Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: cwe-863 Clear
ID Title
CVE-2026-44838 Authorization Flaw in rabbitmq (CVE-2026-44838)
vulnerability in rabbitmq (CVE-2026-44838). Confidential information can be exposed externally. Mitigation: upgrade to `4.2.4` or later.
CVE-2026-42280 Authorization Flaw in auth0-js (CVE-2026-42280)
vulnerability in auth0-js (CVE-2026-42280). Confidential information can be exposed externally. Mitigation: upgrade to `10.0.0` or later.
CVE-2024-47272 Authorization Flaw in synology (CVE-2024-47272)
vulnerability in synology (CVE-2024-47272). Risk of unauthorized operations or information disclosure.
CVE-2026-9603 Vulnerability in CVE-2026-9603 (CVE-2026-9603)
vulnerability in CVE-2026-9603 (CVE-2026-9603). Risk of unauthorized operations or information disclosure.
CVE-2026-3660 Authorization Flaw in ibm (CVE-2026-3660)
vulnerability in ibm (CVE-2026-3660). Successful exploitation can lead to full system takeover.
CVE-2026-44314 Authorization Flaw in traccar (CVE-2026-44314)
vulnerability in traccar (CVE-2026-44314). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.13.0` or later.
CVE-2026-8046 Authorization Flaw in CVE-2026-8046 (CVE-2026-8046)
vulnerability in CVE-2026-8046 (CVE-2026-8046). Data can be tampered with by attackers.
CVE-2026-9350 Vulnerability in CVE-2026-9350 (CVE-2026-9350)
vulnerability in CVE-2026-9350 (CVE-2026-9350). Risk of unauthorized operations or information disclosure.
CVE-2018-25353 Authorization Flaw in CVE-2018-25353 (CVE-2018-25353)
vulnerability in CVE-2018-25353 (CVE-2018-25353). Successful exploitation can lead to full system takeover.
CVE-2026-6406 Authorization Flaw in docker (CVE-2026-6406)
vulnerability in docker (CVE-2026-6406). Successful exploitation can lead to full system takeover.
CVE-2026-47120 Vulnerability in github.com/nezhahq/nezha (CVE-2026-47120)
vulnerability in github.com/nezhahq/nezha (CVE-2026-47120). Data can be tampered with by attackers. Exploitable via `POST /api/v1/alert-rule`. Mitigation: upgrade to `1.14.15-0.20260517022419-d7526351cf97` or later.
CVE-2026-46717 Authorization Flaw in github.com/nezhahq/nezha (CVE-2026-46717)
vulnerability in github.com/nezhahq/nezha (CVE-2026-46717). Confidential information can be exposed externally. Exploitable via `POST /api/v1/notification`. Mitigation: upgrade to `1.14.15-0.20260517022419-d06d539d34c1` or later.
CVE-2026-46595 Vulnerability in golang.org/x/crypto (CVE-2026-46595)
vulnerability in golang.org/x/crypto (CVE-2026-46595). Confidential information can be exposed externally. Mitigation: upgrade to `0.52.0` or later.
CVE-2026-8350 Authorization Flaw in concrete5/concrete5 (CVE-2026-8350)
vulnerability in concrete5/concrete5 (CVE-2026-8350). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-47102 Authorization Flaw in litellm (CVE-2026-47102)
vulnerability in litellm (CVE-2026-47102). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.83.10` or later.
CVE-2026-47101 Authorization Flaw in litellm (CVE-2026-47101)
vulnerability in litellm (CVE-2026-47101). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.83.14` or later.
CVE-2026-46549 Authorization Flaw in nocodb (CVE-2026-46549)
vulnerability in nocodb (CVE-2026-46549). Risk of unauthorized operations or information disclosure. Exploitable via ``oauth_scope``.
