Export limit exceeded: 11611 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (11611 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-54518 1 Fasterxml 1 Jackson-databind 2026-06-24 6.5 Medium
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, UnwrappedPropertyHandler.processUnwrappedCreatorProperties() replays buffered JSON into creator parameters but never consults prop.visibleInView(activeView). The normal property-based creator path gates creator properties on the active view, but this unwrapped-creator replay path bypasses that check, so a constructor parameter annotated with both @JsonView(AdminView.class) and @JsonUnwrapped is populated from attacker JSON even when a more restrictive view is active. This vulnerability is fixed in 2.21.4 and 3.1.4.
CVE-2026-56695 1 Hkuds 1 Openharness 2026-06-24 6.5 Medium
OpenHarness ohmo gateway /resume and /summary slash commands default remote_invocable to True, allowing admitted remote senders to enumerate and load arbitrary session snapshots by ID. Attackers can exploit this to access victim snapshots containing private prompts, credentials, tool output, and file paths via shared gateway channels.
CVE-2026-54022 1 Open-webui 1 Open-webui 2026-06-24 5.3 Medium
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the ydoc:document:join Socket.IO handler checks note ownership only when the document_id starts with note: (colon). However, the YdocManager storage layer normalizes all document IDs by replacing colons with underscores (document_id.replace(":", "_")). An attacker can join a document room using note_<id> (underscore) instead of note:<id> (colon), bypassing the authorization check entirely while accessing the same underlying Yjs document. The server then returns the full document state, leaking the victim's private note contents. This vulnerability is fixed in 0.8.11.
CVE-2026-46549 1 Nocodb 1 Nocodb 2026-06-24 2 Low
NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the OAuth token strategy attached oauth_scope and oauth_granted_resources to the request user, but the ACL middleware never consulted either. An OAuth token issued with a restricted scope (e.g. MCP-only) therefore inherited the full permissions of the underlying user across all routes; the granted_resources.base_id restriction was bypassed on org-level endpoints that don't populate req.context.base_id. This vulnerability is fixed in 2026.04.1.
CVE-2026-54316 1 Anthropics 1 Claude Code 2026-06-24 5.3 Medium
Claude Code is an agentic coding tool. From 0.2.54 until 2.1.163, because the hostname huggingface.co was pre-approved as a bare hostname for the WebFetch tool, any path on that domain—including attacker-controlled model repositories—was auto-approved without a permission prompt or being subject to --allowedTools restrictions. An attacker able to inject untrusted content into a Claude Code context could direct it to issue WebFetch requests against attacker-controlled repository files (e.g. /resolve/main/config.json), which HuggingFace counts as downloads server-side, creating a covert out-of-band channel for encoding and exfiltrating data Claude can access such as files, environment variables, or command output. Reliably exploiting this required the ability to add untrusted content into a Claude Code context window. This vulnerability is fixed in 2.1.163.
CVE-2026-48493 1 Grokability 1 Snipe-it 2026-06-24 5.5 Medium
Snipe-IT is an IT asset/license management system. In versions prior to 8.6.0, a user with only users.edit can send a PATCH to /api/v1/users/{their_own_id} and grant themselves any permission except admin and superuser — for example `assets.view`, `assets.create`, `reports.view`, import, etc. The issue is patched in version 8.6.0.
CVE-2026-23513 1 Fossbilling 1 Fossbilling 2026-06-23 N/A
FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, a query-construction flaw in client list endpoints allowed authenticated clients to bypass tenant scoping and retrieve other clients’ data. Details In ServiceTransaction::getSearchQuery() and Order\Service::getSearchQuery(), OR-based search/action filters were appended without grouping, allowing SQL operator precedence to evaluate OR clauses independently of the enforced client_id constraint. Crafted requests could therefore return records and metadata belonging to other clients, including identifiers, amounts, status, timestamps, and related fields. This issue was fixed in version 0.8.0.
CVE-2026-10609 1 Redhat 2 Logging, Logging Subsystem For Red Hat Openshift 2026-06-23 6.8 Medium
A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrate SA tokens and escalate privileges.
CVE-2026-34023 1 Wertheim 1 Safecontroller Software For Vault Rooms (safe Deposit Locker System) 2026-06-23 N/A
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an incorrect authorization vulnerability in the WebSocket communication used by the SafeController WebMessageBroker. An authenticated attacker with valid low-privileged branch user credentials can manipulate WebSocket messages by specifying controller identifiers belonging to other branches. This allows the attacker to access restricted functions and resources in other branches, including activating boxes outside of the user's authorized branch.
CVE-2026-34024 1 Wertheim 1 Safecontroller Software For Vault Rooms (safe Deposit Locker System) 2026-06-23 N/A
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges can access endpoints that are not visible in the frontend but remain directly reachable. This allows the attacker to perform restricted actions such as switching the user's branch, uploading arbitrary files, downloading arbitrary files, and viewing details of arbitrary branches.
CVE-2026-5230 1 Mia Technology 1 Pizzy Library 2026-06-23 7.1 High
Improper Access Control, Missing Authorization vulnerability in MIA Technology Inc. Pizzy Library allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.
CVE-2025-68049 2 Bunny.net, Wordpress 2 Bunny.net, Wordpress 2026-06-23 6.3 Medium
Subscriber Broken Access Control in bunny.net <= 2.3.6 versions.
CVE-2025-69332 2 Mycred, Wordpress 2 Bookify, Wordpress 2026-06-23 6.5 Medium
Subscriber Broken Access Control in Bookify <= 1.1.1 versions.
CVE-2026-25425 2 Themegrill, Wordpress 2 User Registration, Wordpress 2026-06-23 7.5 High
Unauthenticated Broken Access Control in User Registration <= 5.1.2 versions.
CVE-2026-34898 2 Wordpress, Wp Swings 2 Wordpress, Event Tickets Manager For Woocommerce 2026-06-23 7.5 High
Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce <= 1.5.3 versions.
CVE-2026-39525 2 Booking Activities Team, Wordpress 2 Booking Activities, Wordpress 2026-06-23 6.5 Medium
Unauthenticated Broken Access Control in Booking Activities <= 1.16.48.1 versions.
CVE-2026-39594 2 Themefic, Wordpress 2 Ultra Addons For Wpforms, Wordpress 2026-06-23 6.4 Medium
Subscriber Broken Access Control in Ultra Addons for WPForms <= 1.0.11 versions.
CVE-2026-40741 2 Jose Conti, Wordpress 2 Redsys For Woocommerce Light, Wordpress 2026-06-23 7.5 High
Unauthenticated Broken Access Control in Redsys for WooCommerce Light <= 7.0.0 versions.
CVE-2026-40775 2 Royal Plugins, Wordpress 2 Royal Mcp, Wordpress 2026-06-23 7.3 High
Unauthenticated Broken Access Control in Royal MCP <= 1.4.2 versions.
CVE-2026-40776 2 Arraytics, Wordpress 2 Wp Event Solution, Wordpress 2026-06-23 7.5 High
Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.8 versions.