Lucene search
K

4067 matches found

NVD
NVD
added 2026/06/12 10:16 p.m.10 views

CVE-2026-53825

OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature that allows authenticated Gateway operators with operator.write scope to read local files outside intended ingest sources. Attackers with operator.write access can specify arbitrary local file...

7.1CVSS0.00375EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 3:11 p.m.12 views

EUVD-2026-36483

All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints...

8.8CVSS5.3AI score0.00284EPSS
Exploits0References1
CVE
CVE
added 2026/06/11 6:34 p.m.43 views

CVE-2026-46519

CVE-2026-46519 affects mcp-server-kubernetes (Model Context Protocol server) prior to version 3.6.0. The issue stems from access controls implemented via three environment variables (ALLOW_ONLY_READONLY_TOOLS, ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS, ALLOWED_TOOLS) being enforced only at the tool discov...

8.8CVSS5.6AI score0.00376EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/11 6:34 p.m.26 views

CVE-2026-46519 mcp-server-kubernetes Affected By Tool Access Control Bypass: Presentation-Layer Filtering Without Execution-Layer Enforcement

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.6.0, mcp-server-kubernetes exposes three environment variables ALLOWONLYREADONLYTOOLS, ALLOWONLYNONDESTRUCTIVETOOLS, ALLOWEDTOOLS documented as access controls for restricting which...

8.8CVSS0.00376EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/11 6:34 p.m.8 views

CVE-2026-46519 mcp-server-kubernetes Affected By Tool Access Control Bypass: Presentation-Layer Filtering Without Execution-Layer Enforcement

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.6.0, mcp-server-kubernetes exposes three environment variables ALLOWONLYREADONLYTOOLS, ALLOWONLYNONDESTRUCTIVETOOLS, ALLOWEDTOOLS documented as access controls for restricting which...

8.8CVSS5.6AI score0.00376EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.12 views

CVE-2026-24724

An incorrect authorization vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass intended access restrictions. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.52...

8.6CVSS5.5AI score0.00259EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.16 views

PT-2026-48639

Missing Authorization vulnerability in BeRocket Advanced AJAX Product Filters allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced AJAX Product Filters: from n/a through 1.6.3.3...

5.4CVSS5.4AI score0.00227EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

CyberArk Idira Endpoint Privilege Manager 信任管理问题漏洞

CyberArk Idira Endpoint Privilege Manager is a terminal privilege management agent developed by the American company CyberArk. Versions of CyberArk Idira Endpoint Privilege Manager prior to version 26.5 contained vulnerabilities related to trust management. These vulnerabilities stemmed from...

8.5CVSS5.4AI score0.00128EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.22 views

CyberArk Idira Endpoint Privilege Manager 安全漏洞

CyberArk Idira Endpoint Privilege Manager is a terminal privilege management agent developed by the American company CyberArk. Vulnerabilities existed in versions of CyberArk Idira Endpoint Privilege Manager prior to version 26.5. These vulnerabilities stemmed from improper access control in the...

8.9CVSS5.3AI score0.00124EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 4:17 a.m.14 views

CVE-2026-24724

An incorrect authorization vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass intended access restrictions. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.52...

8.6CVSS0.00259EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 3:15 a.m.11 views

EUVD-2026-35980

An incorrect authorization vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass intended access restrictions. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.52...

8.6CVSS5.5AI score0.00259EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.19 views

PT-2026-48370

Name of the Vulnerable Software and Affected Versions File Station versions prior to 5.5.6.5243 Description An incorrect authorization issue allows a remote attacker with a user account to bypass intended access restrictions. Recommendations Update to version 5.5.6.5243 or later...

8.6CVSS5.3AI score0.00259EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.15 views

PT-2026-48435

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the install blueprint declares only bp.before request → @jwt required app/routes/install/routes.py:36-39. The individual endpoints install exporter, install waf, install geoip,...

9.9CVSS5.5AI score0.00267EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 11:54 a.m.11 views

EUVD-2026-35407

When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the export does not have permission to view gift cards. This is inconsistent with the UI and API where only the first letters of the gift card secret are shown...

6.9CVSS5.5AI score0.00229EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 2:58 a.m.12 views

CVE-2026-11466

A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collectionrouter.py. This manipulation of the argument kwargs causes improper access controls. Remote exploitation of the attack is possible. Th...

5.5CVSS5.6AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/08 5:34 p.m.11 views

CVE-2026-48827

A flaw was found in Apache MINA SSHD bundle sshd-git. This path traversal vulnerability allows authenticated users to access Git repositories located outside the intended server root directory. The lack of proper path validation during Git operations, such as git-upload-pack and git-receive-pack,...

7.1CVSS5.5AI score0.00527EPSS
Exploits0References4
NVD
NVD
added 2026/06/08 5:16 p.m.10 views

CVE-2026-11532

A weakness has been identified in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected is an unknown function of the file /add.php of the component Student Record Handler. Executing a manipulation can lead to improper access controls. The attack may be perform...

6.5CVSS0.0027EPSS
Exploits0References6
CVE
CVE
added 2026/06/08 4:15 p.m.23 views

CVE-2026-11532

Summary of CVE-2026-11532 : The vulnerability affects the imvks786 “student_management_system” up to commit 9599b560ad3c3b83e75d328b76bedcd489ef1f46 and specifically targets an unknown function in the file /add.php of the “Student Record Handler” component. A manipulation of this function can lea...

6.5CVSS5AI score0.0027EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/08 4:15 p.m.8 views

CVE-2026-11532

A weakness has been identified in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected is an unknown function of the file /add.php of the component Student Record Handler. Executing a manipulation can lead to improper access controls. The attack may be perform...

6.5CVSS6.1AI score0.0027EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/08 4:15 p.m.11 views

CVE-2026-11532 imvks786 student_management_system Student Record add.php access control

A weakness has been identified in imvks786 studentmanagementsystem up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected is an unknown function of the file /add.php of the component Student Record Handler. Executing a manipulation can lead to improper access controls. The attack may be perform...

6.5CVSS6.1AI score0.0027EPSS
Exploits0References6
Rows per page
Query Builder