Lucene search
K

9 matches found

OSV
OSV
added 2026/03/29 3:37 p.m.4 views

GHSA-46WH-3698-F2CX Traefik: Deny Rule Bypass via Unauthenticated Malicious gRPC Requests in gRPC-Go Dependency (CVE-2026-33186)

Summary There is a potential vulnerability in Traefik due to its dependency on an affected version of gRPC-Go CVE-2026-33186. A remote, unauthenticated attacker can send gRPC requests with a malformed HTTP/2 :path pseudo-header omitting the mandatory leading slash e.g., Service/Method instead of...

7.8CVSS5.9AI score
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/03/28 12:26 a.m.5 views

SUSE CVE-2026-32758

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.2 and below are vulnerable to Path Traversal through the resourcePatchHandler http/resource.go. The destination path in resourcePatchHandler is...

6.5CVSS5.7AI score0.00387EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/19 11:22 p.m.3 views

CVE-2026-32758 File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination Parameter

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.2 and below are vulnerable to Path Traversal through the resourcePatchHandler http/resource.go. The destination path in resourcePatchHandler is...

6.5CVSS5.7AI score0.00387EPSS
Exploits0References3
CVE
CVE
added 2026/03/19 11:22 p.m.17 views

CVE-2026-32758

The CVE-2026-32758 entry concerns File Browser, where versions 2.61.2 and earlier are vulnerable to Path Traversal via the resourcePatchHandler in http/resource.go. The flaw allows an authenticated user with Create or Rename permissions to bypass deny rules by injecting .. sequences in the destin...

6.5CVSS5.7AI score0.00387EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/10 7:1 p.m.4 views

CVE-2026-26308

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, the Envoy RBAC Role-Based Access Control filter contains a logic vulnerability in how it validates HTTP headers when multiple values are present for the same header name. Instead of validating eac...

7.5CVSS5.8AI score0.00293EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.9 views

PT-2026-6765

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 2.1.7 Description Claude Code, an agentic coding tool, did not properly enforce deny rules defined in the settings.json file when handling symbolic links. Specifically, if access to a file like /etc/passwd was...

7.5CVSS5.5AI score0.00376EPSS
Exploits0References12
Vulnrichment
Vulnrichment
added 2026/01/19 2:32 p.m.2 views

CVE-2026-1007

Incorrect Authorization vulnerability in virtual gateway component in Devolutions Server allows attackers to bypass deny IP rules.This issue affects Server: from 2025.3.1 through 2025.3.12...

5.5AI score0.00184EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/19 2:32 p.m.4 views

EUVD-2026-3217

Incorrect Authorization vulnerability in virtual gateway component in Devolutions Server allows attackers to bypass deny IP rules.This issue affects Server: from 2025.3.1 through 2025.3.12...

7.6CVSS5.5AI score0.00184EPSS
Exploits0References3
OSV
OSV
added 2016/12/11 2:59 a.m.4 views

ALPINE-CVE-2016-9849

An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction $cfg'Servers'$i'AllowRoot' and deny rules for username by using Null Byte in the username. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

9.8CVSS7AI score0.01964EPSS
Exploits0References1
Rows per page
Query Builder