Lucene search
K

709 matches found

CVE
CVE
added yesterday6 views

CVE-2026-50391

Improper privilege management in Windows Group Policy allows an authorized attacker to elevate privileges locally...

7.8CVSS6AI score
Exploits0References1
NVD
NVD
added 2026/07/07 10:16 a.m.10 views

CVE-2026-14476

A path traversal flaw was found in SSSD's AD GPO provider. The adgpoextractsmbcomponents function does not sanitize .. sequences in the gPCFileSysPath LDAP attribute, allowing an attacker with AD GPO management access to write files outside the GPO cache directory as root. On default RHEL...

8CVSS0.00501EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/07 9:12 a.m.38 views

CVE-2026-14476 Sssd: sssd: gpo cache path traversal via unsanitized gpcfilesyspath allows kerberos authentication bypass

A path traversal flaw was found in SSSD's AD GPO provider. The adgpoextractsmbcomponents function does not sanitize .. sequences in the gPCFileSysPath LDAP attribute, allowing an attacker with AD GPO management access to write files outside the GPO cache directory as root. On default RHEL...

8CVSS0.00501EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/07 9:12 a.m.5 views

EUVD-2026-42023

A path traversal flaw was found in SSSD's AD GPO provider. The adgpoextractsmbcomponents function does not sanitize .. sequences in the gPCFileSysPath LDAP attribute, allowing an attacker with AD GPO management access to write files outside the GPO cache directory as root. On default RHEL...

8CVSS5.9AI score0.00501EPSS
Exploits0References2
CVE
CVE
added 2026/07/07 9:12 a.m.17 views

CVE-2026-14476

CVE-2026-14476 : A path traversal flaw in SSSD’s AD GPO provider (ad_gpo_extract_smb_components()) does not sanitize .. in gPCFileSysPath, enabling an attacker with AD GPO management access to write files outside the GPO cache directory as root. In default RHEL with SELinux enforcing, this can in...

8CVSS5.9AI score0.00501EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/07 9:12 a.m.5 views

CVE-2026-14476

A path traversal flaw was found in SSSD's AD GPO provider. The adgpoextractsmbcomponents function does not sanitize .. sequences in the gPCFileSysPath LDAP attribute, allowing an attacker with AD GPO management access to write files outside the GPO cache directory as root. On default RHEL...

8CVSS5.9AI score0.00501EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-14476

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A path traversal flaw was found in SSSD's AD GPO provider. The adgpoextractsmbcomponents function does not sanitize .. sequences in the gPCFileSysPath LDAP...

8CVSS6.1AI score0.00501EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 6:2 a.m.5 views

BIT-GITLAB-2026-5309 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user to read or modify another group's virtual registry cleanup policy settings without...

5.4CVSS5.8AI score0.00171EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 5:16 a.m.12 views

CVE-2026-5309

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user to read or modify another group's virtual registry cleanup policy settings without...

5.4CVSS0.00171EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 4:34 a.m.113 views

CVE-2026-5309

GitLab EE fixed an authorization bypass (CVE-2026-5309) affecting all GitLab EE versions 18.6 before 18.11.6 , 19.0 before 19.0.3 , and 19.1 before 19.1.1 . Under certain conditions, an authenticated user could read or modify another group’s virtual registry cleanup policy settings without author...

5.4CVSS5.9AI score0.00171EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:34 a.m.78 views

CVE-2026-5309

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user to read or modify another group's virtual registry cleanup policy settings without...

5.4CVSS5.9AI score0.00171EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/25 4:34 a.m.42 views

CVE-2026-5309 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user to read or modify another group's virtual registry cleanup policy settings without...

5.4CVSS0.00171EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 4:34 a.m.6 views

EUVD-2026-39175

GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user to read or modify another group's virtual registry cleanup policy settings without...

5.4CVSS5.9AI score0.00171EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.10 views

GitLab 18.6 < 18.11.6 / 19.0 < 19.0.3 / 19.1 < 19.1.1 (CVE-2026-5309)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticate...

5.4CVSS5.9AI score0.00171EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/23 1:27 a.m.7 views

samba: group policy certificate enrollment uses http:// without validation

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...

8CVSS5.8AI score0.00261EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/23 1:27 a.m.16 views

Important: Red Hat Security Advisory: samba security update

An update for samba is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.8CVSS6AI score0.12797EPSS
Exploits9References6
RedHat Linux
RedHat Linux
added 2026/06/23 1:24 a.m.6 views

samba: group policy certificate enrollment uses http:// without validation

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...

8CVSS5.8AI score0.00261EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/23 1:16 a.m.7 views

samba: group policy certificate enrollment uses http:// without validation

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...

8CVSS5.8AI score0.00261EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/23 1:7 a.m.5 views

samba: group policy certificate enrollment uses http:// without validation

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...

8CVSS5.8AI score0.00261EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/23 1:1 a.m.10 views

samba: group policy certificate enrollment uses http:// without validation

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...

8CVSS5.8AI score0.00261EPSS
Exploits0References5
Rows per page
Query Builder