Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-24471

Summary
Assigner-Nozomi
Assigner Org ID-bec8025f-a851-46e5-b3a3-058e6b0aa23c
Published At-09 Aug, 2023 | 08:54
Updated At-02 Aug, 2024 | 10:56
Rejected At-
Credits

Information disclosure via the debug function in assertions in Guardian/CMC before 22.6.2

An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality. An authenticated user with reduced visibility can obtain unauthorized information via the debug functionality, obtaining data that would normally be not accessible in the Query and Assertions functions.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Nozomi
Assigner Org ID:bec8025f-a851-46e5-b3a3-058e6b0aa23c
Published At:09 Aug, 2023 | 08:54
Updated At:02 Aug, 2024 | 10:56
Rejected At:
â–¼CVE Numbering Authority (CNA)
Information disclosure via the debug function in assertions in Guardian/CMC before 22.6.2

An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality. An authenticated user with reduced visibility can obtain unauthorized information via the debug functionality, obtaining data that would normally be not accessible in the Query and Assertions functions.

Affected Products
Vendor
Nozomi Networks
Product
Guardian
Default Status
unaffected
Versions
Affected
  • From 0 before 22.6.2 (semver)
Vendor
Nozomi Networks
Product
CMC
Default Status
unaffected
Versions
Affected
  • From 0 before 22.6.2 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-863CWE-863 Incorrect Authorization
Type: CWE
CWE ID: CWE-863
Description: CWE-863 Incorrect Authorization
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4.07.1HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Version: 4.0
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-122CAPEC-122 Privilege Abuse
CAPEC ID: CAPEC-122
Description: CAPEC-122 Privilege Abuse
Solutions

Upgrade to v22.6.2 or later.

Configurations

Workarounds

Use internal firewall features to limit access to the web management interface.

Exploits

Credits

finder
This issue was found by Stefano Libero of Nozomi Networks Product Security team during a scheduled internal VAPT testing session.
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://security.nozominetworks.com/NN-2023:5-01
N/A
Hyperlink: https://security.nozominetworks.com/NN-2023:5-01
Resource: N/A
â–¼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
nozominetworks
Product
guardian
CPEs
  • cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 22.6.2 (custom)
Vendor
nozominetworks
Product
cmc
CPEs
  • cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 22.6.2 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://security.nozominetworks.com/NN-2023:5-01
x_transferred
Hyperlink: https://security.nozominetworks.com/NN-2023:5-01
Resource:
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:prodsec@nozominetworks.com
Published At:09 Aug, 2023 | 09:15
Updated At:28 May, 2024 | 13:15

An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality. An authenticated user with reduced visibility can obtain unauthorized information via the debug functionality, obtaining data that would normally be not accessible in the Query and Assertions functions.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CPE Matches

nozominetworks
nozominetworks
>>cmc>>Versions before 22.6.2(exclusive)
cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*
nozominetworks
nozominetworks
>>guardian>>Versions before 22.6.2(exclusive)
cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-863Primarynvd@nist.gov
CWE-863Secondaryprodsec@nozominetworks.com
CWE ID: CWE-863
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-863
Type: Secondary
Source: prodsec@nozominetworks.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://security.nozominetworks.com/NN-2023:5-01prodsec@nozominetworks.com
Vendor Advisory
Hyperlink: https://security.nozominetworks.com/NN-2023:5-01
Source: prodsec@nozominetworks.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

171Records found

CVE-2025-40888
Matching Score-8
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-8
Assigner-Nozomi Networks Inc.
CVSS Score-6||MEDIUM
EPSS-0.22% / 12.87%
||
7 Day CHG+0.01%
Published-07 Oct, 2025 | 12:38
Updated-09 Oct, 2025 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated SQL Injection on CLI functionality in Guardian/CMC before 25.3.0

A SQL Injection vulnerability was discovered in the CLI functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized data.

Action-Not Available
Vendor-nozominetworksNozomi Networks
Product-guardiancmcGuardianCMC
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-40885
Matching Score-8
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-8
Assigner-Nozomi Networks Inc.
CVSS Score-6||MEDIUM
EPSS-0.22% / 12.87%
||
7 Day CHG+0.01%
Published-07 Oct, 2025 | 12:35
Updated-09 Oct, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated SQL Injection on Smart Polling functionality in Guardian/CMC before 25.2.0

A SQL Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized data.

