Lucene search
K

219797 matches found

OSV
OSV
added 2026/05/07 1:58 a.m.5 views

GHSA-6RGM-GR97-X3J5 Free5GC PCF: Missing authentication middleware in Npcf_SMPolicyControl allows access to SM policy handlers and disclosure of subscriber SUPI

Summary PCF NpcfSMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and disclosure of subscriber SUPI Details In NewServer, the smPolicyGroup route group is created and routes are applied without attaching the router authorization middleware. In...

8.2CVSS5.8AI score0.00323EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/05/07 1:58 a.m.9 views

Free5GC PCF: Missing authentication middleware in Npcf_SMPolicyControl allows access to SM policy handlers and disclosure of subscriber SUPI

Summary PCF NpcfSMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and disclosure of subscriber SUPI Details In NewServer, the smPolicyGroup route group is created and routes are applied without attaching the router authorization middleware. In...

8.2CVSS5.8AI score0.00323EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/05/07 1:56 a.m.3 views

GHSA-3V3M-WC6V-X4X3 ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction

Summary There is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext Kubernetes Secret data from etcd via the Kubernetes API server's Server-Side Apply dry-run mechanism. Details Argo CD masks Secret...

9.6CVSS5.8AI score0.00505EPSS
Exploits2References3
Github Security Blog
Github Security Blog
added 2026/05/07 1:26 a.m.9 views

Fleet: Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering

Impact Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their GitRepo. Helm lookup bypass: The Helm template...

9.9CVSS5.8AI score0.00379EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/05/07 12:59 a.m.6 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the stampExpression and watermarkExpression parameters in the merge, split, and convert routes. An attacker can access the contents of arbitrary PDF files on the server by supplying a path to a...

6.9CVSS5.9AI score0.00311EPSS
Exploits1References3
Snyk
Snyk
added 2026/05/07 12:59 a.m.6 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the stampExpression and watermarkExpression parameters in the merge, split, and convert routes. An attacker can access the contents of arbitrary PDF files on the server by supplying a path to a...

6.9CVSS5.9AI score0.00311EPSS
Exploits1References3
Snyk
Snyk
added 2026/05/07 12:59 a.m.5 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the stampExpression and watermarkExpression parameters in the merge, split, and convert routes. An attacker can access the contents of arbitrary PDF files on the server by supplying a path to a...

6.9CVSS5.9AI score0.00311EPSS
Exploits1References3
Snyk
Snyk
added 2026/05/07 12:59 a.m.4 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the stampExpression and watermarkExpression parameters in the merge, split, and convert routes. An attacker can access the contents of arbitrary PDF files on the server by supplying a path to a...

6.9CVSS5.9AI score0.00311EPSS
Exploits1References3
Snyk
Snyk
added 2026/05/07 12:59 a.m.5 views

External Control of File Name or Path

Overview github.com/gotenberg/gotenberg/v7/pkg/modules/chromium is a Docker-powered stateless API for PDF files. Affected versions of this package are vulnerable to External Control of File Name or Path via the stampExpression and watermarkExpression parameters in the merge, split, and convert...

6.9CVSS5.9AI score0.00311EPSS
Exploits1References3
Snyk
Snyk
added 2026/05/07 12:8 a.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the processing of search queries involving hasparent or haschild join relations when document-level security is enabled. An attacker can gain unauthorized access to restricted document contents by crafting...

6CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.7 views

PT-2026-41472

Name of the Vulnerable Software and Affected Versions OpenSearch versions prior to 2.19.4 OpenSearch versions prior to 3.2.0 Description A flaw in the OpenSearch Security plugin occurs during the handling of index rollover requests. When a request includes an explicit target index name, the...

2.2CVSS5.8AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.15 views

PT-2026-38423

Name of the Vulnerable Software and Affected Versions Liderahenk versions 2.0.1 through 2.0.1 Description An Origin Validation Error in the application allows attackers to bypass Access Control Lists ACLs, which are sets of rules that define permissions for users or systems. This flaw enables...

9.8CVSS5.8AI score0.00223EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

Yarbo 访问控制错误漏洞

Yarbo is a modular intelligent courtyard maintenance robot developed by the American company Yarbo. Version 2.3.9 of Yarbo contains an access control vulnerability. This vulnerability stems from the MQTT proxy configuration, which allows anonymous connections without topic-level read/write ACLs. ...

9.8CVSS5.8AI score0.00544EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.8 views

Snipe-IT 访问控制错误漏洞

Snipe-IT is a set of open-source IT asset/license management systems developed by Grokability. Versions of Snipe-IT 8.4.0 and earlier contained a access control vulnerability. This vulnerability stemmed from improper permission settings in the app/Http/Controllers/Api/UploadedFilesController.php...

9.8CVSS6.1AI score0.00475EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.13 views

PT-2026-38460

Name of the Vulnerable Software and Affected Versions Yarbo firmware version 2.3.9 Description The embedded MQTT broker is configured to permit anonymous connections and lacks topic-level read or write Access Control Lists ACLs. This allows any host on the same network to subscribe to sensitive...

9.8CVSS5.8AI score0.00544EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.7 views

Microsoft Azure AI Foundry M365 published agents 访问控制错误漏洞

Microsoft Azure AI Foundry M365 Published Agents are a series of enterprise-level intelligent agents provided by the American company Microsoft. There is an access control vulnerability in Microsoft Azure AI Foundry M365 Published Agents. This vulnerability stems from improper access control, whi...

10CVSS5.8AI score0.01164EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.14 views

PT-2026-38356

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs Happy Addons for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Happy Addons for Elementor: from n/a through 3.20.8...

5.3CVSS5.8AI score0.00336EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.7 views

Optoma CinemaX P2 安全漏洞

The Optoma CinemaX P2 is a super-short focal-length 4K laser home projector from Optoma. The Optoma CinemaX P2 has a security vulnerability, which stems from exposing the HTTP API on TCP port 2345 and allowing unauthorized remote control. This vulnerability could allow any device on the same...

9.8CVSS5.9AI score0.00326EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.15 views

PT-2026-38451

Name of the Vulnerable Software and Affected Versions Ivanti EPMM versions prior to 12.6.1.1 Ivanti EPMM versions prior to 12.7.0.1 Ivanti EPMM versions prior to 12.8.0.1 Description Improper Access Control allows a remote authenticated attacker to gain administrative access. Recommendations Upda...

8.8CVSS6AI score0.00714EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.12 views

PT-2026-38365

Missing Authorization vulnerability in bPlugins PDF Poster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Poster: from n/a through 2.4.1...

5.3CVSS5.8AI score0.00182EPSS
Exploits0References2
Rows per page
Query Builder