CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

SUSE CVE•added 2026/05/07 2:23 a.m.•3 views

SUSE CVE-2026-7573

An authorization bypass CWE-639 in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy roles and permissions for any user across all organizations by supplying targeted Name and Org...

5CVSS5.8AI score0.0001EPSS

Exploits0References3

Snyk•added 2026/05/06 4:12 a.m.•5 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the GetUserRoles API endpoint. An attacker can access ACL policies for any user across all organizations by supplying specific Name and Org parameters in a network request. Remediatio...

7.7CVSS5.8AI score0.0001EPSS

Exploits0References2

Github Security Blog•added 2026/05/06 3:33 a.m.•7 views

Velocidex Velociraptor has an authorization bypass vulnerability

7.7CVSS5.8AI score0.0001EPSS

Exploits0References3Affected Software1

NVD•added 2026/05/06 3:15 a.m.•5 views

CVE-2026-7573

7.7CVSS0.0001EPSS

Exploits0References1

Cvelist•added 2026/05/06 2:15 a.m.•25 views

CVE-2026-7573 GetUserRoles API endpoint allows any authenticated user to enumerate ACL policies across all organizations

5CVSS0.0001EPSS

Exploits0References1

CNNVD•added 2026/05/06 12:0 a.m.•4 views

Velocidex Velociraptor 安全漏洞

Velocidex Velociraptor is a tool developed by Velocidex Australia that uses the Velociraptor Query Language VQL to retrieve host-based status information. Versions of Velocidex Velociraptor prior to 0.76.5 contained a security vulnerability. This vulnerability stemmed from an authorization bypass...

7.7CVSS5.8AI score0.0001EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by