Action-Not Available
Vendor-nozominetworksNozomi Networks
Product-guardiancmcGuardianCMC
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-40887
Matching Score-8
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-8
Assigner-Nozomi Networks Inc.
CVSS Score-6||MEDIUM
EPSS-0.22% / 12.87%
||
7 Day CHG+0.01%
Published-07 Oct, 2025 | 12:37
Updated-09 Oct, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated SQL Injection on Alert functionality in Guardian/CMC before 25.2.0

A SQL Injection vulnerability was discovered in the Alert functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized data.

Action-Not Available
Vendor-nozominetworksNozomi Networks
Product-guardiancmcGuardianCMC
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-22378
Matching Score-8
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-8
Assigner-Nozomi Networks Inc.
CVSS Score-8.7||HIGH
EPSS-0.51% / 39.59%
||
7 Day CHG~0.00%
Published-09 Aug, 2023 | 08:01
Updated-20 Sep, 2024 | 11:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Blind SQL Injection on sorting in Guardian/CMC before 22.6.2

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application. Authenticated users may be able to extract arbitrary information from the DBMS in an uncontrolled way, alter its structure and data, and/or affect its availability.

Action-Not Available
Vendor-nozominetworksNozomi Networks
Product-cmcguardianGuardianCMC
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-40897
Matching Score-6
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-6
Assigner-Nozomi Networks Inc.
CVSS Score-7.2||HIGH
EPSS-0.33% / 24.36%
||
7 Day CHG~0.00%
Published-15 Apr, 2026 | 08:18
Updated-09 Jun, 2026 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect authorization for Threat Intelligence in Guardian/CMC before 26.0.0

An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform administrative actions on it, altering the rules configuration, and/or affecting their availability.

Action-Not Available
Vendor-Nozomi NetworksSiemens AG
Product-GuardianCMCRUGGEDCOM APE1808
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-3719
Matching Score-6
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-6
Assigner-Nozomi Networks Inc.
CVSS Score-7.2||HIGH
EPSS-0.25% / 16.16%
||
7 Day CHG+0.01%
Published-07 Oct, 2025 | 12:34
Updated-09 Oct, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect authorization for CLI in Guardian/CMC before 25.2.0

An access control vulnerability was discovered in the CLI functionality due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can issue administrative CLI commands, altering the device configuration, and/or affecting its availability.

Action-Not Available
Vendor-nozominetworksNozomi Networks
Product-guardiancmcGuardianCMC
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-1501
Matching Score-6
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-6
Assigner-Nozomi Networks Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 9.06%
||
7 Day CHG~0.00%
Published-26 Aug, 2025 | 10:25
Updated-26 Aug, 2025 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect authorization for traces request/download in CMC before 25.1.0

An access control vulnerability was discovered in the Request Trace and Download Trace functionalities of CMC before 25.1.0 due to a specific access restriction not being properly enforced for users with limited privileges. An authenticated user with limited privileges can request and download trace files due to improper access restrictions, potentially exposing unauthorized network data.

Action-Not Available
Vendor-Nozomi Networks
Product-CMC
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-4465
Matching Score-6
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-6
Assigner-Nozomi Networks Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.22% / 12.64%
||
7 Day CHG~0.00%
Published-11 Sep, 2024 | 14:45
Updated-20 Sep, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect authorization for Reports configuration in Guardian/CMC before 24.2.0

An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges. If a logged-in user with reporting privileges learns how to create a specific application request, they might be able to make limited changes to the reporting configuration. This could result in a partial loss of data integrity. In Guardian/CMC instances with a reporting configuration, there could be limited Denial of Service (DoS) impacts, as the reports may not reach their intended destination, and there could also be limited information disclosure impacts. Furthermore, modifying the destination SMTP server for the reports could lead to the compromise of external credentials, as they might be sent to an unauthorized server. This could expand the scope of the attack.

Action-Not Available
Vendor-nozominetworksNozomi Networks
Product-cmcguardianGuardianCMC
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-26145
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.39% / 31.29%
||
7 Day CHG~0.00%
Published-21 Feb, 2024 | 17:19
Updated-05 Feb, 2025 | 22:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uninvited user is able to join and mark the attendance of the the private event

Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on Discourse. Uninvited users are able to gain access to private events by crafting a request to update their attendance. This problem is resolved in commit dfc4fa15f340189f177a1d1ab2cc94ffed3c1190. As a workaround, one may use post visibility to limit access.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-calendardiscourse-calendar
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-23451
Matching Score-4
Assigner-Elastic
ShareView Details
Matching Score-4
Assigner-Elastic
CVSS Score-4.4||MEDIUM
EPSS-0.43% / 34.94%
||
7 Day CHG~0.00%
Published-27 Mar, 2024 | 18:03
Updated-04 Feb, 2025 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Elasticsearch Incorrect Authorization in the Remote Cluster Security API key based security model

Incorrect Authorization issue exists in the API key based security model for Remote Cluster Security, which is currently in Beta, in Elasticsearch 8.10.0 and before 8.13.0. This allows a malicious user with a valid API key for a remote cluster configured to use the new Remote Cluster Security to read arbitrary documents from any index on the remote cluster, and only if they use the Elasticsearch custom transport protocol to issue requests with the target index ID, the shard ID and the document ID. None of Elasticsearch REST API endpoints are affected by this issue.

Action-Not Available
Vendor-Elasticsearch BV
Product-elasticsearchElasticsearch
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-57951
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-0.25% / 15.80%
||
7 Day CHG~0.00%
Published-29 Jun, 2026 | 17:20
Updated-01 Jul, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mythic < 3.4.0.60 - Broken Permission Filter in payload_build_step Table

Mythic before 3.4.0.60 contains a broken hasura permission filter on the payload_build_step table with an always-satisfied _or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payload_build_step to read step_stdout, step_stderr, step_name, and step_description across all operations on the server.

Action-Not Available
Vendor-its-a-featureits-a-feature
Product-mythicMythic
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-53577
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 17.65%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 20:52
Updated-01 Jul, 2026 | 12:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kestra: Cross-Execution File Read via Preview Endpoint (IDOR)

Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the previewFileFromExecution endpoint (GET /api/v1/{tenant}/executions/{executionId}/file/preview) contains an access control bypass that allows any authenticated user to read output files from any other execution within the same tenant, bypassing execution-level and namespace-level isolation. This vulnerability is fixed in 1.0.45 and 1.3.21.

Action-Not Available
Vendor-kestrakestra-io
Product-kestrakestra
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-54324
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 19.23%
||
7 Day CHG~0.00%
Published-23 Jun, 2026 | 18:07
Updated-25 Jun, 2026 | 13:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Daytona: Cross-tenant data leak in notification WebSocket gateway via unverified organizationId join

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, a cross-tenant authorization flaw in Daytona's notification WebSocket gateway allowed any authenticated user to subscribe to another organization's realtime notification channel and passively receive that organization's events. This vulnerability is fixed in 0.185.0.

Action-Not Available
Vendor-daytonaio
Product-daytona
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-1639
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.39% / 31.39%
||
7 Day CHG~0.00%
Published-21 Jun, 2024 | 02:05
Updated-08 Apr, 2026 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
License Manager for WooCommerce <= 3.0.6 - Improper Authorization to Authenticated(Contributor+) Sensitive Information Exposure

The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showLicenseKey() and showAllLicenseKeys() functions in all versions up to, and including, 3.0.6. This makes it possible for authenticated attackers, with admin dashboard access (contributors by default due to WooCommerce) to view arbitrary decrypted license keys. The functions contain a referrer nonce check. However, these can be retrieved via the dashboard through the "license" JS variable. Please note that the version in trunk is patched, however, the 3.0.7 tagged version is not.

Action-Not Available
Vendor-wpexpertssaadiqbal
Product-license_manager_for_woocommerceLicense Manager for WooCommerce
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-46362
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-0.30% / 22.06%
||
7 Day CHG~0.00%
Published-15 May, 2026 | 18:36
Updated-28 May, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
phpMyFAQ - Authorization Bypass in Admin Pages via Non-Terminating Permission Check

phpMyFAQ before 4.1.2 contains an authorization bypass vulnerability in AbstractAdministrationController::userHasPermission() that fails to terminate execution after sending a forbidden response. Attackers can access all permission-protected admin pages by requesting their URLs as authenticated users, exposing admin logs, user data, system information, and application configuration.

