101 matches found
CVE-2026-0235
A race condition vulnerability in Palo Alto Networks Prisma® Browser enables a locally authenticated non-admin user to bypass certain access and data control policies...
PT-2026-40747
Name of the Vulnerable Software and Affected Versions Prisma Browser affected versions not specified Description A race condition allows a locally authenticated non-admin user to bypass specific access and data control policies. A race condition is a situation where the system's substantive...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the GetUserRoles API endpoint. An attacker can access ACL policies for any user across all organizations by supplying specific Name and Org parameters in a network request. Remediatio...
ClearanceKit 安全漏洞
ClearanceKit is a macOS file system access control tool developed by Craig J. Bass. Versions of ClearanceKit prior to 5.0.6 contained security vulnerabilities. These vulnerabilities stemmed from the opfilter Endpoint Security system extension, which could be suspended or terminated by the root...
EUVD-2026-17484
ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.14, two related startup defects created a window during which only the single compile-time baseline rule was enforced by opfilter. All managed MDM-delivered and user-defined...
ClearanceKit 安全漏洞
ClearanceKit is a macOS file system access control tool developed by Craig J. Bass. Versions of ClearanceKit prior to 4.2.14 contained security vulnerabilities. These vulnerabilities were caused by startup defects that led to incomplete loading of access policies, potentially resulting in imprope...
CVE-2022-33140
The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the...
Improper Access Control
liferay-portal is vulnerable to Improper Access Control. The vulnerability is due to JSON Web Services being registered and invoked directly as classes, where these services bypass expected routing and are executed in a way that triggers Service Access Policies SAP unintentionally. This allows...
CVE-2025-34272 Nagios Log Server < 2024R2.0.3 Non-Empty Default Dashboard Fallback
In Nagios Log Server versions prior to 2024R2.0.3, when a user's configured default dashboard is deleted, the application does not reliably fall back to an empty, default dashboard. In some implementations this can result in an unexpected dashboard being presented as the user's default view...
EUVD-2007-2688
Malware in sbrugna...
EUVD-2006-7090
Malware in sbrugna...
EUVD-2006-6555
Malware in sbrugna...
EUVD-2024-18123
Malicious code in bioql PyPI...
EUVD-2022-5975
Malicious code in bioql PyPI...
CVE-2025-43789
JSON Web Services in Liferay Portal 7.4.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.9, 7.4 GA through update 92 published to OSGi are registered and invoked directly as classes which allows Service Access Policies get executed...
BIT-NIFI-2022-33140 Improper Neutralization of Command Elements in Shell User Group Provider
The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the...
Liferay Portal JSON Web Services Direct Class Invocation Enables Service Access Policy Execution
JSON Web Services in Liferay Portal 7.4.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.9, 7.4 GA through update 92 published to OSGi are registered and invoked directly as classes which allows Service Access Policies to get executed...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the JSON Web Services published to OSGi. An attacker can gain unauthorized access to restricted service operations by invoking classes directly, which causes Service Access Policies to be executed. Remediatio...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the JSON Web Services published to OSGi. An attacker can gain unauthorized access to restricted service operations by invoking classes directly, which causes Service Access Policies to be executed. Remediatio...
GHSA-Q86R-GWQC-JX85 Liferay Portal JSON Web Services Direct Class Invocation Enables Service Access Policy Execution
JSON Web Services in Liferay Portal 7.4.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.9, 7.4 GA through update 92 published to OSGi are registered and invoked directly as classes which allows Service Access Policies to get executed...