Lucene search
K

105 matches found

NVD
NVD
added 3 days ago7 views

CVE-2026-54423

In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the sendraw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control...

8.2CVSS0.00516EPSS
Exploits0References3
Debian CVE
Debian CVE
added 3 days ago5 views

CVE-2026-54423

In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the sendraw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control...

8.2CVSS6.2AI score0.00516EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/07 4:42 a.m.9 views

SUSE CVE-2026-11190

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Chromium security severity: Medium...

6.5CVSS5.4AI score0.00165EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-11258

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in File System Access in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific ...

6.5CVSS5.5AI score0.00201EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/04 11:6 p.m.10 views

CVE-2026-11258

Inappropriate implementation in File System Access in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...

6.5CVSS5.5AI score0.00201EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.9 views

PT-2026-46778

Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00186EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.14 views

PT-2026-46662

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient policy enforcement in the Autofill feature allows a remote attacker to bypass discretionary access control, which is a mechanism used to restrict access to objects based on...

9.6CVSS5.9AI score0.00493EPSS
Exploits0References437
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.10 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability caused by improper implementation in extensions. Attackers could exploit this vulnerability to bypass autonomous access control through...

6.5CVSS5.3AI score0.00165EPSS
Exploits0References3
NVD
NVD
added 2026/05/28 5:16 p.m.16 views

CVE-2026-41141

EspoCRM is an open source customer relationship management application. Prior to 9.3.5, the POST /api/v1/EmailTemplate/:id/prepare endpoint accepts an emailAddress parameter and resolves the owning entity Contact, Lead, Account, or User without performing an ACL check. An authenticated user with...

6.5CVSS0.00346EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.13 views

PT-2026-43240

When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain CMA can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permission...

4.1CVSS5.8AI score0.04102EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-44283

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via...

4.3CVSS5.6AI score0.00225EPSS
Exploits0References3
NVD
NVD
added 2026/05/12 10:16 p.m.17 views

CVE-2026-42855

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer Digest authentication implementation in arduino-esp32 computes the authentication hash using the URI field from the client's Authorization header,...

7.5CVSS0.00351EPSS
Exploits1References1
NVD
NVD
added 2026/05/06 7:16 p.m.7 views

CVE-2026-7952

Insufficient policy enforcement in Extensions in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...

4.2CVSS0.00172EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/06 6:12 p.m.34 views

CVE-2026-7952

Insufficient policy enforcement in Extensions in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...

0.00172EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.10 views

Kyverno 安全漏洞

Kyverno is an open-source policy engine designed for Kubernetes by Kyverno developers. There is a security vulnerability in Kyverno, which stems from the fact that the ConfigMap context loader does not validate the configMap.namespace field. This allows namespace administrators to use Kyverno’s...

7.7CVSS5.8AI score0.00266EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:27 p.m.1 views

CVE-2026-35635

OpenClaw before 2026.3.22 contains a webhook path route replacement vulnerability in the Synology Chat extension that allows attackers to collapse multi-account configurations onto shared webhook paths. Attackers can exploit inherited or duplicate webhook paths to bypass per-account DM access...

6.3CVSS6AI score0.00245EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.7 views

PT-2026-31018

Name of the Vulnerable Software and Affected Versions @delmaredigital/payload-puck versions prior to 0.6.23 Description The @delmaredigital/payload-puck plugin for PayloadCMS, a visual page builder integration, had a critical issue where access control was bypassed. Specifically, all CRUD endpoin...

9.4CVSS5.9AI score0.00376EPSS
Exploits1References12
NVD
NVD
added 2026/03/16 2:17 p.m.11 views

CVE-2016-20029

ZKTeco ZKBioSecurity 3.0 contains a file path manipulation vulnerability that allows attackers to access arbitrary files by modifying file paths used to retrieve local resources. Attackers can manipulate path parameters to bypass access controls and retrieve sensitive information including...

6.9CVSS0.00206EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/03/04 11:20 p.m.4 views

CVE-2026-2833 HTTP Request Smuggling via Premature Upgrade

An HTTP request smuggling vulnerability CWE-444 was found in Pingora's handling of HTTP/1.1 connection upgrades. The issue occurs when a Pingora proxy reads a request containing an Upgrade header, causing the proxy to pass through the rest of the bytes on the connection to a backend before the...

9.3CVSS5.7AI score0.00666EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/02/24 5:29 p.m.6 views

CVE-2026-27588

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP host request matcher is documented as case-insensitive, but when configured with a large host list 100 entries it becomes case-sensitive due to an optimized matching path. An attacker can bypass...

9.1CVSS5.9AI score0.0037EPSS
Exploits1References3
Rows per page
Query Builder