Lucene search
K

4 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.4 views

Rapid7 Velociraptor < 0.75.8 / 0.76.x < 0.76.3 Incorrect Authorization (CVE-2026-6290)

The version of Rapid7 Velociraptor installed on the remote host is prior to 0.75.8 or 0.76.x prior to 0.76.3. It is, therefore, affected by an incorrect authorization vulnerability: - Velociraptor contains a vulnerability in the query plugin which allows access to all orgs with the user's current...

9.1CVSS5.5AI score0.00224EPSS
Exploits0References2
Circl
Circl
added 2026/04/15 7:22 p.m.5 views

CVE-2026-6290

creationtimestamp| type| source ---|---|--- 2026-04-15 19:22:05+00:00| published-proof-of-concept| Telegram/QjGcBmjsxbZ4Amc1U1V8p7QxKw60FZ8Kw92T8xX9Q9AP7c 2026-04-15 19:22:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjkmky75mp23 2026-04-24 00:07:07+00:00| seen|...

9.1CVSS4.9AI score0.00224EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/15 6:24 p.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the query plugin. An attacker can gain unauthorized access to resources belonging to other organizations by executing VQL queries with their current ACL token, thereby inheriting their permissions across...

9.1CVSS5.7AI score0.00224EPSS
Exploits0References2
CVE
CVE
added 2026/04/15 5:29 p.m.16 views

CVE-2026-6290

Velociraptor CVE-2026-6290 affects versions prior to 0.76.3, due to an incorrect authorization flaw in the query() plugin that lets a GUI user with access in one org execute VQL against other orgs using their current ACL token. The underlying issue is that the plugin’s authorization does not prop...

9.1CVSS5.8AI score0.00224EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder