Lucene search
K

3956 matches found

Nuclei
Nuclei
added 5 hours ago165 views

Apache HTTP Server - ACL Bypass

Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. id: CVE-2024-38473 info: name: Apache HTTP Server - ACL Bypass author: pdteam severity: high...

8.1CVSS6.7AI score0.25878EPSS
Exploits1References5
CVE
CVE
added 2 days ago6 views

CVE-2026-57481

Parse Server LiveQuery vulnerability: a subscriber could receive object field values the reader is not authorized to read when a single save changed both the object field and the subscriber’s ACL read access, due to leave/enter events using the wrong object state. Affected versions before 9.9.1-a...

2.3CVSS6AI score0.00386EPSS
Exploits0References7
CVE
CVE
added 2 days ago11 views

CVE-2026-58214

CVE-2026-58214 – NATS Server (MQTT subscribe ACL bypass) Prior to version 2.14.3 and 2.12.12, an authenticated MQTT client could subscribe to the internal $MQTT.deliver.pubrel subject family, bypassing configured subscribe permissions and exposing MQTT QoS2 protocol metadata for sessions in the a...

4.3CVSS5.9AI score0.00367EPSS
Exploits0References5
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-11340 Authorization Bypass in HAVELSAN's Open Source Project Liman MYS

Missing Authorization vulnerability in HAVELSAN Inc. Liman MYS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liman MYS: before release.Master.1107...

8.3CVSS0.00195EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 12:28 p.m.36 views

CVE-2026-58652 luci-app-travelmate - Arbitrary Command Execution via UCI Script Parameter

luci-app-travelmate and the travelmate package contain a privilege-escalation flaw: a LuCI/rpcd session holding the luci-app-travelmate write ACL is granted config-wide UCI write access to the travelmate configuration. While the LuCI UI restricts the auto-login script picker to...

7.7CVSS0.00482EPSS
Exploits0References7
CVE
CVE
added 2026/07/01 11:58 a.m.22 views

CVE-2026-53905

CVE-2026-53905 affects MCO, with confirmation in version 25.3.3.1. The issue is an insufficient authorization enforcement in the /customer/servlet/mco/webapi/admin-view-hierarchy/get-acl-tree-structure endpoint, allowing an authenticated, low-privileged user to retrieve administrator access contr...

7.1CVSS5.8AI score0.00183EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/07/01 11:58 a.m.8 views

EUVD-2026-40951

MCO does not properly enforce authorization checks in the /customer/servlet/mco/webapi/admin-view-hierarchy/get-acl-tree-structure endpoint. An authenticated, low-privileged user can retrieve administrator access control structures without proper authorization checks. This may expose sensitive...

7.1CVSS5.8AI score0.00208EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2026/07/01 2:6 a.m.7 views

CVE-2026-54371 affecting package acl for versions less than 2.4.0-1

CVE-2026-54371 affecting package acl for versions less than 2.4.0-1. An upgraded version of the package is available that resolves this issue...

8.4CVSS5.7AI score0.00136EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-54370

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by...

7.2CVSS6.1AI score0.00091EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-54369

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions aclgetfile, aclsetfile, aclextendedfile, and...

8.4CVSS6AI score0.00142EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 2:16 p.m.4 views

UBUNTU-CVE-2026-54369

acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions aclgetfile, aclsetfile, aclextendedfile, and acldeletedeffile that allows local attackers to escalate privileges by replacing any pathname component with a symbolic link. Attackers who contr...

8.4CVSS5.9AI score0.00142EPSS
Exploits0References9
Snyk
Snyk
added 2026/06/29 1:0 p.m.6 views

Symlink Attack

Overview acl is a None Affected versions of this package are vulnerable to Symlink Attack. via the libacl functions. An attacker can gain unauthorized access to or modify access control lists by replacing a pathname component with a symbolic link, redirecting ACL read or write operations to...

8.4CVSS5.9AI score0.00142EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/29 12:38 p.m.7 views

CVE-2026-54370

acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...

7.2CVSS5.9AI score0.00091EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/29 12:38 p.m.7 views

EUVD-2026-40086

acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...

7.2CVSS5.9AI score0.00091EPSS
Exploits0References3
CVE
CVE
added 2026/06/29 12:38 p.m.20 views

CVE-2026-54370

CVE-2026-54370 affects acl before version 2.4.0, introducing a TOCTOU race where an attacker-controlled pathname component can replace a component with a symlink between an lstat() check and subsequent operations (stat, chown, chmod, acl_get_file, acl_set_file). This enables local privilege escal...

7.2CVSS5.9AI score0.00091EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/29 12:38 p.m.44 views

CVE-2026-54370 acl < 2.4.0 TOCTOU Symlink Traversal via getfacl/setfacl/chacl

acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...

7.2CVSS0.00091EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/29 12:38 p.m.8 views

CVE-2026-54370

acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...

7.2CVSS5.9AI score0.00091EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/29 12:37 p.m.49 views

CVE-2026-54369 acl < 2.4.0 Symlink Traversal Privilege Escalation via libacl Functions

acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions aclgetfile, aclsetfile, aclextendedfile, and acldeletedeffile that allows local attackers to escalate privileges by replacing any pathname component with a symbolic link. Attackers who contr...

8.4CVSS0.00142EPSS
Exploits0References3
CVE
CVE
added 2026/06/29 12:37 p.m.40 views

CVE-2026-54369

The CVE-2026-54369 entry concerns acl before version 2.4.0, where a symlink traversal vulnerability exists in the libacl pathname-based functions acl_get_file(), acl_set_file(), acl_extended_file(), and acl_delete_def_file(). The underlying issue allows a local attacker to escalate privileges by ...

8.4CVSS5.9AI score0.00142EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/06/29 12:37 p.m.9 views

CVE-2026-54369

acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions aclgetfile, aclsetfile, aclextendedfile, and acldeletedeffile that allows local attackers to escalate privileges by replacing any pathname component with a symbolic link. Attackers who contr...

8.4CVSS5.8AI score0.00142EPSS
Exploits0
Rows per page
Query Builder