ReportizFlow
Filtered by vendor
Subscriptions
Total
4452 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-20912 | 1 Gitea | 1 Gitea | 2026-01-24 | 9.1 Critical |
| Gitea does not properly validate repository ownership when linking attachments to releases. An attachment uploaded to a private repository could potentially be linked to a release in a different public repository, making it accessible to unauthorized users. | ||||
| CVE-2026-20904 | 1 Gitea | 1 Gitea | 2026-01-24 | 6.5 Medium |
| Gitea does not properly validate ownership when toggling OpenID URI visibility. An authenticated user may be able to change the visibility settings of other users' OpenID identities. | ||||
| CVE-2026-20897 | 1 Gitea | 1 Gitea | 2026-01-24 | 9.1 Critical |
| Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories. | ||||
| CVE-2026-20888 | 1 Gitea | 1 Gitea | 2026-01-24 | 4.3 Medium |
| Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface. A user with read access to pull requests may be able to cancel auto-merges scheduled by other users. | ||||
| CVE-2026-20883 | 1 Gitea | 1 Gitea | 2026-01-24 | 6.5 Medium |
| Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository is revoked, they may still view issue titles and repository names through previously started stopwatches. | ||||
| CVE-2026-20750 | 1 Gitea | 1 Gitea | 2026-01-24 | 9.1 Critical |
| Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization. | ||||
| CVE-2026-20736 | 1 Gitea | 1 Gitea | 2026-01-24 | 7.5 High |
| Gitea does not properly verify repository context when deleting attachments. A user who previously uploaded an attachment to a repository may be able to delete it after losing access to that repository by making the request through a different repository they can access. | ||||
| CVE-2025-69907 | 2026-01-24 | 7.5 High | ||
| An unauthenticated information disclosure vulnerability exists in Newgen OmniDocs due to missing authentication and access control on the /omnidocs/GetListofCabinet API endpoint. A remote attacker can access this endpoint without valid credentials to retrieve sensitive internal configuration information, including cabinet names and database-related metadata. This allows unauthorized enumeration of backend deployment details and may facilitate further targeted attacks. | ||||
| CVE-2026-24306 | 1 Microsoft | 1 Azure Front Door | 2026-01-24 | 9.8 Critical |
| Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2026-24304 | 1 Microsoft | 1 Azure Resource Manager | 2026-01-24 | 9.9 Critical |
| Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-20949 | 1 Microsoft | 6 365 Apps, Office 2021, Office 2024 and 3 more | 2026-01-24 | 7.8 High |
| Improper access control in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2026-20929 | 1 Microsoft | 18 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 15 more | 2026-01-24 | 7.5 High |
| Improper access control in Windows HTTP.sys allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-20843 | 1 Microsoft | 23 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 20 more | 2026-01-24 | 7.8 High |
| Improper access control in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-20839 | 1 Microsoft | 22 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 19 more | 2026-01-24 | 5.5 Medium |
| Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-20825 | 1 Microsoft | 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more | 2026-01-24 | 4.4 Medium |
| Improper access control in Windows Hyper-V allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-0386 | 1 Microsoft | 11 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 8 more | 2026-01-24 | 7.5 High |
| Improper access control in Windows Deployment Services allows an unauthorized attacker to execute code over an adjacent network. | ||||
| CVE-2025-70986 | 2026-01-23 | 7.5 High | ||
| Incorrect access control in the selectDept function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily access sensitive department data. | ||||
| CVE-2025-70985 | 2026-01-23 | 9.1 Critical | ||
| Incorrect access control in the update function of RuoYi v4.8.2 allows unauthorized attackers to arbitrarily modify data outside of their scope. | ||||
| CVE-2025-70983 | 2026-01-23 | 9.9 Critical | ||
| Incorrect access control in the authRoutes function of SpringBlade v4.5.0 allows attackers with low-level privileges to escalate privileges. | ||||
| CVE-2025-52963 | 2 Juniper, Juniper Networks | 2 Junos, Junos Os | 2026-01-23 | 5.5 Medium |
| An Improper Access Control vulnerability in the User Interface (UI) of Juniper Networks Junos OS allows a local, low-privileged attacker to bring down an interface, leading to a Denial-of-Service. Users with "view" permissions can run a specific request interface command which allows the user to shut down the interface. This issue affects Junos OS: * All versions before 21.2R3-S9, * from 21.4 before 21.4R3-S11, * from 22.2 before 22.2R3-S7, * from 22.4 before 22.4R3-S7, * from 23.2 before 23.2R2-S4, * from 23.4 before 23.4R2-S5, * from 24.2 before 24.2R2-S1, * from 24.4 before 24.4R1-S3, 24.4R2. | ||||