Lucene search
+L

18 matches found

OSV
OSV
added 2 days ago4 views

CVE-2026-44595 Yamcs: Unauthorized user enumeration via IAM API endpoints

Yamcs is a mission control framework. Prior to 5.12.7, the IAM API endpoints listUsers, getUser, listGroups, and getGroup in yamcs-core did not enforce the required SystemPrivilege.ControlAccess check in yamcs-core/src/main/java/org/yamcs/http/api/IamApi.java, so any authenticated user, even one...

4.3CVSS6.1AI score0.01019EPSS
Exploits3References7
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-44595 Yamcs: Unauthorized user enumeration via IAM API endpoints

Yamcs is a mission control framework. Prior to 5.12.7, the IAM API endpoints listUsers, getUser, listGroups, and getGroup in yamcs-core did not enforce the required SystemPrivilege.ControlAccess check in yamcs-core/src/main/java/org/yamcs/http/api/IamApi.java, so any authenticated user, even one...

4.3CVSS0.01019EPSS
Exploits3References5
NVD
NVD
added 2026/07/02 8:17 p.m.6 views

CVE-2026-59100

LobeChat through 2.2.9 contains a broken object level authorization vulnerability that allows authenticated attackers to access and modify other users' chat-group agent data by supplying arbitrary group identifiers. Attackers can invoke the getGroupAgents, updateAgentInGroup, and...

5CVSS0.0018EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/02 7:43 p.m.40 views

CVE-2026-59100 LobeChat 2.2.9 - Broken Object Level Authorization via Chat-Group Agent Operations

LobeChat through 2.2.9 contains a broken object level authorization vulnerability that allows authenticated attackers to access and modify other users' chat-group agent data by supplying arbitrary group identifiers. Attackers can invoke the getGroupAgents, updateAgentInGroup, and...

5CVSS0.0018EPSS
Exploits0References4
CVE
CVE
added 2026/06/25 1:37 p.m.21 views

CVE-2026-47148

CVE-2026-47148 affects EmberZNet v9.0.2 and earlier. Malformed GetGroupMembership commands can trigger reads past the end of the message payload, potentially terminating the process. The impact is observed on devices that have already joined the network and that support the Groups cluster; no inf...

7.1CVSS5.9AI score0.00249EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/25 1:37 p.m.9 views

EUVD-2026-39403

In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...

7.1CVSS5.9AI score0.00249EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/27 12:3 a.m.7 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the IAM API endpoints, including listUsers, getUser, listGroups, and getGroup. An attacker can retrieve sensitive user information, such as usernames, superuser status, and group memberships, by sending...

5.3CVSS5.5AI score0.01019EPSS
Exploits3References2
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.11 views

PT-2025-52978

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue was identified in the Linux kernel related to the ext4 filesystem. The problem involves incorrectly setting the goal start in the ext4 mb normalize request function. Specificall...

7.8CVSS6.4AI score0.00462EPSS
Exploits2References899
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-31913

Malicious code in bioql PyPI...

6.4AI score0.00145EPSS
Exploits0References6
NVD
NVD
added 2025/10/01 12:15 p.m.4 views

CVE-2023-53503

In the Linux kernel, the following vulnerability has been resolved: ext4: allow ext4getgroupinfo to fail Previously, ext4getgroupinfo would treat an invalid group number as BUG, since in theory it should never happen. However, if a malicious attaker or fuzzer modifies the superblock via the block...

5.5CVSS0.00145EPSS
Exploits0References5
OSV
OSV
added 2025/10/01 11:45 a.m.6 views

CVE-2023-53503 ext4: allow ext4_get_group_info() to fail

In the Linux kernel, the following vulnerability has been resolved: ext4: allow ext4getgroupinfo to fail Previously, ext4getgroupinfo would treat an invalid group number as BUG, since in theory it should never happen. However, if a malicious attaker or fuzzer modifies the superblock via the block...

5.5CVSS7.5AI score0.00145EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/10/01 12:0 a.m.4 views

PT-2025-40210

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the ext4 filesystem implementation. Specifically, the ext4 get group info function previously triggered a kernel BUG when encountering an invalid...

6.2AI score0.00145EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2024/12/04 12:56 a.m.4 views

kernel: ext4: allow ext4_get_group_info() to fail

In the Linux kernel, the following vulnerability has been resolved: ext4: allow ext4getgroupinfo to fail Previously, ext4getgroupinfo would treat an invalid group number as BUG, since in theory it should never happen. However, if a malicious attaker or fuzzer modifies the superblock via the block...

5.5CVSS6.8AI score0.00145EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:34 a.m.6 views

SUSE CVE-2013-6048

The getgrouptree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service infinite loop and memory consumption in the munin-html process via crafted multigraph data...

5CVSS6.8AI score0.02502EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2018/10/30 12:5 p.m.5 views

kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4getgroupinfo function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image...

5.5CVSS7AI score0.00766EPSS
Exploits1References4
OSV
OSV
added 2018/07/26 6:29 p.m.2 views

DEBIAN-CVE-2018-10881

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4getgroupinfo function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image...

5.5CVSS6.9AI score0.00766EPSS
Exploits1References1
CNVD
CNVD
added 2017/11/08 12:0 a.m.4 views

EasySNS Minimalist Community getgrouptopic method has SQL injection vulnerability

EasySNS Minimalist Community Group Edition is a new database architecture and program structure to form an interactive community with a group as the basic unit. EasySNS Minimalist Community getgrouptopic method has a SQL injection vulnerability, which can be exploited by attackers to obtain...

7.8AI score
Exploits0
OSV
OSV
added 2013/12/13 6:55 p.m.5 views

DEBIAN-CVE-2013-6048

The getgrouptree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service infinite loop and memory consumption in the munin-html process via crafted multigraph data...

5CVSS6.4AI score0.02502EPSS
Exploits0References1
Rows per page
Query Builder