Action-Not Available
Vendor-Thorsten Rinne (phpMyFAQ)
Product-phpmyfaq
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-45042
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.21% / 10.86%
||
7 Day CHG~0.00%
Published-28 May, 2026 | 18:32
Updated-29 May, 2026 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RustFS: UploadPartCopy Does Not Enforce Destination Bucket Policy on Copy Source

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper authorization in the UploadPartCopy operation allows copying objects across buckets without enforcing destination bucket restrictions on allowed copy sources. The implementation validates GetObject permission on the source bucket and PutObject on the destination bucket independently, but does not enforce any policy constraints on whether the destination bucket permits the specified copy source. This enables unauthorized cross-bucket data movement. This vulnerability is fixed in 1.0.0-beta.2.

Action-Not Available
Vendor-rustfs
Product-rustfs
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-45081
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 10.07%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 17:18
Updated-01 Jun, 2026 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Frappe HR: Permission Bypass in HRMS Leave Details API

Frappe HR is an open-source human resources management solution (HRMS). Prior to 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks. This vulnerability is fixed in 16.5.0.

Action-Not Available
Vendor-frappe
Product-hrms
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-44735
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 18.57%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 19:32
Updated-29 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenProject: Shares API Information Disclosure

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the GET /api/v3/shares endpoint returns share details for ALL work packages in a project to any user with the view_shared_work_packages permission. The authorization check operates at the project level only — it does not verify the requesting user can actually view each individual shared work package. This allows a regular project member to discover work package IDs and subjects (including confidential titles), which users have been granted shared access, what role level was assigned (Editor, Commenter, Viewer). This vulnerability is fixed in 17.3.2 and 17.4.0.

Action-Not Available
Vendor-opf
Product-openproject
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-42610
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 20.74%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 15:19
Updated-12 May, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Grav: Sensitive Information Disclosure via Accounts Service Bypass

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged user (EX: Content Editor with only pages.update permissions) can bypass the existing Twig sandbox restrictions by utilizing the grav['accounts'] service. Attacker can programmatically load administrative user objects and extract sensitive data, including Bcrypt password hashes and the security salt. This vulnerability is fixed in 2.0.0-beta.2.

Action-Not Available
Vendor-getgravgetgrav
Product-gravgrav
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-42357
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 22.96%
||
7 Day CHG~0.00%
Published-17 Jun, 2026 | 08:56
Updated-17 Jun, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache DolphinScheduler: Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access.

Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access. This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-dolphinschedulerApache DolphinScheduler
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-42572
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 7.87%
||
7 Day CHG~0.00%
Published-14 May, 2026 | 16:58
Updated-27 May, 2026 | 20:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hatchet: Cross-tenant information disclosure in `listTasksByDAGIds`

Hatchet is a platform for orchestrating background tasks, AI agents, and durable workflows at scale. Prior to 0.83.39, a missing authorization directive on the GET /api/v1/stable/dags/tasks endpoint caused Hatchet's tenant-membership check to be skipped for this route. A user authenticated to any tenant on the same Hatchet instance could query the endpoint with another tenant's UUID and a DAG UUID belonging to that tenant, and receive task metadata for that DAG. This vulnerability is fixed in 0.83.39.

Action-Not Available
Vendor-hatchethatchet-dev
Product-hatchethatchet
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-12539
Matching Score-4
Assigner-Elastic
ShareView Details
Matching Score-4
Assigner-Elastic
CVSS Score-6||MEDIUM
EPSS-0.39% / 31.23%
||
7 Day CHG~0.00%
Published-17 Dec, 2024 | 20:50
Updated-04 Feb, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Elasticsearch Incorrect Authorization

An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security in Elasticsearch and get access to documents that their roles would normally not allow.

Action-Not Available
Vendor-Elasticsearch BV
Product-elasticsearchElasticsearch
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-42883
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 10.57%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 19:51
Updated-19 May, 2026 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Audiobookshelf: Cross-library file exfiltration via unscoped bulk download endpoint

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/libraries/:id/download endpoint validates that the requesting user has access to the library specified in the URL path, but fetches downloadable items solely by attacker-provided IDs without constraining them to that library. An authenticated user with download permission and access to any one library can exfiltrate the full file contents of items belonging to any other library, including libraries they are explicitly denied access to. This vulnerability is fixed in 2.32.2.

