Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-33377

Summary
Assigner-GRAFANA
Assigner Org ID-57da9224-a3e2-4646-9d0e-c4dc2e05e7da
Published At-13 May, 2026 | 19:28
Updated At-22 Jun, 2026 | 16:31
Rejected At-
Credits

Dashboard Import Overwrites ACL — Editor Privilege Escalation to Dashboard Admin

An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GRAFANA
Assigner Org ID:57da9224-a3e2-4646-9d0e-c4dc2e05e7da
Published At:13 May, 2026 | 19:28
Updated At:22 Jun, 2026 | 16:31
Rejected At:
▼CVE Numbering Authority (CNA)
Dashboard Import Overwrites ACL — Editor Privilege Escalation to Dashboard Admin

An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege.

Affected Products
Vendor
Grafana LabsGrafana
Product
Grafana OSS
Default Status
unaffected
Versions
Affected
  • From 8.5.0 through 11.6.14 (semver)
  • From 11.6.14 before 11.6.14+security-04 (custom)
  • From 12.0.0 through 12.2.8 (semver)
  • From 12.2.8 before 12.2.8+security-04 (custom)
  • From 12.3.0 through 12.3.6 (semver)
  • From 12.3.6 before 12.3.6+security-04 (custom)
  • From 12.4.0 through 12.4.3 (semver)
  • From 12.4.3 before 12.4.3+security-02 (custom)
  • From 13.0.0 through 13.0.1 (semver)
  • From 13.0.1 before 13.0.1+security-01 (custom)
Metrics
VersionBase scoreBase severityVector
3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://grafana.com/security/security-advisories/cve-2026-33377
vendor-advisory
Hyperlink: https://grafana.com/security/security-advisories/cve-2026-33377
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-284CWE-284 Improper Access Control
Type: CWE
CWE ID: CWE-284
Description: CWE-284 Improper Access Control
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@grafana.com
Published At:13 May, 2026 | 20:16
Updated At:02 Jun, 2026 | 19:28

An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.1HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
CPE Matches

Grafana Labs
grafana
>>grafana>>Versions from 8.5.0(inclusive) to 11.6.14(exclusive)
cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
Grafana Labs
grafana
>>grafana>>Versions from 12.2.0(inclusive) to 12.2.8(exclusive)
cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
Grafana Labs
grafana
>>grafana>>Versions from 12.3.0(inclusive) to 12.3.6(exclusive)
cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
Grafana Labs
grafana
>>grafana>>Versions from 12.4.0(inclusive) to 12.4.3(exclusive)
cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
Grafana Labs
grafana
>>grafana>>11.6.14
cpe:2.3:a:grafana:grafana:11.6.14:-:*:*:*:*:*:*
Grafana Labs
grafana
>>grafana>>11.6.14
cpe:2.3:a:grafana:grafana:11.6.14:security01:*:*:*:*:*:*
Grafana Labs
grafana
>>grafana>>12.2.8
cpe:2.3:a:grafana:grafana:12.2.8:-:*:*:*:*:*:*
Grafana Labs
grafana
>>grafana>>12.2.8
cpe:2.3:a:grafana:grafana:12.2.8:security01:*:*:*:*:*:*
Grafana Labs
grafana
>>grafana>>12.3.6
cpe:2.3:a:grafana:grafana:12.3.6:-:*:*:*:*:*:*
Grafana Labs
grafana
>>grafana>>12.3.6
cpe:2.3:a:grafana:grafana:12.3.6:security01:*:*:*:*:*:*
Grafana Labs
grafana
>>grafana>>12.4.3
cpe:2.3:a:grafana:grafana:12.4.3:-:*:*:*:*:*:*
Grafana Labs
grafana
>>grafana>>13.0.0
cpe:2.3:a:grafana:grafana:13.0.0:*:*:*:*:*:*:*
Grafana Labs
grafana
>>grafana>>13.0.1
cpe:2.3:a:grafana:grafana:13.0.1:-:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-287Primarynvd@nist.gov
CWE-284Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-287
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-284
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://grafana.com/security/security-advisories/cve-2026-33377security@grafana.com
Vendor Advisory
Hyperlink: https://grafana.com/security/security-advisories/cve-2026-33377
Source: security@grafana.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

24Records found

CVE-2026-33381
Matching Score-6
Assigner-Grafana Labs
ShareView Details
Matching Score-6
Assigner-Grafana Labs
CVSS Score-5.9||MEDIUM
EPSS-0.24% / 15.59%
||
7 Day CHG~0.00%
Published-13 May, 2026 | 19:28
Updated-22 Jun, 2026 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Users can generate Service Account tokens after permissions removal

When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this.

