Lucene search
K

6073 matches found

EUVD
EUVD
added yesterday4 views

EUVD-2026-42384

Incorrect Authorization vulnerability in Progress MOVEit Transfer Audit User module. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...

2.7CVSS5.9AI score
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-8800

CVE-2026-8800 is an Incorrect Authorization vulnerability in Progress MOVEit Transfer (Audit User module). Affected versions include MOVEit Transfer before 2025.0.7 and from 2025.1.0 before 2025.1.3. The issue is described as a Low-severity (CVSS 3.1: 2.7) vulnerability with network access, requi...

2.7CVSS5.9AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-8800

Incorrect Authorization vulnerability in Progress MOVEit Transfer Audit User module. This issue affects MOVEit Transfer: before 2025.0.7, from 2025.1.0 before 2025.1.3...

2.7CVSS5.9AI score
Exploits0References2Affected Software1
Nuclei
Nuclei
added 2 days ago100 views

JumpServer > 3.6.4 - Information Disclosure

JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not...

8.2CVSS6.8AI score0.55861EPSS
Exploits5References5
OSV
OSV
added 2 days ago3 views

BIT-VAULT-2026-5051 Audit Log Plugin Directory Guard Bypass via Legacy path Option

HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used. This vulnerability CVE-2026-5051 is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17...

4.4CVSS6AI score0.00278EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added last week7 views

GoFiber Vulnerable to X-Real-IP Spoofing via Header.Add() in BalancerForward

Summary The BalancerForward proxy helper in GoFiber uses Header.Add instead of Header.Set when injecting the X-Real-IP header. This appends the real client IP as a second header value rather than replacing any attacker-supplied value. Upstream servers that read the first X-Real-IP header nginx,...

5.3CVSS5.7AI score
Exploits0References2Affected Software2
Nuclei
Nuclei
added last week100 views

Jenkin Audit Trail <=3.2 - Cross-Site Scripting

Jenkins Audit Trail 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. id: CVE-2020-2140 info: name: Jenkin Audit Trail =3.3 which includes a fix for this vulnerability. reference: -...

6.1CVSS6.2AI score0.75975EPSS
Exploits0References5
NVD
NVD
added last week8 views

CVE-2026-8147

In MLflow versions prior to 3.14.0, when running with authentication enabled, the trace API endpoints lack proper authorization validators. This allows any authenticated user to bypass experiment-level authorization controls on all trace operations, including reading, deleting, and modifying trac...

8.1CVSS0.00348EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/07/01 8:33 p.m.12 views

CVE-2026-5051

A flaw was found in HashiCorp Vault and Vault Enterprise. The audit device validation logic did not consistently apply plugin directory protections when a legacy file audit path option was used. This inconsistency could allow an attacker to bypass security controls, potentially leading to...

4.4CVSS5.6AI score0.00278EPSS
Exploits0References4
Chainguard
Chainguard
added 2026/07/01 8:21 p.m.9 views

CVE-2026-40034 vulnerabilities

Vulnerabilities for packages: cargo-audit, jujutsu...

8.5CVSS5.9AI score0.00351EPSS
Exploits0
Wolfi
Wolfi
added 2026/07/01 8:21 p.m.11 views

CVE-2026-40034 vulnerabilities

Vulnerabilities for packages: cargo-audit...

8.5CVSS5.8AI score0.00351EPSS
Exploits0
NVD
NVD
added 2026/07/01 6:16 p.m.9 views

CVE-2026-5051

HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used. This vulnerability CVE-2026-5051 is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17...

4.4CVSS0.00278EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 5:10 p.m.7 views

EUVD-2026-41098

HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used. This vulnerability CVE-2026-5051 is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17...

4.4CVSS5.8AI score0.00278EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 5:10 p.m.68 views

CVE-2026-5051

CVE-2026-5051 affects HashiCorp Vault and Vault Enterprise prior to 2.0.1. The audit device plugin directory guard could be bypassed when using the legacy file audit path option, because the file audit backend accepted the legacy path as a fallback and did not validate the destination against the...

4.4CVSS5.8AI score0.00278EPSS
Exploits0References1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2026/07/01 5:8 p.m.46 views

Vault Audit Device Plugin Directory Guard Bypass via Legacy Path Option

HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used. This vulnerability CVE-2026-5051 is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17. Vault supports audit devices...

4.4CVSS5.8AI score0.00278EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2026/07/01 4:16 p.m.6 views

Important: Red Hat Security Advisory: Logging for Red Hat OpenShift - 6.4.6

Logging for Red Hat OpenShift - 6.4.6 Red Hat OpenShift Logging 6.4.6 is a cluster-wide logging solution for OpenShift that collects and manages applications, infrastructure, and audit logs...

9.6CVSS6.7AI score0.01557EPSS
Exploits2References11
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.9 views

PT-2026-54782

Name of the Vulnerable Software and Affected Versions HashiCorp Vault versions prior to 2.0.1 HashiCorp Vault Enterprise versions prior to 2.0.1 Description Audit device validation logic fails to consistently apply plugin directory protections when the legacy file audit path option is utilized...

4.4CVSS5.8AI score0.00278EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/30 2:57 a.m.9 views

CVE-2026-53287

In the Linux kernel, the following vulnerability has been resolved: audit: fix incorrect inheritable capability in CAPSET records auditlogcapset records the effective capability set into the inheritable field due to a copy-paste error. Every CAPSET audit record therefore reports cappi process...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References4
NVD
NVD
added 2026/06/29 2:16 p.m.7 views

CVE-2026-12616

The /v1/upload/sbom endpoint extracts the iss claim from the attacker-supplied JWT with signature verification disabled, then interpolates that string into three log statements before any validation gate. Because the configured log format "%asctimes - %names - %levelnames - %messages" renders...

6.9CVSS0.00308EPSS
Exploits0References1
CVE
CVE
added 2026/06/29 1:23 p.m.12 views

CVE-2026-12616

The CVE describes a vulnerability in the /v1/upload/sbom endpoint where the iss claim from an attacker-supplied JWT is read with signature verification disabled and interpolated into log statements before validation. The log format renders newlines literally, allowing an unauthenticated attacker ...

6.9CVSS5.8AI score0.00308EPSS
Exploits0References1
Rows per page
Query Builder