CVE-2026-46519 Authorization Flaw in mcp-server-kubernetes (CVE-2026-46519)
vulnerability in mcp-server-kubernetes (CVE-2026-46519). Successful exploitation can lead to full system takeover. Exploitable via ``ALLOW_ONLY_READONLY_TOOLS``. Mitigation: upgrade to `3.6.0` or later.
CVE-2026-4055 Authorization Flaw in github.com/mattermost/mattermost/server/v8 (CVE-2026-4055)
vulnerability in github.com/mattermost/mattermost/server/v8 (CVE-2026-4055). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.0.0-20260320113102-f2b3d1c6a945` or later.
CVE-2026-20238 Authorization Flaw in splunk (CVE-2026-20238)
vulnerability in splunk (CVE-2026-20238). Confidential information can be exposed externally. Exploitable via ``srchFilter``.
CVE-2026-56268 Authorization Flaw in flowise (CVE-2026-56268)
vulnerability in flowise (CVE-2026-56268). Confidential information can be exposed externally. Exploitable via ``keyonly``. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-34600 Information Disclosure in CVE-2026-34600 (CVE-2026-34600)
vulnerability in CVE-2026-34600 (CVE-2026-34600). Confidential information can be exposed externally.
CVE-2026-42526 Authorization Flaw in apache-airflow-providers-amazon (CVE-2026-42526)
vulnerability in apache-airflow-providers-amazon (CVE-2026-42526). Confidential information can be exposed externally. Exploitable via ``conn_id``. Mitigation: upgrade to `9.28.0` or later.
CVE-2026-41470 Authorization Flaw in CVE-2026-41470 (CVE-2026-41470)
vulnerability in CVE-2026-41470 (CVE-2026-41470). Risk of unauthorized operations or information disclosure.
CVE-2026-45692 Vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45692)
vulnerability in github.com/caddyserver/caddy/v2 (CVE-2026-45692). Risk of unauthorized operations or information disclosure. Exploitable via `GET /config/apps/http/servers/srv/routes/0`. Mitigation: upgrade to `2.11.3` or later.
CVE-2026-42096 Authorization Flaw in sparxsystems (CVE-2026-42096)
vulnerability in sparxsystems (CVE-2026-42096). Successful exploitation can lead to full system takeover.
CVE-2026-21789 Authorization Flaw in CVE-2026-21789 (CVE-2026-21789)
vulnerability in CVE-2026-21789 (CVE-2026-21789). Risk of unauthorized operations or information disclosure.
CVE-2026-45718 Authorization Flaw in budibase (CVE-2026-45718)
vulnerability in budibase (CVE-2026-45718). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/tables/`. Mitigation: upgrade to `3.38.1` or later.
CVE-2026-4286 Authorization Flaw in github.com/mattermost/mattermost/server/v8 (CVE-2026-4286)
vulnerability in github.com/mattermost/mattermost/server/v8 (CVE-2026-4286). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.11.14` or later.
CVE-2026-28732 Authorization Flaw in github.com/mattermost/mattermost/server/v8 (CVE-2026-28732)
vulnerability in github.com/mattermost/mattermost/server/v8 (CVE-2026-28732). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.0.0-20260306123948-f5fe8ded6b63` or later.
CVE-2026-6342 Authorization Flaw in mattermost (CVE-2026-6342)
vulnerability in mattermost (CVE-2026-6342). Risk of unauthorized operations or information disclosure.
CVE-2026-6341 Authorization Flaw in mattermost (CVE-2026-6341)
vulnerability in mattermost (CVE-2026-6341). Risk of unauthorized operations or information disclosure.
CVE-2026-6343 Authorization Flaw in github.com/mattermost/mattermost/server/v8 (CVE-2026-6343)
vulnerability in github.com/mattermost/mattermost/server/v8 (CVE-2026-6343). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.11.14` or later.
CVE-2026-28759 Authorization Flaw in github.com/mattermost/mattermost/server/v8 (CVE-2026-28759)
vulnerability in github.com/mattermost/mattermost/server/v8 (CVE-2026-28759). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.0.0-20260216150504-8738f8c4b3d4` or later.