Action-Not Available
Vendor-Grafana Labs
Product-grafanaGrafana OSS
CWE ID-CWE-284
Improper Access Control
CVE-2026-28381
Matching Score-6
Assigner-Grafana Labs
ShareView Details
Matching Score-6
Assigner-Grafana Labs
CVSS Score-9.6||CRITICAL
EPSS-0.21% / 10.57%
||
7 Day CHG~0.00%
Published-22 Jun, 2026 | 13:20
Updated-30 Jun, 2026 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local File Read/Write to Potential Privilege Escalation via Snowflake GET/PUT

The Snowflake datasource allows for GET/PUT commands, which can allow any user with access to run queries against the data source to read/write files between the local grafana server and the connected Snowflake host.

Action-Not Available
Vendor-Grafana Labs
Product-snowflakeSnowflake Datasource
CWE ID-CWE-284
Improper Access Control
CVE-2022-44643
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.47% / 37.54%
||
7 Day CHG~0.00%
Published-21 Dec, 2022 | 01:21
Updated-15 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Access policy with access to all tenants and using label selectors has more access

A vulnerability in the label-based access control of Grafana Labs Grafana Enterprise Metrics allows an attacker more access than intended. If an access policy which has label selector restrictions also has been granted access to all tenants in the system, the label selector restrictions will not be applied when using this policy with the affected versions of the software. This issue affects: Grafana Labs Grafana Enterprise Metrics GEM 1.X versions prior to 1.7.1 on AMD64; GEM 2.X versions prior to 2.3.1 on AMD64.

Action-Not Available
Vendor-n/aAdvanced Micro Devices, Inc.Grafana Labs
Product-amd64enterprise_metricsn/a
CWE ID-CWE-284
Improper Access Control
CVE-2025-3580
Matching Score-6
Assigner-Grafana Labs
ShareView Details
Matching Score-6
Assigner-Grafana Labs
CVSS Score-5.5||MEDIUM
EPSS-0.38% / 29.77%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 13:44
Updated-17 Jul, 2025 | 10:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server administrator account. This vulnerability exists in the DELETE /api/org/users/ endpoint. The vulnerability can be exploited when: 1. An Organization administrator exists 2. The Server administrator is either: - Not part of any organization, or - Part of the same organization as the Organization administrator Impact: - Organization administrators can permanently delete Server administrator accounts - If the only Server administrator is deleted, the Grafana instance becomes unmanageable - No super-user permissions remain in the system - Affects all users, organizations, and teams managed in the instance The vulnerability is particularly serious as it can lead to a complete loss of administrative control over the Grafana instance.

Action-Not Available
Vendor-Grafana Labs
Product-Grafana
CWE ID-CWE-284
Improper Access Control
CVE-2026-28374
Matching Score-6
Assigner-Grafana Labs
ShareView Details
Matching Score-6
Assigner-Grafana Labs
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 9.79%
||
7 Day CHG~0.00%
Published-13 May, 2026 | 19:28
Updated-22 Jun, 2026 | 16:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IDOR in Annotations API allows unprivileged users to DELETE annotation

Editors could delete any annotation, even those they do not have read access to. The editor user cannot create or read the annotations.

Action-Not Available
Vendor-Grafana Labs
Product-grafanaGrafana OSS
CWE ID-CWE-284
Improper Access Control
CVE-2023-2183
Matching Score-6
Assigner-Grafana Labs
ShareView Details
Matching Score-6
Assigner-Grafana Labs
CVSS Score-4.1||MEDIUM
EPSS-1.03% / 59.42%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 18:04
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access to this function. This might enable malicious users to abuse the functionality by sending multiple alert messages to e-mail and Slack, spamming users, prepare Phishing attack or block SMTP server. Users may upgrade to version 9.5.3, 9.4.12, 9.3.15, 9.2.19 and 8.5.26 to receive a fix.

