Lucene search
K

3956 matches found

CVE
CVE
added 2026/06/09 1:4 a.m.25 views

CVE-2026-8795

The issue affects Rapid7 Velociraptor’s Windows.Collectors.Remapping artifact prior to version 0.76.6. In collection ZIPs, the hostname field from client_info.json is inserted into a YAML template via Go's text/template without escaping. An attacker supplying a crafted collection ZIP can use lite...

7.8CVSS5.6AI score0.00148EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 1:4 a.m.36 views

CVE-2026-8795

A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in clientinfo.json inside a collection ZIP is inserted into a YAML template via Go's text/template without escaping. An attacker providing a crafted...

7.8CVSS0.00148EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

Rapid7 Velociraptor 注入漏洞

Rapid7 Velociraptor is a digital forensics and incident response platform provided by Rapid7, Inc. Versions of Rapid7 Velociraptor prior to 0.76.6 contained an injection vulnerability. This vulnerability stemmed from YAML injections in Windows.Collectors.Remapping artifacts. The host name field w...

7.8CVSS5.7AI score0.00148EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.19 views

PT-2026-47541

A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in client info.json inside a collection ZIP is inserted into a YAML template via Go's text/template without escaping. An attacker providing a crafted...

7.8CVSS5.6AI score0.00148EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/08 3:27 a.m.23 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

9.8CVSS5.8AI score0.00563EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2026/06/08 3:27 a.m.16 views

kernel: smb: client: validate the whole DACL before rewriting it in cifsacl

A flaw was found in the Linux kernel's Server Message Block SMB client, specifically within the cifsacl functionality. A malicious SMB server could provide a malformed Discretionary Access Control List DACL that claims to contain more Access Control Entries ACEs than are actually present. This...

8.8CVSS7.5AI score0.00259EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.15 views

RHEL 10 : kernel (RHSA-2026:24343)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:24343 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: nbd: defer config unlock in...

9.8CVSS5.9AI score0.00563EPSS
Exploits0References20
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.11 views

SUSE SLED15 / SLES15 Security Update : perl-Net-CIDR-Lite (SUSE-SU-2026:2113-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2113-1 advisory. This update for perl-Net-CIDR-Lite fixes the following issues - CVE-2026-45190: improper validation of trailin...

7.5CVSS5.7AI score0.00311EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.16 views

RHEL 9 : kernel (RHSA-2026:22940)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22940 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net/sched: Make cakeenqueue...

9.8CVSS5.5AI score0.00563EPSS
Exploits0References16
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.9 views

CVE-2026-7573

An authorization bypass CWE-639 in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy roles and permissions for any user across all organizations by supplying targeted Name and Org...

7.7CVSS5.5AI score0.00255EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.9 views

CVE-2026-8851

SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls endpoint. Attackers can...

8.6CVSS5.8AI score0.00316EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 9:1 a.m.13 views

EUVD-2026-34793

Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Redline WR3200: from 7.1.3 before 7.1.8...

9.8CVSS5.5AI score0.0046EPSS
Exploits0References1
OSV
OSV
added 2026/06/04 7:28 p.m.9 views

GHSA-V39M-97P8-GQG7 Shopware: Privilege escalation: non-admin user with user:create ACL can create admin accounts

UserController::upsertUser writes user data in SYSTEMSCOPE and does not filter the admin field. A non-admin API user with user:create or user:update ACL permission can set admin: true on new or existing users, escalating to full admin access. The Problem In...

6.5CVSS5.8AI score0.00034EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/04 2:22 p.m.13 views

EUVD-2026-34283

Improper Access Control, Missing Authorization vulnerability in Kurt Software Studio WriteUp Mobile App allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WriteUp Mobile App: from 1.3.0 through 04062026...

8.8CVSS5.8AI score0.00245EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/04 10:49 a.m.9 views

kernel: smb: client: validate the whole DACL before rewriting it in cifsacl

A flaw was found in the Linux kernel's Server Message Block SMB client, specifically within the cifsacl functionality. A malicious SMB server could provide a malformed Discretionary Access Control List DACL that claims to contain more Access Control Entries ACEs than are actually present. This...

8.8CVSS5.8AI score0.00259EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/04 3:36 a.m.12 views

CVE-2026-49186

The local MQTT broker does not enforce topic-level Access Control Lists ACLs. This allows any client to subscribe using wildcard characters or + to enumerate hidden network devices or publish rogue control commands...

8.6CVSS5.8AI score0.0032EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.18 views

PT-2026-46396

Name of the Vulnerable Software and Affected Versions Arista EOS affected versions not specified Description On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. This...

6.9CVSS5.4AI score0.00282EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/03 3:25 p.m.19 views

Important: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.8CVSS5.8AI score0.00563EPSS
Exploits0References8
NVD
NVD
added 2026/06/02 10:16 a.m.19 views

CVE-2026-41115

An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMERGROUPDESCRIBE 69 API validates the DESCRIBE operation on the GROUP resource instead of the READ operation that documented in the official kafka documentation and the KIP-848. This...

4.3CVSS0.00288EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 9:45 a.m.13 views

EUVD-2025-210030

Missing Authorization vulnerability in Anton Shevchuk Constructor allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Constructor: from n/a through 1.6.5...

5.3CVSS5.8AI score0.00187EPSS
Exploits0References1
Rows per page
Query Builder