Action-Not Available
Vendor-advplyr
Product-audiobookshelf
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-42137
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.30% / 22.11%
||
7 Day CHG~0.00%
Published-09 May, 2026 | 03:38
Updated-18 May, 2026 | 13:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kirby: `pages.access/list` and `files.access/list` permissions are not consistently checked in the REST API and changes dialog

Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, `pages.access/list` and `files.access/list` permissions are not consistently checked in the Panel and REST API. This issue has been patched in versions 4.9.0 and 5.4.0.

Action-Not Available
Vendor-getkirbygetkirby
Product-kirbykirby
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-39966
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 16.93%
||
7 Day CHG~0.00%
Published-22 May, 2026 | 18:12
Updated-22 May, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TypeBot: Async filter() bypasses authorization, allowing IDOR in getLinkedTypebots and leaking cross-workspace bot definitions

TypeBot is a chatbot builder tool. In versions 3.15.2, the getLinkedTypebots API endpoint returns full bot definitions to any authenticated user who references a target bot ID in a Typebot Link block, regardless of workspace ownership, leading to IDOR. The authorization check uses Array.filter() with an async callback — since filter() is synchronous, the callback always returns a truthy Promise, so the access control predicate is never actually evaluated. Any authenticated Typebot user can read the full definition of any other workspace's private bots, including: all conversation blocks and logic flow, variable values embedded in the bot (credentials, API keys, PII), webhook URLs and integration configurations. This issue has been fixed in version 3.16.0.

Action-Not Available
Vendor-baptisteArno
Product-typebot.io
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-35657
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-0.23% / 14.04%
||
7 Day CHG~0.00%
Published-10 Apr, 2026 | 16:03
Updated-23 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.3.25 - Authorization Bypass in HTTP Session History Route

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history route that skips operator.read scope validation. Attackers can access session history without proper operator read permissions by sending HTTP requests to the vulnerable endpoint.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-33469
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 15.69%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 17:05
Updated-31 Mar, 2026 | 13:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Authenticated Frigate users can read the full unredacted configuration via `/api/config/raw

Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In version 0.17.0, an authenticated non-admin user can retrieve the full raw Frigate configuration through `/api/config/raw`. This exposes sensitive values that are intentionally redacted from `/api/config`, including camera credentials, go2rtc stream credentials, MQTT passwords, proxy secrets, and any other secrets stored in `config.yml`. This appears to be a broken access control issue introduced by the admin-by-default API refactor: `/api/config/raw_paths` is admin-only, but `/api/config/raw` is still accessible to any authenticated user. Version 0.17.1 contains a patch.

Action-Not Available
Vendor-frigateblakeblackshear
Product-frigatefrigate
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-33676
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 24.87%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 15:35
Updated-27 Mar, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vikunja has Cross-Project Information Disclosure via Task Relations — Missing Authorization Check on Related Task Read

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.1, when the Vikunja API returns tasks, it populates the `related_tasks` field with full task objects for all related tasks without checking whether the requesting user has read permission on those tasks' projects. An authenticated user who can read a task that has cross-project relations will receive full details (title, description, due dates, priority, percent completion, project ID, etc.) of tasks in projects they have no access to. Version 2.2.1 patches the issue.

Action-Not Available
Vendor-vikunjago-vikunja
Product-vikunjavikunja
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-32761
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.42% / 34.13%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 23:45
Updated-23 Mar, 2026 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Browser has an Authorization Policy Bypass in its Public Share Download Flow

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.0 and below contain a permission enforcement bypass which allows users who are denied download privileges (perm.download = false) but granted share privileges (perm.share = true) to exfiltrate file content by creating public share links. While the direct raw download endpoint (/api/raw/) correctly enforces the download permission, the share creation endpoint only checks Perm.Share, and the public download handler (/api/public/dl/<hash>) serves file content without verifying that the original file owner has download permission. This means any authenticated user with share access can circumvent download restrictions by sharing a file and then retrieving it via the unauthenticated public download URL. The vulnerability undermines data-loss prevention and role-separation policies, as restricted users can publicly distribute files they are explicitly blocked from downloading directly. This issue has been fixed in version 2.62.0.

