6073 matches found
EUVD-2026-42384
Incorrect Authorization vulnerability in Progress MOVEit Transfer Audit User module. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...
CVE-2026-8800
CVE-2026-8800 is an Incorrect Authorization vulnerability in Progress MOVEit Transfer (Audit User module). Affected versions include MOVEit Transfer before 2025.0.7 and from 2025.1.0 before 2025.1.3. The issue is described as a Low-severity (CVSS 3.1: 2.7) vulnerability with network access, requi...
CVE-2026-8800
Incorrect Authorization vulnerability in Progress MOVEit Transfer Audit User module. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...
JumpServer > 3.6.4 - Information Disclosure
JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not...
BIT-VAULT-2026-5051 Audit Log Plugin Directory Guard Bypass via Legacy path Option
HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used. This vulnerability CVE-2026-5051 is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17...
GoFiber Vulnerable to X-Real-IP Spoofing via Header.Add() in BalancerForward
Summary The BalancerForward proxy helper in GoFiber uses Header.Add instead of Header.Set when injecting the X-Real-IP header. This appends the real client IP as a second header value rather than replacing any attacker-supplied value. Upstream servers that read the first X-Real-IP header nginx,...
Jenkin Audit Trail <=3.2 - Cross-Site Scripting
Jenkins Audit Trail 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. id: CVE-2020-2140 info: name: Jenkin Audit Trail =3.3 which includes a fix for this vulnerability. reference: -...
CVE-2026-8147
In MLflow versions prior to 3.14.0, when running with authentication enabled, the trace API endpoints lack proper authorization validators. This allows any authenticated user to bypass experiment-level authorization controls on all trace operations, including reading, deleting, and modifying trac...
CVE-2026-5051
A flaw was found in HashiCorp Vault and Vault Enterprise. The audit device validation logic did not consistently apply plugin directory protections when a legacy file audit path option was used. This inconsistency could allow an attacker to bypass security controls, potentially leading to...
CVE-2026-40034 vulnerabilities
Vulnerabilities for packages: cargo-audit, jujutsu...
CVE-2026-40034 vulnerabilities
Vulnerabilities for packages: cargo-audit...
CVE-2026-5051
HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used. This vulnerability CVE-2026-5051 is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17...
EUVD-2026-41098
HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used. This vulnerability CVE-2026-5051 is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17...
CVE-2026-5051
CVE-2026-5051 affects HashiCorp Vault and Vault Enterprise prior to 2.0.1. The audit device plugin directory guard could be bypassed when using the legacy file audit path option, because the file audit backend accepted the legacy path as a fallback and did not validate the destination against the...
Vault Audit Device Plugin Directory Guard Bypass via Legacy Path Option
HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used. This vulnerability CVE-2026-5051 is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17. Vault supports audit devices...
Important: Red Hat Security Advisory: Logging for Red Hat OpenShift - 6.4.6
Logging for Red Hat OpenShift - 6.4.6 Red Hat OpenShift Logging 6.4.6 is a cluster-wide logging solution for OpenShift that collects and manages applications, infrastructure, and audit logs...
PT-2026-54782
Name of the Vulnerable Software and Affected Versions HashiCorp Vault versions prior to 2.0.1 HashiCorp Vault Enterprise versions prior to 2.0.1 Description Audit device validation logic fails to consistently apply plugin directory protections when the legacy file audit path option is utilized...
CVE-2026-53287
In the Linux kernel, the following vulnerability has been resolved: audit: fix incorrect inheritable capability in CAPSET records auditlogcapset records the effective capability set into the inheritable field due to a copy-paste error. Every CAPSET audit record therefore reports cappi process...
CVE-2026-12616
The /v1/upload/sbom endpoint extracts the iss claim from the attacker-supplied JWT with signature verification disabled, then interpolates that string into three log statements before any validation gate. Because the configured log format "%asctimes - %names - %levelnames - %messages" renders...
CVE-2026-12616
The CVE describes a vulnerability in the /v1/upload/sbom endpoint where the iss claim from an attacker-supplied JWT is read with signature verification disabled and interpolated into log statements before validation. The log format renders newlines literally, allowing an unauthenticated attacker ...