CVE-2026-46485
Dashy is a self-hostable personal dashboard. Prior to 4.0.8, Dashy deployments using OIDC can allow unauthenticated users or non-admin authe
CVSS
8.2
Alto
EPSS
0.3%
p22
KEV
—
Exploit Today
7
0-100
Publicado: 15 jul 2026 · Última mod.: 15 jul 2026 · CWE-15 · CWE-284 · CWE-287
0.3%EPSS · 30 días0.3%
2026-07-162026-07-17
Dashy is a self-hostable personal dashboard. Prior to 4.0.8, Dashy deployments using OIDC can allow unauthenticated users or non-admin authenticated users to write changes to the main config.yaml through the config-saving functionality despite configured permissions, allowing unauthorized modification of dashboard configuration and potential service disruption. This issue is fixed in version 4.0.8.
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-468179.8 CRÍ60.3%
KEV—68Oracle E-Business Suite Improper Privilege Management Vulnerability2dCVE-2023-278239.8 CRÍ98.9%
——30An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials.9dCVE-2026-411769.8 CRÍ98.2%
——29Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint `options/set` is exposed without `AuthRequired: true`, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and prior to version 1.73.5, an unauthenticated attacker can set `rc.NoAuth=true`, which disables the authorization gate for many RC methods registered with `AuthRequired: true` on reachable RC servers that are started without global HTTP authentication. This can lead to unauthorized access to sensitive administrative functionality, including configuration and operational RC methods. Version 1.73.5 patches the issue.3dCVE-2022-470039.8 CRÍ88.2%
——26A vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to bypass authentication via a crafted web request.9dCVE-2026-503517.8 ALT84.8%
——25Improper access control in Windows Audio Compression Manager (ACM) allows an authorized attacker to elevate privileges locally.1dCVE-2026-242947.8 ALT84.6%
——25Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.17d