Action-Not Available
Vendor-Grafana Labs
Product-grafanaGrafana EnterpriseGrafana
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-862
Missing Authorization
CVE-2022-39229
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.82% / 52.76%
||
7 Day CHG~0.00%
Published-13 Oct, 2022 | 00:00
Updated-23 Apr, 2025 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Grafana users with email as a username can block other users from signing in

Grafana is an open source data visualization platform for metrics, logs, and traces. Versions prior to 9.1.8 and 8.5.14 allow one user to block another user's login attempt by registering someone else'e email address as a username. A Grafana user’s username and email address are unique fields, that means no other user can have the same username or email address as another user. A user can have an email address as a username. However, the login system allows users to log in with either username or email address. Since Grafana allows a user to log in with either their username or email address, this creates an usual behavior where `user_1` can register with one email address and `user_2` can register their username as `user_1`’s email address. This prevents `user_1` logging into the application since `user_1`'s password won’t match with `user_2`'s email address. Versions 9.1.8 and 8.5.14 contain a patch. There are no workarounds for this issue.

Action-Not Available
Vendor-Grafana Labs
Product-grafanagrafana
CWE ID-CWE-287
Improper Authentication
CVE-2022-32276
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.49% / 87.70%
||
7 Day CHG~0.00%
Published-17 Jun, 2022 | 11:38
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Grafana 8.4.3 allows unauthenticated access via (for example) a /dashboard/snapshot/*?orgId=0 URI. NOTE: the vendor considers this a UI bug, not a vulnerability

Action-Not Available
Vendor-n/aGrafana Labs
Product-grafanan/a
CWE ID-CWE-287
Improper Authentication
CVE-2018-15727
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-64.28% / 99.13%
||
7 Day CHG~0.00%
Published-29 Aug, 2018 | 15:00
Updated-05 Aug, 2024 | 10:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.

Action-Not Available
Vendor-n/aRed Hat, Inc.Grafana Labs
Product-ceph_storagegrafanan/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-39226
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-99.89% / 99.96%
||
7 Day CHG~0.00%
Published-05 Oct, 2021 | 17:30
Updated-24 Oct, 2025 | 14:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-09-15||Apply updates per vendor instructions.
Snapshot authentication bypass in grafana

Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "public_mode" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot "public_mode" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects.

Action-Not Available
Vendor-Fedora ProjectGrafana Labs
Product-fedoragrafanagrafanaGrafana
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-862
Missing Authorization
CVE-2026-56257
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-7.1||HIGH
EPSS-0.18% / 8.00%
||
7 Day CHG~0.00%
Published-24 Jun, 2026 | 11:53
Updated-25 Jun, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Capgo - Authorization Bypass in App Ownership Transfer via Direct PostgREST Update

Capgo before 12.128.2 allows direct patching of public.apps.owner_org through PostgREST, bypassing the transfer_app() workflow and creating split-brain ownership. Attackers can directly update apps.owner_org while leaving app_versions.owner_org unchanged, enabling old-org keys to retain access to version data while new-org keys control the app record.

Action-Not Available
Vendor-Capgo
Product-Capgo
CWE ID-CWE-284
Improper Access Control
CVE-2026-30926
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.31% / 22.91%
||
7 Day CHG~0.00%
Published-09 Mar, 2026 | 21:07
Updated-13 Mar, 2026 | 17:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SiYuan Note publish service authorization bypass allows low-privilege users to modify notebook content

SiYuan is a personal knowledge management system. Prior to 3.5.10, a privilege escalation vulnerability exists in the publish service of SiYuan Note that allows low-privilege publish accounts (RoleReader) to modify notebook content via the /api/block/appendHeadingChildren API endpoint. The endpoint requires only the model.CheckAuth role, which accepts RoleReader sessions, but it does not enforce stricter checks, such as CheckAdminRole or CheckReadonly. This allows remote authenticated publish users with read-only privileges to append new blocks to existing documents, compromising the integrity of stored notes.

Action-Not Available
Vendor-b3logsiyuan-note
Product-siyuansiyuan
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-862
Missing Authorization
CVE-2022-48615
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-4.8||MEDIUM
EPSS-0.30% / 21.82%
||
7 Day CHG~0.00%
Published-12 Dec, 2023 | 07:23
Updated-03 Aug, 2024 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper access control vulnerability exists in a Huawei datacom product. Attackers can exploit this vulnerability to obtain partial device information.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-ar617vwar617vw_firmwareAR6000
CWE ID-CWE-284
Improper Access Control
CVE-2026-29077
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.19% / 9.13%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 20:22
Updated-09 Mar, 2026 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Frappe: Broken Access Control in DocShare

Frappe is a full-stack web application framework. Prior to versions 15.98.0 and 14.100.0, due to a lack of validation when sharing documents, a user could share a document with a permission that they themselves didn't have. This issue has been patched in versions 15.98.0 and 14.100.0.