Action-Not Available
Vendor-filebrowserfilebrowser
Product-filebrowserfilebrowser
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-33343
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||NONE
EPSS-0.21% / 11.30%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 13:23
Updated-26 Mar, 2026 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
etcd: Nested etcd transactions bypass RBAC authorization checks

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, an authenticated user with RBAC restricted permissions on key ranges can use nested transactions to bypass all key-level authorization. This allows any authenticated user with direct access to etcd to effectively ignore all key range restrictions, accessing the entire etcd data store. Kubernetes does not rely on etcd’s built-in authentication and authorization. Instead, the API server handles authentication and authorization itself, so typical Kubernetes deployments are not affected. Versions 3.4.42, 3.5.28, and 3.6.9 contain a patch. If upgrading is not immediately possible, reduce exposure by treating the affected RPCs as unauthenticated in practice. Restrict network access to etcd server ports so only trusted components can connect and require strong client identity at the transport layer, such as mTLS with tightly scoped client certificate distribution.

Action-Not Available
Vendor-etcdetcd-io
Product-etcdetcd
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-33421
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.40% / 31.64%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 18:14
Updated-25 Mar, 2026 | 21:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Parse Server: LiveQuery bypasses CLP pointer permission enforcement

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.53 and 9.6.0-alpha.42, Parse Server's LiveQuery WebSocket interface does not enforce Class-Level Permission (CLP) pointer permissions (readUserFields and pointerFields). Any authenticated user can subscribe to LiveQuery events and receive real-time updates for all objects in classes protected by pointer permissions, regardless of whether the pointer fields on those objects point to the subscribing user. This bypasses the intended read access control, allowing unauthorized access to potentially sensitive data that is correctly restricted via the REST API. This issue has been patched in versions 8.6.53 and 9.6.0-alpha.42.

Action-Not Available
Vendor-parseplatformparse-community
Product-parse-serverparse-server
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-33428
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.27% / 19.22%
||
7 Day CHG~0.00%
Published-20 Mar, 2026 | 23:21
Updated-25 Mar, 2026 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discourse Allows Unauthorized Access to Deleted Posts Index via Group Membership

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a non-staff user with elevated group membership could access deleted posts belonging to any user due to an overly broad authorization check on the deleted posts index endpoint. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-32027
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-0.24% / 14.72%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 22:07
Updated-23 Jun, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.2.26 - Improper Authorization via DM Pairing Store Identity Inheritance in Group Allowlist

OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where DM pairing-store identities are incorrectly eligible for group allowlist authorization checks. Attackers can exploit this cross-context authorization flaw by using a sender approved via DM pairing to satisfy group sender allowlist checks without explicit presence in groupAllowFrom, bypassing group message access controls.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-32102
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.43% / 34.64%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 20:05
Updated-17 Mar, 2026 | 15:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OliveTin Unauthorized Action Output Disclosure via EventStream

OliveTin gives access to predefined shell commands from a web interface. In 3000.10.2 and earlier, OliveTin’s live EventStream broadcasts execution events and action output to authenticated dashboard subscribers without enforcing per-action authorization. A low-privileged authenticated user can receive output from actions they are not allowed to view, resulting in broken access control and sensitive information disclosure.

Action-Not Available
Vendor-olivetinOliveTin
Product-olivetinOliveTin
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-32123
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.7||HIGH
EPSS-0.25% / 16.50%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 20:49
Updated-13 Mar, 2026 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenEMR: Therapy Group Sensitivity ACL No Longer Enforced

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, sensitivity checks for group encounters are broken because the code only consults form_encounter for sensitivity, while group encounters store sensitivity in form_groups_encounter. As a result, sensitivity is never correctly applied to group encounters, and users who should be restricted from viewing sensitive (e.g. mental health) encounters can view them. This vulnerability is fixed in 8.0.0.1.

