Lucene search
+L

3999 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Redis

Redis is an open-source, in-memory database that persists data on disk. A authenticated user may use a specially crafted Lua script to manipulate the garbage collector, potentially leading to remote code execution. This issue has been fixed in versions 7.4.2, 7.2.7, and 6.2.17. An additional...

9.8CVSS7.2AI score0.07934EPSS
Exploits2References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Redis

Redis is an in-memory database that persists data on disk. By exploiting vulnerabilities in the Lua script execution environment, an attacker with access to Redis prior to versions 7.0.0 or 6.2.7 can inject Lua code that will execute with the potentially higher privileges of another Redis user. T...

7.8CVSS7AI score0.02264EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumacltcam: Fixed a possible use-after-free during activity updates. The “rule activity update” process periodically traverses a list of configured rules and queries their activity from the device. As part of this...

7.8CVSS6.2AI score0.00247EPSS
Exploits0References2
OSV
OSV
added 2026/05/20 2:16 a.m.8 views

ALPINE-CVE-2026-43617

Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, allowing...

6.3CVSS5.8AI score0.00282EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-40020

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imapaclallowanyone=no. This causes folders to be...

4.3CVSS6AI score0.00271EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.20 views

PT-2026-41994

Name of the Vulnerable Software and Affected Versions AVideo versions 29.0 and earlier Description An unauthenticated remote attacker can read arbitrary image files from the disk that the PHP user has permission to open. This includes private user-profile photos protected by Access Control Lists...

6.9CVSS6AI score0.00455EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-8851

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to...

8.6CVSS6.2AI score0.00316EPSS
Exploits0References3
NVD
NVD
added 2026/05/18 9:16 p.m.17 views

CVE-2026-8851

SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls endpoint. Attackers can...

8.6CVSS0.00316EPSS
Exploits0References3
OSV
OSV
added 2026/05/18 9:16 p.m.4 views

DEBIAN-CVE-2026-8851

SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls endpoint. Attackers can...

8.6CVSS6.1AI score0.00316EPSS
Exploits0References1
OSV
OSV
added 2026/05/18 9:16 p.m.3 views

UBUNTU-CVE-2026-8851

SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls endpoint. Attackers can...

8.6CVSS6.1AI score0.00316EPSS
Exploits0References7
CVE
CVE
added 2026/05/18 8:10 p.m.33 views

CVE-2026-8851

SOGo 5.12.7 is affected by a SQL injection in the Access Control List management via the uid parameter in addUserInAcls. An authenticated user can inject subqueries to extract arbitrary data and write it into the sogo_acl table, then retrieve it through the /acls API, creating an out-of-band data...

8.6CVSS6.1AI score0.00316EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/18 8:10 p.m.9 views

CVE-2026-8851 SOGo < 5.12.8 SQL Injection via addUserInAcls endpoint

SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls endpoint. Attackers can...

8.6CVSS6.1AI score0.00316EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/18 8:10 p.m.41 views

CVE-2026-8851 SOGo < 5.12.8 SQL Injection via addUserInAcls endpoint

SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls endpoint. Attackers can...

8.6CVSS0.00316EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/18 8:10 p.m.7 views

CVE-2026-8851

SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls endpoint. Attackers can...

8.6CVSS6.1AI score0.00316EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/18 8:10 p.m.6 views

CVE-2026-8851

SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls endpoint. Attackers can...

8.6CVSS6.1AI score0.00316EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/18 3:4 p.m.15 views

CVE-2026-40020

A flaw was found in dovecot. A remote attacker can exploit the Internet Message Access Protocol IMAP SETACL command to inject "anyone" permissions into a user's dovecot-acl file, even when the imapaclallowanyone setting is disabled. This vulnerability allows an attacker to spam folders to all...

6.5CVSS5.7AI score0.00271EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.16 views

PT-2026-41735

Name of the Vulnerable Software and Affected Versions SOGo version 5.12.7 Description An issue in the Access Control List management functionality allows authenticated users to extract arbitrary data from the database. This is achieved by injecting SQL subqueries through the uid parameter of the...

8.6CVSS6AI score0.00316EPSS
Exploits0References28
NVD
NVD
added 2026/05/17 1:16 p.m.19 views

CVE-2018-25320

ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to...

9.8CVSS0.00576EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/17 12:11 p.m.8 views

CVE-2018-25320

ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to...

9.8CVSS6.5AI score0.00576EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/17 12:11 p.m.18 views

CVE-2018-25320

CVE-2018-25320 affects ACL Analytics 11.x through 13.0.0.579. The vulnerability is an arbitrary code execution via the EXECUTE function, enabling an attacker to run commands with SYSTEM privileges. Reported chain includes using bitsadmin to download malicious PowerShell scripts and execute them t...

9.8CVSS6.5AI score0.00576EPSS
Exploits0References4
Rows per page
Query Builder