Total
109 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-44198 | 1 Torchbox | 1 Wagtail | 2026-05-12 | N/A | 4.3 MEDIUM |
| Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4. | |||||
| CVE-2026-44199 | 1 Torchbox | 1 Wagtail | 2026-05-12 | N/A | 6.5 MEDIUM |
| Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't have access to by crafting a form submission to delete submissions on a page they do have access to for submissions they don't. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4. | |||||
| CVE-2026-44200 | 1 Torchbox | 1 Wagtail | 2026-05-12 | N/A | 6.5 MEDIUM |
| Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to pages could copy a page they don't have access to to an area of the site they do. Once coped, they'd be able to view its contents, and potentially publish it. Permissions were correctly checked for the copy destination, but not for the source page. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4. | |||||
| CVE-2026-6805 | 1 Thalesgroup | 1 Ercom Cryptobox | 2026-05-11 | N/A | 7.5 HIGH |
| Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access code associated to this sharing link. | |||||
| CVE-2026-20448 | 1 Mediatek | 44 Mt6765, Mt6765 Firmware, Mt6768 and 41 more | 2026-05-07 | N/A | 6.7 MEDIUM |
| In geniezone, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10708513; Issue ID: MSV-6281. | |||||
| CVE-2026-27910 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-04-23 | N/A | 7.8 HIGH |
| Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-24096 | 1 Checkmk | 1 Checkmk | 2026-04-07 | N/A | 8.8 HIGH |
| Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 (beta) before version 2.5.0b2 and 2.4.0 before version 2.4.0p25 allows low-privileged users to perform unauthorized actions or obtain sensitive information | |||||
| CVE-2026-2123 | 2 Microfocus, Microsoft | 2 Operations Agent, Windows | 2026-04-03 | N/A | 7.8 HIGH |
| A security audit identified a privilege escalation vulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting this vulnerability | |||||
| CVE-2026-3190 | 1 Redhat | 1 Build Of Keycloak | 2026-04-02 | N/A | 4.3 MEDIUM |
| A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to enforce the `uma_protection` role check. This allows any authenticated user with a token issued for a resource server client, even without the `uma_protection` role, to enumerate all permission tickets in the system. This vulnerability partial leads to information disclosure. | |||||