Action-Not Available
Vendor-OpenEMR Foundation, Inc
Product-openemropenemr
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-32108
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-2.3||LOW
EPSS-0.27% / 19.22%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 20:14
Updated-13 Mar, 2026 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Copyparty ftp/sftp: Sharing a single file did not fully restrict source-folder access

Copyparty is a portable file server. Prior to 1.20.12, there was a missing permission-check in the shares feature (the shr global-option). This vulnerability only applies when the shares feature is used for the specific purpose of creating a share of just a single file inside a folder or either the FTP or SFTP server is enabled, and also made publicly accessible. Given these conditions, when a user is browsing a share through either FTP or SFTP (not http or https), they can gain read-access to the remaining files inside the shared folder by guessing/bruteforcing the filenames. It was not possible to descend into subdirectories in this manner; only the sibling files were accessible. This vulnerability is similar to CVE-2025-58753 which was previously fixed for HTTP and HTTPS, but not for FTP. The FTPS server did not yet exist at that time. This vulnerability is fixed in 1.20.12.

Action-Not Available
Vendor-90019001
Product-copypartycopyparty
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-43889
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 11.44%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 21:10
Updated-12 May, 2026 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Outline: Unauthorized Document Publication via Mixed collectionId+documentId Share

Outline is a service that allows for collaborative documentation. Prior to 1.7.0, the shares.create API accepts both collectionId and documentId simultaneously and, when published=false, only verifies read access for each—skipping the "share" permission check. A subsequent shares.update authorizes publication using an OR policy (can share collection OR can share document), so an attacker who holds share permission on one unrelated collection can publish a share that exposes an arbitrary document they cannot legitimately share, making it publicly accessible to unauthenticated users. This vulnerability is fixed in 1.7.0.

Action-Not Available
Vendor-outline
Product-outline
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-28282
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-2.3||LOW
EPSS-0.33% / 25.08%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 21:45
Updated-23 Mar, 2026 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discourse vulnerable to group membership addition permission bypass via discourse-policy plugin

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a security flaw in the discourse-policy plugin which allowed a user with policy creation permission to gain membership access to any private/restricted groups. Once membership to a private/restricted group has been obtained, the user will be able to read private topics that only the group has access to. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. As a workaround, review all policies for the use of `add-users-to-group` and temporarily remove the attribute from the policy. Alternatively, disable the discourse-policy plugin by disabling the `policy_enabled` site setting.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-863
Incorrect Authorization
CVE-2017-10379
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-2.30% / 81.18%
||
7 Day CHG~0.00%
Published-19 Oct, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-n/aMariaDB FoundationOracle CorporationRed Hat, Inc.Debian GNU/LinuxNetApp, Inc.
Product-debian_linuxmariadbenterprise_linux_server_tusenterprise_linux_desktoponcommand_performance_manageroncommand_balanceenterprise_linux_server_ausoncommand_insightoncommand_unified_manageropenstackactive_iq_unified_manageroncommand_workflow_automationenterprise_linux_serverenterprise_linux_workstationmysqlenterprise_linux_eussnapcentern/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2016-6353
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.75% / 50.45%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 13:48
Updated-06 Aug, 2024 | 01:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler.

Action-Not Available
Vendor-clouderan/a
Product-cdhn/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2020-13277
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-6.3||MEDIUM
EPSS-1.85% / 76.48%
||
7 Day CHG~0.00%
Published-19 Jun, 2020 | 17:20
Updated-04 Aug, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-5149
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 14.80%
||
7 Day CHG~0.00%
Published-16 Jun, 2026 | 05:33
Updated-16 Jun, 2026 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RTMKit <= 2.0.7 - Authenticated (Contributor+) Missing Authorization to Arbitrary Form Submission Access via 'entries_id' Parameter

The RTMKit plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.7 This is due to the get_submission_content AJAX endpoint lacking a capability check to verify that a user has permission to access the requested form submission data. This makes it possible for authenticated attackers, with Contributor-level access and above, to view arbitrary form submissions from other users by iterating the entries_id parameter.

Action-Not Available
Vendor-rometheme
Product-RTMKit
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-47090
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.66% / 47.16%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 00:00
Updated-09 Sep, 2024 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access, even when the intention of the configuration was for each user to have an account. The earliest affected version is 2.2.0.

Action-Not Available
Vendor-n/aThe Linux Foundation
Product-nats-servern/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-23513
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.28% / 19.97%
||
7 Day CHG~0.00%
Published-23 Jun, 2026 | 20:11
Updated-26 Jun, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FOSSBilling: Broken Authorization in Client Transaction and Order Listings

FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, a query-construction flaw in client list endpoints allowed authenticated clients to bypass tenant scoping and retrieve other clients’ data. Details In ServiceTransaction::getSearchQuery() and Order\Service::getSearchQuery(), OR-based search/action filters were appended without grouping, allowing SQL operator precedence to evaluate OR clauses independently of the enforced client_id constraint. Crafted requests could therefore return records and metadata belonging to other clients, including identifiers, amounts, status, timestamps, and related fields. This issue was fixed in version 0.8.0.