Action-Not Available
Vendor-frappefrappe
Product-frappefrappe
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-602
Client-Side Enforcement of Server-Side Security
CVE-2026-39411
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5||MEDIUM
EPSS-0.13% / 2.60%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 19:37
Updated-20 Apr, 2026 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LobeHub has an unauthenticated authentication bypass on `webapi` routes via forgeable `X-lobe-chat-auth` header

LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.48, the webapi authentication layer trusts a client-controlled X-lobe-chat-auth header that is only XOR-obfuscated, not signed or otherwise authenticated. Because the XOR key is hardcoded in the repository, an attacker can forge arbitrary auth payloads and bypass authentication on protected webapi routes. Affected routes include /webapi/chat/[provider], /webapi/models/[provider], /webapi/models/[provider]/pull, and /webapi/create-image/comfyui. This vulnerability is fixed in 2.1.48.

Action-Not Available
Vendor-lobehublobehub
Product-lobehublobehub
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-290
Authentication Bypass by Spoofing
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2026-32246
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.5||HIGH
EPSS-0.27% / 18.64%
||
7 Day CHG~0.00%
Published-12 Mar, 2026 | 18:59
Updated-19 Mar, 2026 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tinyauth vulnerable to TOTP/2FA bypass via OIDC authorize endpoint

Tinyauth is an authentication and authorization server. Prior to 5.0.3, the OIDC authorization endpoint allows users with a TOTP-pending session (password verified, TOTP not yet completed) to obtain authorization codes. An attacker who knows a user's password but not their TOTP secret can obtain valid OIDC tokens, completely bypassing the second factor. This vulnerability is fixed in 5.0.3.

Action-Not Available
Vendor-tinyauthsteveiliop56
Product-tinyauthtinyauth
CWE ID-CWE-287
Improper Authentication
CVE-2021-20593
Matching Score-4
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-4
Assigner-Mitsubishi Electric Corporation
CVSS Score-7.1||HIGH
EPSS-0.85% / 53.79%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 13:30
Updated-03 Aug, 2024 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.2.50 to Ver. 3.35, GB-50A Ver.2.50 to Ver. 3.35, AG-150A-A Ver.3.20 and prior, AG-150A-J Ver.3.20 and prior, GB-50ADA-A Ver.3.20 and prior, GB-50ADA-J Ver.3.20 and prior, EB-50GU-A Ver 7.09 and prior, EB-50GU-J Ver 7.09 and prior, AE-200A Ver 7.93 and prior, AE-200E Ver 7.93 and prior, AE-50A Ver 7.93 and prior, AE-50E Ver 7.93 and prior, EW-50A Ver 7.93 and prior, EW-50E Ver 7.93 and prior, TE-200A Ver 7.93 and prior, TE-50A Ver 7.93 and prior, TW-50A Ver 7.93 and prior, CMS-RMD-J Ver.1.30 and prior) and Air Conditioning System/Expansion Controllers (PAC-YG50ECA Ver.2.20 and prior) allows a remote authenticated attacker to impersonate administrators to disclose configuration information of the air conditioning system and tamper information (e.g. operation information and configuration of air conditioning system) by exploiting this vulnerability.

Action-Not Available
Vendor-n/aMitsubishi Electric Corporation
Product-ae-200a_firmwareae-50agb-50aae-200ete-200atw-50acms-rmd-j_firmwareg-50aag-150a-j_firmwareae-50epac-yg50ecaeb-50gu-apac-yg50eca_firmwareae-50a_firmwaregb-50ada-aeb-50gu-j_firmwarete-200a_firmwaregb-50a_firmwareew-50e_firmwarete-50a_firmwaretw-50a_firmwareae-200e_firmwareew-50ag-50a_firmwareeb-50gu-jcms-rmd-jag-150a-a_firmwareew-50a_firmwareew-50eeb-50gu-a_firmwaregb-50ada-a_firmwareae-200ate-50aag-150a-jag-150a-agb-50ada-j_firmwareae-50e_firmwaregb-50ada-jAir Conditioning System/Centralized Controllers G-50A; GB-50A; AG-150A-A; AG-150A-J; GB-50ADA-A; GB-50ADA-J; EB-50GU-A; EB-50GU-J; AE-200A; AE-200E; AE-50A; AE-50E; EW-50A; EW-50E; TE-200A; TE-50A; TW-50A; CMS-RMD-J; Air Conditioning System/Expansion Controllers PAC-YG50ECA
CWE ID-CWE-287
Improper Authentication
CVE-2022-36093
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.5||HIGH
EPSS-0.66% / 47.14%
||
7 Day CHG~0.00%
Published-08 Sep, 2022 | 17:25
Updated-23 Apr, 2025 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard

XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2 and 13.10.4, this can also be exploited on a private wiki, thus potentially giving the attacker access to the wiki. Depending on the configured default rights of users, this could also give attackers write access to an otherwise read-only public wiki. Users can also be created when an external authentication system like LDAP is configured, but authentication fails unless the authentication system supports a bypass/local accounts are enabled in addition to the external authentication system. This issue has been patched in XWiki 13.10.5 and 14.3RC1. As a workaround, one may replace `xpart.vm`, the entry point for this attack, by a patched version from the patch without updating XWiki.

Action-Not Available
Vendor-XWiki SAS
Product-xwikixwiki-platform
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2022-33926
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.44% / 35.30%
||
7 Day CHG~0.00%
Published-10 Aug, 2022 | 16:30
Updated-17 Sep, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Wyse Management Suite 3.6.1 and below contains an improper access control vulnerability. A remote malicious user could exploit this vulnerability in order to retain access to a file repository after it has been revoked.

Action-Not Available
Vendor-Dell Inc.
Product-wyse_management_suiteWyse Management Suite
CWE ID-CWE-284
Improper Access Control
CVE-2025-66736
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.27% / 18.44%
||
7 Day CHG~0.00%
Published-22 Dec, 2025 | 00:00
Updated-06 Jan, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which may allow regular users to import user data into the database, resulting in an authorization bypass vulnerability.

Action-Not Available
Vendor-youlain/a
Product-youlai-bootn/a
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-862
Missing Authorization
CVE-2022-28753
Matching Score-4
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-4
Assigner-Zoom Video Communications, Inc.
CVSS Score-7.1||HIGH
EPSS-0.46% / 36.53%
||
7 Day CHG~0.00%
Published-11 Aug, 2022 | 14:55
Updated-16 Sep, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom On-Premise Deployments: Improper Access Control Vulnerability

Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the waiting room, and can become host and cause other meeting disruptions.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_connectorZoom On-Premise Meeting Connector MMR
CWE ID-CWE-284
Improper Access Control
CVE-2021-28507
Matching Score-4
Assigner-Arista Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Arista Networks, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.67% / 47.41%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 19:04
Updated-17 Sep, 2024 | 04:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent.

An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent.

Action-Not Available
Vendor-Arista Networks, Inc.
Product-eosEOS
CWE ID-CWE-284
Improper Access Control
CVE-2022-28754
Matching Score-4
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-4
Assigner-Zoom Video Communications, Inc.
CVSS Score-7.1||HIGH
EPSS-0.49% / 38.32%
||
7 Day CHG~0.00%
Published-11 Aug, 2022 | 14:55
Updated-16 Sep, 2024 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom On-Premise Deployments: Improper Access Control Vulnerability

Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the waiting room, and can become host and cause other meeting disruptions.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_connectorZoom On-Premise Meeting Connector MMR
CWE ID-CWE-284
Improper Access Control
CVE-2024-36989
Matching Score-4
Assigner-Splunk Inc.
ShareView Details
Matching Score-4
Assigner-Splunk Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 19.50%
||
7 Day CHG~0.00%
Published-01 Jul, 2024 | 16:30
Updated-28 Feb, 2025 | 11:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Low-privileged user could create notifications in Splunk Web Bulletin Messages

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, a low-privileged user that does not hold the admin or power Splunk roles could create notifications in Splunk Web Bulletin Messages that all users on the instance receive.

Action-Not Available
Vendor-Splunk LLC (Cisco Systems, Inc.)
Product-cloudsplunkSplunk Cloud PlatformSplunk Enterprise
CWE ID-CWE-284
Improper Access Control
Details not found