Lucene search
K

34 matches found

Cvelist
Cvelist
added 2026/06/26 6:1 p.m.35 views

CVE-2026-47205 Envoy: ext_authz Use-After-Free during Stream Teardown with Per-Route Overrides

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 until 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free UAF vulnerability leading to a sudden segmentation fault exists in Envoy's extauthz HTTP filter when processing per-route authorization overrides...

5.9CVSS0.00387EPSS
Exploits1References1
CVE
CVE
added 2026/06/26 6:1 p.m.16 views

CVE-2026-47205

CVE-2026-47205 affects Envoy’s ext_authz HTTP filter. From 1.36.0 through 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free (UAF) occurs when processing per-route authorization overrides concurrently with rapid downstream disconnects. The vulnerable flow creates a transient per-route client and reallo...

5.9CVSS5.8AI score0.00387EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.7 views

PT-2026-52893

Name of the Vulnerable Software and Affected Versions Envoy versions 1.36.0 through 1.36.8 Envoy versions 1.37.0 through 1.37.4 Envoy versions 1.38.0 through 1.38.2 Description A Use-After-Free UAF issue exists in the ext authz HTTP filter when processing per-route authorization overrides...

5.9CVSS5.8AI score0.00387EPSS
Exploits1References19
EUVD
EUVD
added 2025/10/03 8:7 p.m.13 views

EUVD-2022-43096

Malicious code in bioql PyPI...

6.5CVSS5.8AI score0.0089EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-58783

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00581EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-3740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group...

6.5CVSS5.7AI score0.0089EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 10:7 p.m.6 views

CVE-2022-3740

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...

6.5CVSS6.4AI score0.0089EPSS
Exploits0References1
OSV
OSV
added 2024/03/06 11:13 a.m.27 views

BIT-GITLAB-2022-3740

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...

6.5CVSS5.5AI score0.0089EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/02/09 12:0 a.m.3 views

PT-2024-2767 · Envoy +1 · Envoy +1

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.26.7 Envoy versions prior to 1.27.3 Envoy versions prior to 1.28.1 Envoy versions prior to 1.29.1 Description: The issue exists due to insufficient input validation in the Envoy proxy server, allowing remote attacker...

8.6CVSS7.8AI score0.006EPSS
Exploits0References14
NVD
NVD
added 2024/01/11 4:15 p.m.16 views

CVE-2023-6554

When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers...

6.5CVSS6.4AI score0.00581EPSS
Exploits0References3
OSV
OSV
added 2024/01/11 4:15 p.m.22 views

CVE-2023-6554

When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers...

6.5CVSS6.6AI score0.00581EPSS
Exploits0References3
Prion
Prion
added 2024/01/11 4:15 p.m.16 views

Design/Logic Flaw

When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers...

4CVSS6.8AI score0.00581EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/01/11 12:0 a.m.4 views

Tecnick TCExam Security Breach

Tecnick TCExam is a Web-based open source e-exam system from Tecnick UK. The system is mainly used for online exams, etc. A security vulnerability exists in Tecnick TCExam versions prior to 15.1.0, which stems from an insufficiently protected external authorization mechanism in the admin folder...

6.5CVSS6.7AI score0.00581EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/04/04 12:0 a.m.3 views

Envoy 输入验证错误漏洞

Envoy is an open source distributed proxy server. Envoy suffers from an input validation error vulnerability that stems from the ability to escalate privileges when failuremodeallow: true is configured for the extauthz filter...

9.8CVSS8.2AI score0.00731EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/04/04 12:0 a.m.7 views

PT-2023-21163 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy versions prior to 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 Description: The issue concerns escalation of privileges when failure mode allow: true is configured for the ext authz filter in Envoy, an open source edge and service proxy...

9.8CVSS9.2AI score0.00731EPSS
Exploits1References13
SUSE CVE
SUSE CVE
added 2023/02/15 3:40 a.m.4 views

SUSE CVE-2021-32777

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions when ext-authz extension is sending request headers to the external authorization service it must merge multiple value headers according to the HTTP spec. However,...

8.6CVSS8.5AI score0.03325EPSS
Exploits0References3
NVD
NVD
added 2023/01/26 9:15 p.m.22 views

CVE-2022-3740

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...

6.5CVSS6.5AI score0.0089EPSS
Exploits0References3
Prion
Prion
added 2023/01/26 9:15 p.m.33 views

Authorization

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...

3.3CVSS5AI score0.0089EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2023/01/26 9:15 p.m.34 views

CVE-2022-3740

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...

6.5CVSS6.1AI score0.0089EPSS
Exploits0References1
OSV
OSV
added 2023/01/26 9:15 p.m.3 views

UBUNTU-CVE-2022-3740

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using...

6.5CVSS5.7AI score0.0089EPSS
Exploits0References2
Rows per page
Query Builder