Lucene search
+L

556 matches found

NVD
NVD
added yesterday5 views

CVE-2026-47086

An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. GENURLAUTH-issued tokens can bypass ACLs. Any authenticated user could mint a URLAUTH token via the GENURLAUTH command for any mailbox they could name, even without read access on it. This would allow reading mail from mailboxes...

3.5CVSS
Exploits0References2
OSV
OSV
added 2026/07/10 4:17 a.m.3 views

DEBIAN-CVE-2026-54423

In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the sendraw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control...

8.2CVSS6.2AI score0.00516EPSS
Exploits0References1
NVD
NVD
added 2026/07/10 4:17 a.m.8 views

CVE-2026-54423

In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the sendraw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control...

8.2CVSS0.00516EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/07/10 3:10 a.m.6 views

CVE-2026-54423

In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the sendraw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control...

8.2CVSS6.2AI score0.00516EPSS
Exploits0
NVD
NVD
added 2026/07/07 9:17 p.m.10 views

CVE-2026-57172

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, ShareSecretManage uses a hardcoded default share link signature key, allowing an attacker who can obtain a passwordless share for a resource and user to use the known key link-pwd-fit2cloud to forge linkToken JWTs,...

8.3CVSS0.00289EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/06 4:12 p.m.39 views

CVE-2026-40138 Critical Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance...

9.2CVSS0.00417EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.12 views

PT-2026-55950

Name of the Vulnerable Software and Affected Versions BeyondTrust Remote Support and Privileged Remote Access versions prior to 26.2.1 BeyondTrust Remote Support and Privileged Remote Access versions prior to 25.3.3 Description A critical pre-authentication flaw exists in the authentication...

9.2CVSS6.2AI score0.00417EPSS
Exploits0References23
OSV
OSV
added 2026/06/24 6:37 p.m.3 views

DRUPAL-CONTRIB-2026-055

This module enables you to utilize an agent to use Drupal core actions tools with bypassed access. Certain Drupal core actions, exposed as agent tools did not have correct access validation, and some core actions were missing associated access-level definitions. This vulnerability is mitigated by...

3.3CVSS5.8AI score0.00161EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-52168

Name of the Vulnerable Software and Affected Versions Drupal AI versions 0.0.0 through 1.2.17 Drupal AI versions 1.3.0 through 1.3.8 Drupal AI versions 1.4.0 through 1.4.3 Description A missing authorization issue allows forceful browsing. Certain Drupal core actions exposed as agent tools lack...

6AI score0.00161EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2026/06/18 4:15 p.m.10 views

USN-8453-1: Net::CIDR::Lite vulnerabilities

It was discovered that Net::CIDR::Lite incorrectly validated IP address and CIDR mask inputs. An attacker could possibly use this issue to bypass IP access control lists. CVE-2026-45190 It was discovered that Net::CIDR::Lite incorrectly handled extraneous zero characters in CIDR mask values. An...

6.5CVSS5.4AI score0.00311EPSS
Exploits0
EUVD
EUVD
added 2026/06/15 9:30 p.m.11 views

EUVD-2026-36982

Subscriber Broken Access Control in rtMedia for WordPress, BuddyPress and bbPress = 4.7.9 versions...

6.5CVSS5.1AI score0.00279EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 10:16 p.m.11 views

CVE-2026-53825

OpenClaw before 2026.4.7 contains an arbitrary file read vulnerability in the memory-wiki ingest feature that allows authenticated Gateway operators with operator.write scope to read local files outside intended ingest sources. Attackers with operator.write access can specify arbitrary local file...

7.1CVSS0.00375EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/11 8:59 a.m.13 views

CVE-2026-24724

An incorrect authorization vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass intended access restrictions. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.52...

8.6CVSS5.5AI score0.00259EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.18 views

CyberArk Idira Endpoint Privilege Manager 信任管理问题漏洞

CyberArk Idira Endpoint Privilege Manager is a terminal privilege management agent developed by the American company CyberArk. Versions of CyberArk Idira Endpoint Privilege Manager prior to version 26.5 contained vulnerabilities related to trust management. These vulnerabilities stemmed from...

8.5CVSS5.4AI score0.00128EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 3:15 a.m.11 views

EUVD-2026-35980

An incorrect authorization vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass intended access restrictions. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.52...

8.6CVSS5.5AI score0.00259EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.22 views

PT-2026-48370

Name of the Vulnerable Software and Affected Versions File Station versions prior to 5.5.6.5243 Description An incorrect authorization issue allows a remote attacker with a user account to bypass intended access restrictions. Recommendations Update to version 5.5.6.5243 or later...

8.6CVSS5.3AI score0.00259EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/08 11:44 a.m.14 views

EUVD-2026-35058

A flaw was found in Keycloak. A limited administrator can exploit an improper access control vulnerability in the POST /admin/realms/realm/partialImport endpoint. This allows them to bypass Fine-Grained Admin Permissions FGAP and escalate their privileges to a full realm administrator by importin...

7.2CVSS5.5AI score0.00329EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/07 4:42 a.m.9 views

SUSE CVE-2026-11190

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Chromium security severity: Medium...

6.5CVSS5.4AI score0.00165EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/05 12:31 a.m.10 views

EUVD-2026-34738

Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00213EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.14 views

Open XDMoD 访问控制错误漏洞

Open XDMoD is an open-source tool developed by the Center for Computational Research for managing high-performance computing resources. Versions of Open XDMoD prior to 11.0.3 contained a access control vulnerability. This vulnerability stemmed from a flaw in the access control logic, allowing...

5.3CVSS5.4AI score0.00236EPSS
Exploits0References4
Rows per page
Query Builder