Action-Not Available
Vendor-FOSSBilling
Product-FOSSBilling
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-48860
Matching Score-4
Assigner-6b3ad84c-e1a6-4bf7-a703-f496b71e49db
ShareView Details
Matching Score-4
Assigner-6b3ad84c-e1a6-4bf7-a703-f496b71e49db
CVSS Score-7.5||HIGH
EPSS-0.19% / 9.33%
||
7 Day CHG~0.00%
Published-10 Jun, 2026 | 14:35
Updated-15 Jun, 2026 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Distribution-over-TLS LAN allowlist silently bypassed due to sockname/peername confusion in inet_tls_dist

Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl (inet_tls_dist module) allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. The inet_tls_dist:check_ip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS, calls inet:sockname/1 instead of inet:peername/1 to obtain the peer's IP address. Because inet:sockname/1 returns the local socket address, both the local IP and the supposed peer IP resolve to the same value, causing the subnet mask comparison to always succeed regardless of the actual remote address. Any holder of a CA-signed TLS certificate can therefore bypass the LAN restriction and gain full Erlang distribution access to the node, including rpc:call/4 and code:load_binary/3. This vulnerability is associated with program file lib/ssl/src/inet_tls_dist.erl. This issue affects OTP from OTP 26.0 before 29.0.2, 28.5.0.2 and 27.3.4.13 corresponding to ssl from 11.0 before 11.7.2, 11.6.0.2 and 11.2.12.9.

Action-Not Available
Vendor-erlangErlang
Product-erlang\/otperlang\/sslOTP
CWE ID-CWE-1025
Comparison Using Wrong Factors
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-28715
Matching Score-4
Assigner-Acronis International GmbH
ShareView Details
Matching Score-4
Assigner-Acronis International GmbH
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 19.89%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 23:52
Updated-12 Mar, 2026 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information disclosure due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.

Action-Not Available
Vendor-Linux Kernel Organization, IncAcronis (Acronis International GmbH)Microsoft Corporation
Product-windowscyber_protectlinux_kernelAcronis Cyber Protect 17
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-44765
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.65% / 46.73%
||
7 Day CHG~0.00%
Published-08 Nov, 2024 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper Authorization (Access Control Misconfiguration) vulnerability in MGT-COMMERCE GmbH CloudPanel v2.0.0 to v2.4.2 allows low-privilege users to bypass access controls and gain unauthorized access to sensitive configuration files and administrative functionality.

Action-Not Available
Vendor-n/amgt-commerce
Product-n/acloudpanel
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-39154
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-0.48% / 38.13%
||
7 Day CHG~0.00%
Published-26 Jul, 2023 | 13:54
Updated-23 Oct, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier allow attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Action-Not Available
Vendor-Jenkins
Product-qualys_web_app_scanning_connectorJenkins Qualys Web App Scanning Connector Plugin
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-25127
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7||HIGH
EPSS-0.26% / 17.82%
||
7 Day CHG~0.00%
Published-25 Feb, 2026 | 01:53
Updated-25 Feb, 2026 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenEMR has Broken Access Control on Care Coordination Module

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the server does not properly validate user permission. Unauthorized users can view the information of authorized users. Version 8.0.0 fixes the issue.

Action-Not Available
Vendor-OpenEMR Foundation, Inc
Product-openemropenemr
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-42220
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 21.62%
||
7 Day CHG~0.00%
Published-04 May, 2026 | 20:08
Updated-06 May, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
nginx-ui: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollback

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, an authenticated user can call GET /api/settings and retrieve sensitive configuration values, including node.secret. The same node.secret is accepted by AuthRequired() through the X-Node-Secret header (or node_secret query parameter), causing the request to be treated as authenticated via the trusted-node path and associated with the init user. This issue has been patched in version 2.3.8.

Action-Not Available
Vendor-Nginx UI (0xJacky)
Product-nginx_uinginx-ui
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-863
Incorrect Authorization
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found