ||||
| CVE-2026-47350 | 1 Typo3 | 1 Typo3 | 2026-06-09 | N/A |
| Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions 13.0.0-13.4.31 and 14.0.0-14.3.3. | ||||
| CVE-2026-47351 | 1 Typo3 | 1 Typo3 | 2026-06-09 | N/A |
| Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which allowed users to gather information about records and files they were not authorized to view. This issue affects TYPO3 CMS versions 10.4.0-13.4.30 and 14.0.0-14.3.2. | ||||
| CVE-2026-47352 | 1 Typo3 | 1 Typo3 | 2026-06-09 | N/A |
| Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to files outside their permitted file mounts or storages. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31 and 14.0.0-14.3.3. | ||||