CVE-2026-4273 Authorization Flaw in github.com/mattermost/mattermost/server/v8 (CVE-2026-4273)
vulnerability in github.com/mattermost/mattermost/server/v8 (CVE-2026-4273). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.0.0-20260313190740-742e0be95074` or later.
CVE-2026-46362 Authorization Flaw in thorsten/phpmyfaq (CVE-2026-46362)
vulnerability in thorsten/phpmyfaq (CVE-2026-46362). Confidential information can be exposed externally. Exploitable via ``ForbiddenException``. Mitigation: upgrade to `4.1.2` or later.
CVE-2026-46366 phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
CVE-2026-45009 Authorization Flaw in phpMyFAQ/phpMyFAQ (CVE-2026-45009)
vulnerability in phpMyFAQ/phpMyFAQ (CVE-2026-45009). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.1.2` or later.
CVE-2026-45672 Authorization Flaw in open-webui (CVE-2026-45672)
vulnerability in open-webui (CVE-2026-45672). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.8.12` or later.
CVE-2026-45339 Authorization Flaw in open-webu (CVE-2026-45339)
vulnerability in open-webu (CVE-2026-45339). Confidential information can be exposed externally. Exploitable via `Authorization header`. Mitigation: upgrade to `0.9.0` or later.
CVE-2026-45316 Authorization Flaw in open-webui (CVE-2026-45316)
vulnerability in open-webui (CVE-2026-45316). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/v1/notes/{id}/pin`. Mitigation: upgrade to `0.9.3` or later.
CVE-2026-44633 Authorization Flaw in CVE-2026-44633 (CVE-2026-44633)
vulnerability in CVE-2026-44633 (CVE-2026-44633). Confidential information can be exposed externally.
CVE-2025-15023 Authorization Flaw in CVE-2025-15023 (CVE-2025-15023)
vulnerability in CVE-2025-15023 (CVE-2025-15023). Successful exploitation can lead to full system takeover.
CVE-2026-41888 Authorization Flaw in github.com/distribution/distribution/v3 (CVE-2026-41888)
vulnerability in github.com/distribution/distribution/v3 (CVE-2026-41888). Risk of unauthorized operations or information disclosure. Exploitable via `DELETE /v2/`. Mitigation: upgrade to `3.1.1` or later.
CVE-2026-42572 Vulnerability in github.com/hatchet-dev/hatchet (CVE-2026-42572)
vulnerability in github.com/hatchet-dev/hatchet (CVE-2026-42572). Confidential information can be exposed externally. Exploitable via `GET /api/v1/stable/dags/tasks`. Mitigation: upgrade to `0.83.39` or later.
CVE-2026-44882 Authorization Flaw in github.com/portainer/portainer (CVE-2026-44882)
vulnerability in github.com/portainer/portainer (CVE-2026-44882). Confidential information can be exposed externally. Exploitable via ``kubeClientMiddleware``. Mitigation: upgrade to `2.33.8` or later.
CVE-2026-44850 Authorization Flaw in github.com/portainer/portainer (CVE-2026-44850)
vulnerability in github.com/portainer/portainer (CVE-2026-44850). Confidential information can be exposed externally. Exploitable via `POST /containers/create`. Mitigation: upgrade to `2.41.0` or later.
CVE-2026-44374 Authorization Flaw in @backstage/plugin-catalog-unprocessed-entities-common (CVE-2026-44374)
vulnerability in @backstage/plugin-catalog-unprocessed-entities-common (CVE-2026-44374). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.0.15` or later.
CVE-2026-32991 Authorization Flaw in CVE-2026-32991 (CVE-2026-32991)
vulnerability in CVE-2026-32991 (CVE-2026-32991). Data can be tampered with by attackers.
CVE-2026-44380 Authorization Flaw in misp (CVE-2026-44380)
vulnerability in misp (CVE-2026-44380). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2.5.37` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →