Lucene search
K

6 matches found

CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

get.gov 安全漏洞

get.gov is an open-source domain registration management tool provided by the Cybersecurity and Infrastructure Security Agency of the United States of America. There is a security vulnerability in get.gov; this vulnerability stems from the ability for organizational administrators to assign domai...

7.6CVSS5.8AI score0.00398EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/06 4:12 a.m.9 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the GetUserRoles API endpoint. An attacker can access ACL policies for any user across all organizations by supplying specific Name and Org parameters in a network request. Remediatio...

7.7CVSS5.8AI score0.00255EPSS
Exploits0References2
NVD
NVD
added 2026/05/06 3:15 a.m.12 views

CVE-2026-7573

An authorization bypass CWE-639 in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy roles and permissions for any user across all organizations by supplying targeted Name and Org...

7.7CVSS0.00255EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/15 5:29 p.m.4 views

CVE-2026-6290 Velociraptor Query() Plugin Misapplies Permissions To Orgs

Velociraptor versions prior to 0.76.3 contain a vulnerability in the query plugin which allows access to all orgs with the user's current ACL token. This allows an authenticated GUI user with access in one org, to use the query plugin, in a notebook cell, to run VQL queries on other orgs which th...

8CVSS5.8AI score0.00224EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/02 12:0 a.m.9 views

Lunary 安全漏洞

Lunary is an open-source production toolkit for LLMs developed by Lunary. Version 1.2.13 of Lunary contains a security vulnerability. This vulnerability stems from insufficient access control granularity, allowing users to delete prompts created by other organizations using their IDs, resulting i...

7.5CVSS7.1AI score0.00388EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2018/02/21 12:25 p.m.5 views

foreman: models with a 'belongs_to' association to an Organization do not verify association belongs to that Organization

It was found that foreman in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations...

7.4CVSS5.8AI score0.00749EPSS
Exploits0References4
Rows per page
Query Builder