Total
2605 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-27153 | 1 Discourse | 1 Discourse | 2026-03-02 | 2.7 Low |
| Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, moderators could export user Chat DMs via the CSV export endpoint by exploiting an overly permissive allowlist in `can_export_entity?`. The method allowed moderators to export any entity not explicitly blocked instead of restricting to an explicit allowlist. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available. | ||||
| CVE-2026-2293 | 1 Nest.js | 1 Nest.js | 2026-03-02 | 7.5 High |
| A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when Fastify path-normalization options are enabled. This issue affects nest.Js: 11.1.13. | ||||
| CVE-2026-27899 | 2 H44z, Wgportal | 2 Wg-portal, Wireguard Portal | 2026-03-02 | 8.8 High |
| WireGuard Portal (or wg-portal) is a web-based configuration portal for WireGuard server management. Prior to version 2.1.3, any authenticated non-admin user can become a full administrator by sending a single PUT request to their own user profile endpoint with `"IsAdmin": true` in the JSON body. After logging out and back in, the session picks up admin privileges from the database. When a user updates their own profile, the server parses the full JSON body into the user model, including the `IsAdmin` boolean field. A function responsible for preserving calculated or protected attributes pins certain fields to their database values (such as base model data, linked peer count, and authentication data), but it does not do this for `IsAdmin`. As a result, whatever value the client sends for `IsAdmin` is written directly to the database. After the exploit, the attacker has full admin access to the WireGuard VPN management portal. The problem was fixed in v2.1.3. The docker images for the tag 'latest' built from the master branch also include the fix. | ||||
| CVE-2024-3331 | 2026-03-02 | 6.8 Medium | ||
| Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server Edition, Spotfire Spotfire Statistics Services, Spotfire Spotfire Analyst, Spotfire Spotfire Desktop, Spotfire Spotfire Server allows The impact of this vulnerability depends on the privileges of the user running the affected software..This issue affects Spotfire Enterprise Runtime for R - Server Edition: from 1.12.7 through 1.20.0; Spotfire Statistics Services: from 12.0.7 through 12.3.1, from 14.0.0 through 14.3.0; Spotfire Analyst: from 12.0.9 through 12.5.0, from 14.0.0 through 14.3.0; Spotfire Desktop: from 14.0 through 14.3.0; Spotfire Server: from 12.0.10 through 12.5.0, from 14.0.0 through 14.3.0. | ||||
| CVE-2026-25729 | 1 Lintsinghua | 1 Deepaudit | 2026-02-28 | 6.5 Medium |
| DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is an improper access control vulnerability in the /api/v1/users/ endpoint allows any authenticated user to enumerate all users in the system and retrieve sensitive information including email addresses, phone numbers, full names, and role information. | ||||
| CVE-2026-25963 | 1 Fleetdm | 1 Fleet | 2026-02-27 | 6.5 Medium |
| Fleet is open source device management software. In versions prior to 4.80.1, a broken authorization check in Fleet’s certificate template deletion API could allow a team administrator to delete certificate templates belonging to other teams within the same Fleet instance. Fleet supports certificate templates that are scoped to individual teams. In affected versions, the batch deletion endpoint validated authorization using a user-supplied team identifier but did not verify that the certificate template IDs being deleted actually belonged to that team. As a result, a team administrator could delete certificate templates associated with other teams, potentially disrupting certificate-based workflows such as device enrollment, Wi-Fi authentication, VPN access, or other certificate-dependent configurations for the affected teams. This issue does not allow privilege escalation, access to sensitive data, or compromise of Fleet’s control plane. Impact is limited to integrity and availability of certificate templates across teams. Version 4.80.1 patches the issue. If an immediate upgrade is not possible, administrators should restrict access to certificate template management to trusted users and avoid delegating team administrator permissions where not strictly required. | ||||
| CVE-2025-69414 | 1 Plex | 1 Media Server | 2026-02-27 | 8.5 High |
| Plex Media Server (PMS) through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient access token. | ||||
| CVE-2026-22624 | 1 Hiksemi | 1 Hs-afs-s1h1 | 2026-02-27 | 4.3 Medium |
| Due to inadequate access control, authenticated users of certain HIKSEMI NAS products can manipulate other users' file resources without proper authorization. | ||||
| CVE-2026-21722 | 1 Grafana | 2 Grafana, Grafana Enterprise | 2026-02-27 | 5.3 Medium |
| Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange. This did not leak any annotations that would not otherwise be visible on the public dashboard. | ||||
| CVE-2025-69416 | 1 Plex | 1 Media Server | 2026-02-27 | 5 Medium |
| In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve other tokens (intended for unrelated access) via clients.plex.tv/devices.xml. | ||||
| CVE-2025-69417 | 1 Plex | 1 Media Server | 2026-02-27 | 5 Medium |
| In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve share tokens (intended for unrelated access) via a shared_servers endpoint. | ||||
| CVE-2026-24487 | 2 Open-emr, Openemr | 2 Openemr, Openemr | 2026-02-27 | 6.5 Medium |
| OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the FHIR CareTeam resource endpoint allows patient-scoped FHIR tokens to access care team data for all patients instead of being restricted to only the authenticated patient's data. This could potentially lead to unauthorized disclosure of Protected Health Information (PHI), including patient-provider relationships and care team structures across the entire system. The issue occurs because the `FhirCareTeamService` does not implement the `IPatientCompartmentResourceService` interface and does not pass the patient binding parameter to the underlying service, bypassing the patient compartment filtering mechanism. Version 8.0.0 contains a patch for this issue. | ||||
| CVE-2026-21721 | 1 Grafana | 2 Grafana, Grafana Enterprise | 2026-02-26 | 8.1 High |
| The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions:* action. As a result, a user who has permission management rights on one dashboard can read and modify permissions on other dashboards. This is an organization‑internal privilege escalation. | ||||
| CVE-2025-67856 | 1 Moodle | 1 Moodle | 2026-02-26 | 5.4 Medium |
| A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to privilege escalation or unauthorized access to certain features. | ||||
| CVE-2024-45328 | 1 Fortinet | 1 Fortisandbox | 2026-02-26 | 7.1 High |
| An incorrect authorization vulnerability [CWE-863] in FortiSandbox 4.4.0 through 4.4.6 may allow a low priviledged administrator to execute elevated CLI commands via the GUI console menu. | ||||
| CVE-2025-22228 | 1 Redhat | 2 Apache Camel Spring Boot, Ocp Tools | 2026-02-26 | 7.4 High |
| BCryptPasswordEncoder.matches(CharSequence,String) will incorrectly return true for passwords larger than 72 characters as long as the first 72 characters are the same. | ||||
| CVE-2025-24200 | 1 Apple | 2 Ipados, Iphone Os | 2026-02-26 | 6.1 Medium |
| An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals. | ||||
| CVE-2024-44305 | 1 Apple | 1 Macos | 2026-02-26 | 7.8 High |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.6. An app may be able to gain root privileges. | ||||
| CVE-2025-21403 | 1 Microsoft | 2 On-prem Data Gateway, Sap Hana Enabled Sso For Onpremises Data Gateway | 2026-02-26 | 6.4 Medium |
| On-Premises Data Gateway Information Disclosure Vulnerability | ||||
| CVE-2025-24434 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2026-02-26 | 9.1 Critical |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. | ||||