Export limit exceeded: 359385 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359385 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11326 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-42999 | 1 Openstack | 1 Keystone | 2026-06-02 | 6 Medium |
| An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforce_call unconditionally merges the raw JSON request body into the policy enforcement dictionary via policy_dict.update(json_input.copy()), overwriting trusted target data that was previously set from database lookups. Because flask.request.get_json is called with force=True, this works regardless of Content-Type or HTTP method. Any authenticated user can inject arbitrary policy target attributes (e.g., user_id, project_id) into the request body to bypass RBAC checks and perform unauthorized operations on resources belonging to other users or projects. This was introduced in commit 5ea59f52 (Rocky/14.0.0). | ||||
| CVE-2026-43000 | 1 Openstack | 1 Keystone | 2026-06-02 | 6 Medium |
| An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token carries the victim's identity, which passes the trustor validation check. Keystone then validates the delegated roles against the victim's actual role assignments in the database, not the roles on the requesting token. This allows the attacker to create a trust delegating the victim's admin role to themselves. The trust persists independently, and additional trusts and application credentials can be created to maintain access. All actions are logged under the victim's identity. | ||||
| CVE-2026-44394 | 1 Openstack | 1 Keystone | 2026-06-02 | 6 Medium |
| An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federated user rescopes a token via POST /v3/auth/tokens, the handle_scoped_token() function in the mapped authentication plugin returns response data without an expires_at value. The token provider falls back to issuing a token with a fresh default TTL. By rescoping repeatedly before each token expires, a user can maintain access indefinitely, bypassing operator-configured token lifetime policies. This is a variant of CVE-2012-3426. Only deployments using federated identity (SAML2, OpenID Connect) are affected. | ||||
| CVE-2026-42096 | 1 Sparxsystems | 2 Pro Cloud Server, Sparx Pro Cloud Server | 2026-06-02 | 8.8 High |
| Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to lack of permission checks, any low privileged user can run arbitrary SQL queries within database user context. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.1 (build 167) and below were tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable. | ||||
| CVE-2026-42070 | 1 Mantisbt | 1 Mantisbt | 2026-06-02 | N/A |
| Mantis Bug Tracker (MantisBT) is an open source issue tracker. Prior to 2.28.2, the mc_issue_update() function in MantisBT allows users having update_bug_threshold access (UPDATER, with default settings) to edit, change view state, and modify time tracking on bugnotes belonging to other users — bypassing the default DEVELOPER (level 55) threshold required by the dedicated mc_issue_note_update() function. This vulnerability is fixed in 2.28.2. | ||||
| CVE-2026-49374 | 1 Jetbrains | 1 Teamcity | 2026-06-02 | 7.6 High |
| In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters | ||||
| CVE-2026-49376 | 1 Jetbrains | 1 Teamcity | 2026-06-02 | 6.5 Medium |
| In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin | ||||
| CVE-2026-49378 | 1 Jetbrains | 1 Teamcity | 2026-06-02 | 4.3 Medium |
| In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion | ||||
| CVE-2026-9050 | 2 Revolution Slider, Wordpress | 2 Slider Revolution, Wordpress | 2026-06-02 | 4.3 Medium |
| The Slider Revolution plugin for WordPress in versions 6.0.0-6.7.55 and 7.0.0-7.0.14 is vulnerable to unauthorized modification of data. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with Contributor-level access and above, to deactivate any active plugin installed on the site. | ||||
| CVE-2026-9048 | 2 Revolution Slider, Wordpress | 2 Slider Revolution, Wordpress | 2026-06-02 | 4.3 Medium |
| The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Exposure in versions 7.0.0 - 7.0.14, via the 'slider.get.full' AJAX Action. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including raw social media API credentials: the Instagram OAuth token, Flickr API key, YouTube Data API key, and Facebook App ID, stored in any configured slider's settings. | ||||
| CVE-2024-8074 | 2026-06-02 | N/A | ||
| Missing Authentication for Critical Function, Missing Authorization vulnerability in Nomysoft Informatics Nomysem allows Collect Data as Provided by Users. This issue affects Nomysem: before 13.10.2024. | ||||
| CVE-2026-47740 | 1 Shopperlabs | 1 Shopper | 2026-06-02 | 8.1 High |
| Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orders. The order detail actions cancel, mark paid, mark complete, capture payment, archive, and start processing were callable with the read-only read_orders permission and did not require edit_orders. capturePayment could trigger an actual PSP capture (real funds movement). The order shipments table actions mark delivered and edit tracking were callable with the read-only browse_orders permission. A user with read access to orders could therefore alter the lifecycle of every order in the panel and trigger real-world payment captures. This vulnerability is fixed in 2.8.0. | ||||
| CVE-2026-32906 | 1 Openclaw | 1 Openclaw | 2026-06-02 | 4.3 Medium |
| OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that allows exec-authorized users to resolve plugin approvals through the exec approver gate. Attackers with limited exec approval permissions can bypass intended approval splits to approve plugin actions outside operator configuration. | ||||
| CVE-2025-48600 | 1 Google | 1 Android | 2026-06-01 | 5.5 Medium |
| In multiple files, there is a possible way to reveal information across users due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2021-25740 | 1 Kubernetes | 1 Kubernetes | 2026-06-01 | 3.1 Low |
| A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack. | ||||
| CVE-2026-44848 | 1 Portainer | 1 Portainer | 2026-06-01 | 8.8 High |
| Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, The Docker plugin management endpoints (/plugins/*) were not registered with a handler, so standard users with endpoint access could call privileged plugin operations — including installing and enabling plugins — directly against the underlying Docker daemon. The vulnerability is exposed when a non-admin Portainer user (Standard User role, or any role granted endpoint-level access) has been given access to a Docker endpoint via Portainer RBAC. This vulnerability is fixed in 2.33.8, 2.39.2, and 2.41.0. | ||||
| CVE-2026-42675 | 2 Themefic, Wordpress | 2 Hydra Booking, Wordpress | 2026-06-01 | 7.3 High |
| Missing Authorization vulnerability in Themefic Hydra Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hydra Booking: from n/a through 1.1.41. | ||||
| CVE-2026-42671 | 2 Paolo, Wordpress | 2 Geodirectory, Wordpress | 2026-06-01 | 6.5 Medium |
| Missing Authorization vulnerability in Paolo GeoDirectory allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GeoDirectory: from n/a through 2.8.157. | ||||
| CVE-2026-45426 | 1 Apache | 1 Airflow | 2026-06-01 | 3.1 Low |
| Exploitation requires the attacker to already be an authenticated Airflow worker holding a valid Log-server JWT issued for at least one Dag. Apache Airflow's Log server authorized JWT tokens against Dag IDs by applying Python's `str.lstrip()` to the requested path segment when verifying the JWT's `sub` claim. `str.lstrip()` strips any of a *set* of characters from the left (not a prefix), so a JWT issued for a Dag named e.g. `dag_a` would authorize log access to any other Dag whose name began with any subset of the characters `{d, a, g, _}` (e.g. `dag_attacker`, `aaaa_target`, `_dag_secret`). Such an authenticated worker could enumerate and read worker logs of other Dags whose names happened to share that character-class prefix, leaking task output and error traces beyond the documented per-Dag isolation boundary. Affects deployments relying on per-Dag log-access scoping (multi-team, shared-executor, shared-worker topologies). Users are advised to upgrade to `apache-airflow` 3.2.2 or later. | ||||
| CVE-2026-35630 | 1 Openclaw | 1 Openclaw | 2026-06-01 | 8 High |
| OpenClaw before 2026.5.18 contains an authorization bypass vulnerability in QQBot native approval buttons that fails to enforce configured approver identity. Non-approver users can click approval buttons to resolve pending exec or plugin approval requests without proper authorization. | ||||