Lucene search
+L

751 matches found

OSV
OSV
added 2026/03/19 5:32 p.m.11 views

GHSA-89X7-5M5M-MCMM Juju has unauthorized update of out-of-scope Vault secrets

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...

7.6CVSS5.8AI score0.00166EPSS
Exploits0References4
NVD
NVD
added 2026/03/18 1:16 p.m.12 views

CVE-2026-32692

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...

7.6CVSS0.00166EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/18 12:35 p.m.34 views

CVE-2026-32692 Unauthorized update of out-of-scope Vault secrets

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...

7.6CVSS0.00166EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/18 12:35 p.m.6 views

CVE-2026-32692

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...

7.6CVSS5.8AI score0.00166EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/18 12:35 p.m.7 views

CVE-2026-32692 Unauthorized update of out-of-scope Vault secrets

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...

7.6CVSS6.4AI score0.00166EPSS
Exploits0References5
CVE
CVE
added 2026/03/18 12:35 p.m.27 views

CVE-2026-32692

The CVE-2026-32692 entry describes an authorization bypass in the Vault secrets back-end of Juju (versions 3.1.6–3.6.18). An authenticated unit agent can perform unauthorized updates to secret revisions, potentially poisoning existing secret revisions within the Vault secret back-end. Metrics ind...

7.6CVSS5.8AI score0.00166EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.7 views

PT-2026-26056

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...

7.6CVSS5.8AI score0.00166EPSS
Exploits0References7
EUVD
EUVD
added 2026/03/13 9:31 p.m.8 views

EUVD-2025-208665

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.72, 6.2.0.0 through 6.2.0.51, and 6.2.1.0 through 6.2.1.11 are vulnerable to SQL injection. An administrative user could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or...

6.5CVSS5.9AI score0.00314EPSS
Exploits0References2
CVE
CVE
added 2026/03/13 7:35 p.m.16 views

CVE-2025-36368

IBM Sterling B2B Integrator and IBM Sterling File Gateway are affected by a SQL injection vulnerability (CVE-2025-36368) in the Dashboard UI affecting versions 6.1.0.0–6.1.2.7_2, 6.2.0.0–6.2.0.5_1, and 6.2.1.0–6.2.1.1_1. The issue allows an administrative user to send crafted SQL statements to vi...

7.2CVSS5.9AI score0.00314EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2026/03/13 7:35 p.m.7 views

CVE-2025-36368 IBM Sterling B2B Integrator and IBM Sterling File Gateway SQL Injection

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.72, 6.2.0.0 through 6.2.0.51, and 6.2.1.0 through 6.2.1.11 are vulnerable to SQL injection. An administrative user could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or...

6.5CVSS5.9AI score0.00314EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 7 : nbdkit-1.8.0-3.el7 (AXSA:2020-4543:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-4543:01 advisory. nbdkit: denial of service due to premature opening of back-end connection CVE-2019-14850 Tenable has extracted the preceding description block directly from...

3.7CVSS5.6AI score0.01601EPSS
Exploits1References2
OSV
OSV
added 2026/01/16 7:20 p.m.10 views

GHSA-5QW5-WF2Q-F538 ActiveRecord-JDBC-Adapter (AR-JDBC) lib/arjdbc/jdbc/adapter.rb sql.gsub() Function SQL Injection

ActiveRecord-JDBC-Adapter AR-JDBC contains a flaw that may allow carrying out an SQL injection attack. The issue is due to the sql.gsub function in lib/arjdbc/jdbc/adapter.rb not properly sanitizing user-supplied input before using it in SQL queries. This may allow a remote attacker to inject or...

9.3CVSS7.7AI score
Exploits0References5
CNNVD
CNNVD
added 2026/01/14 12:0 a.m.8 views

Bluspark BLUVOYIX 安全漏洞

Bluspark BLUVOYIX is a digital supply chain management platform from US-based Bluspark, Inc. Bluspark BLUVOYIX suffers from a security vulnerability that stems from improper back-end API authentication, which could lead to an attacker gaining full access to customer data and completely compromisi...

10CVSS6.7AI score0.00469EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.8 views

MiracleLinux 4 : bind-dyndb-ldap-1.1.0-0.9.b1.0.1.AXS4 (AXSA:2012-575:02)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-575:02 advisory. This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP serve...

4.3CVSS6.8AI score0.02325EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/10 12:0 a.m.5 views

October CMS 跨站脚本漏洞

October CMS is an open source content management system CMS from October CMS based on PHP and the Laravel web application framework. A cross-site scripting vulnerability exists in October CMS versions prior to 3.7.13 and prior to 4.0.12, which stems from insufficient cleanup and escaping in...

6.1CVSS5.9AI score0.00183EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 11:27 a.m.16 views

CVE-2021-33688

SAP Business One allows an attacker with business privileges to execute crafted database queries, exposing the back-end database. Due to framework restrictions, only some information can be obtained...

4.3CVSS6.8AI score0.00652EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:34 a.m.11 views

CVE-2024-41767

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

7.3CVSS7.4AI score0.00308EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/16 12:30 a.m.6 views

EUVD-2025-203470

A security flaw has been discovered in CTCMS Content Management System up to 2.1.2. The impacted element is an unknown function in the library /ctcms/libs/CtConfig.php of the component Backend System Configuration Module. The manipulation of the argument CjAdd/CjEdit results in code injection. Th...

5.8CVSS6.5AI score0.00401EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/12/11 7:49 p.m.27 views

CVE-2025-13214 IBM Aspera Orchestrator SQL Injection

IBM Aspera Orchestrator 4.0.0 through 4.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

7.6CVSS0.00318EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/04 12:0 a.m.6 views

X-SpringBoot 安全漏洞

X-SpringBoot is a lightweight Java rapid development platform for czx individual developers. A security vulnerability exists in X-SpringBoot version 6.0, which stems from the unsynchronized front-end and back-end privilege components and could lead to an elevation of privilege attack...

7.3CVSS6.9AI score0.00249EPSS
Exploits1References3
Rows per page
Query Builder