Lucene search
K

101 matches found

NVD
NVD
added 2026/05/13 7:16 p.m.7 views

CVE-2026-0235

A race condition vulnerability in Palo Alto Networks Prisma® Browser enables a locally authenticated non-admin user to bypass certain access and data control policies...

5.8CVSS0.00173EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.15 views

PT-2026-40747

Name of the Vulnerable Software and Affected Versions Prisma Browser affected versions not specified Description A race condition allows a locally authenticated non-admin user to bypass specific access and data control policies. A race condition is a situation where the system's substantive...

5.8CVSS5.8AI score0.00173EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/06 4:12 a.m.9 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the GetUserRoles API endpoint. An attacker can access ACL policies for any user across all organizations by supplying specific Name and Org parameters in a network request. Remediatio...

7.7CVSS5.8AI score0.00255EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.11 views

ClearanceKit 安全漏洞

ClearanceKit is a macOS file system access control tool developed by Craig J. Bass. Versions of ClearanceKit prior to 5.0.6 contained security vulnerabilities. These vulnerabilities stemmed from the opfilter Endpoint Security system extension, which could be suspended or terminated by the root...

8.2CVSS5.8AI score0.00105EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/31 3:13 p.m.4 views

EUVD-2026-17484

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.14, two related startup defects created a window during which only the single compile-time baseline rule was enforced by opfilter. All managed MDM-delivered and user-defined...

6.3CVSS5.8AI score0.00196EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.7 views

ClearanceKit 安全漏洞

ClearanceKit is a macOS file system access control tool developed by Craig J. Bass. Versions of ClearanceKit prior to 4.2.14 contained security vulnerabilities. These vulnerabilities were caused by startup defects that led to incomplete loading of access policies, potentially resulting in imprope...

6.3CVSS5.8AI score0.00196EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/09 10:53 a.m.7 views

CVE-2022-33140

The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the...

8.8CVSS7.4AI score0.03674EPSS
Exploits0References1
Veracode
Veracode
added 2025/11/25 7:26 a.m.7 views

Improper Access Control

liferay-portal is vulnerable to Improper Access Control. The vulnerability is due to JSON Web Services being registered and invoked directly as classes, where these services bypass expected routing and are executed in a way that triggers Service Access Policies SAP unintentionally. This allows...

5.3CVSS6.6AI score0.00197EPSS
Exploits0References7Affected Software2
Vulnrichment
Vulnrichment
added 2025/10/30 9:25 p.m.10 views

CVE-2025-34272 Nagios Log Server < 2024R2.0.3 Non-Empty Default Dashboard Fallback

In Nagios Log Server versions prior to 2024R2.0.3, when a user's configured default dashboard is deleted, the application does not reliably fall back to an empty, default dashboard. In some implementations this can result in an unexpected dashboard being presented as the user's default view...

5.3CVSS6.3AI score0.00783EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2007-2688

Malware in sbrugna...

6.8CVSS6.4AI score0.02114EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2006-7090

Malware in sbrugna...

4.1CVSS6.1AI score0.00337EPSS
Exploits0References15
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2006-6555

Malware in sbrugna...

6.5CVSS6.4AI score0.01425EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2024-18123

Malicious code in bioql PyPI...

7.7CVSS6.6AI score0.00446EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-5975

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.03674EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/09/14 2:27 a.m.13 views

CVE-2025-43789

JSON Web Services in Liferay Portal 7.4.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.9, 7.4 GA through update 92 published to OSGi are registered and invoked directly as classes which allows Service Access Policies get executed...

1CVSS7AI score0.00197EPSS
Exploits0References1
OSV
OSV
added 2025/09/12 11:46 a.m.5 views

BIT-NIFI-2022-33140 Improper Neutralization of Command Elements in Shell User Group Provider

The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the...

8.8CVSS7.6AI score0.03674EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/09/12 3:33 a.m.8 views

Liferay Portal JSON Web Services Direct Class Invocation Enables Service Access Policy Execution

JSON Web Services in Liferay Portal 7.4.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.9, 7.4 GA through update 92 published to OSGi are registered and invoked directly as classes which allows Service Access Policies to get executed...

5.3CVSS7AI score0.00197EPSS
Exploits0References7Affected Software1
Snyk
Snyk
added 2025/09/12 3:33 a.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the JSON Web Services published to OSGi. An attacker can gain unauthorized access to restricted service operations by invoking classes directly, which causes Service Access Policies to be executed. Remediatio...

5.3CVSS6.8AI score0.00197EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/12 3:33 a.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the JSON Web Services published to OSGi. An attacker can gain unauthorized access to restricted service operations by invoking classes directly, which causes Service Access Policies to be executed. Remediatio...

5.3CVSS6.8AI score0.00197EPSS
Exploits0References2
OSV
OSV
added 2025/09/12 3:33 a.m.6 views

GHSA-Q86R-GWQC-JX85 Liferay Portal JSON Web Services Direct Class Invocation Enables Service Access Policy Execution

JSON Web Services in Liferay Portal 7.4.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.9, 7.4 GA through update 92 published to OSGi are registered and invoked directly as classes which allows Service Access Policies to get executed...

1CVSS7AI score0.00197EPSS
Exploits0References7
Rows per page
Query Builder