Lucene search
K

108 matches found

EUVD
EUVD
added 10 hours ago3 views

EUVD-2026-44596

A flaw was found in the OpenShift GitOps operator. The ClusterRole reconciler does not validate resource ownership when reconciling ClusterRole objects. A namespace-scoped Argo CD instance can trigger deletion of a ClusterRole owned by a cluster-scoped Argo CD instance by crafting a name collisio...

7.7CVSS6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 10 hours ago9 views

CVE-2026-14251

A flaw was found in the OpenShift GitOps operator. The ClusterRole reconciler does not validate resource ownership when reconciling ClusterRole objects. A namespace-scoped Argo CD instance can trigger deletion of a ClusterRole owned by a cluster-scoped Argo CD instance by crafting a name collisio...

7.7CVSS6AI score
Exploits0References3
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-43500

In the Apache Airflow FAB auth manager, a DAG whose dagid is DAGs collided with the global all-DAGs permission resource name produced by resourcename, so a user granted per-DAG accesscontrol on that one DAG was silently granted the global all-DAGs permission privilege escalation. The escalation...

8.1CVSS6.1AI score0.0036EPSS
Exploits0References2
OSV
OSV
added 2 days ago4 views

CVE-2026-59245 Apache Airflow FAB provider: FAB auth manager: a DAG named "DAGs" hijacks the global all-DAGs permission (access_control privilege escalation via resource_name() collision)

In the Apache Airflow FAB auth manager, a DAG whose dagid is DAGs collided with the global all-DAGs permission resource name produced by resourcename, so a user granted per-DAG accesscontrol on that one DAG was silently granted the global all-DAGs permission privilege escalation. The escalation...

8.1CVSS6.1AI score0.0036EPSS
Exploits0References6
CVE
CVE
added 2 days ago18 views

CVE-2026-59245

The CVE affects Apache Airflow FAB provider: FAB auth manager. A DAG with dag_id/DAGs collides with the global all-DAGs permission name produced by resource_name(), causing a per-DAG access_control grant on that DAG to silently confer the global all-DAGs permission. This yields privilege escalati...

8.1CVSS6.1AI score0.0036EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.6 views

Devolutions Remote Desktop Manager 2026.2.5 < 2026.2.12 Code Execution (DEVO-2026-0021)

The version of Devolutions Remote Desktop Manager installed on the remote host is 2026.2.5 through 2026.2.11. It is, therefore, affected by a code execution vulnerability: - Incorrect link resolution by display name in the custom PowerShell VPN editor allows an authenticated attacker with write...

7.2CVSS6.5AI score0.00278EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 7:16 p.m.8 views

CVE-2026-13372

Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name...

7.2CVSS0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 6:22 p.m.37 views

CVE-2026-13372

Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name...

0.00278EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.16 views

PT-2026-52892

Name of the Vulnerable Software and Affected Versions Devolutions Remote Desktop Manager versions 2026.2.5 through 2026.2.11 Description An issue exists in the custom PowerShell VPN editor where incorrect link resolution by display name allows an authenticated attacker with write access to a shar...

7.2CVSS5.9AI score0.00278EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/15 5:27 p.m.9 views

Improper Check for Unusual or Exceptional Conditions

Overview protobufjs-cli is a Translates between file formats and generates static code as well as TypeScript definitions. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the schema-derived names that collide with runtime-significant...

6.9CVSS5.6AI score0.00238EPSS
Exploits0References2
OSV
OSV
added 2026/05/29 1:35 p.m.11 views

OESA-2026-2500 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via...

7.5CVSS5.7AI score0.00428EPSS
Exploits1References2
OSV
OSV
added 2026/05/22 1:21 p.m.10 views

OESA-2026-2432 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via...

7.5CVSS5.8AI score0.00428EPSS
Exploits1References2
OSV
OSV
added 2026/05/21 10:26 a.m.8 views

CLSA-2026-1779359157 Fix CVE(s): CVE-2026-45186

SECURITY UPDATE: Denial of service via quadratic attribute-name collision check in libexpat before 2.8.1 - debian/patches/CVE-2026-45186.patch: introduce per-element defaultAttsNames hash table and use it for O1 attribute collision detection in defineAttribute - CVE-2026-45186...

7.5CVSS5.8AI score0.00428EPSS
Exploits1References1
OSV
OSV
added 2026/05/19 9:49 a.m.10 views

CLSA-2026-1779184141 expat: Fix of CVE-2026-45186

CVE-2026-45186: fix quadratic complexity in attribute name collision check...

7.5CVSS5.7AI score0.00428EPSS
Exploits1References1
OSV
OSV
added 2026/05/19 9:46 a.m.18 views

CLSA-2026-1779183996 expat: Fix of CVE-2026-45186

CVE-2026-45186: fix quadratic complexity in attribute name collision check...

7.5CVSS5.7AI score0.00428EPSS
Exploits1References1
OSV
OSV
added 2026/05/19 9:42 a.m.20 views

CLSA-2026-1779183767 expat: Fix of CVE-2026-45186

CVE-2026-45186: fix quadratic complexity in attribute name collision check...

7.5CVSS5.7AI score0.00428EPSS
Exploits1References1
OSV
OSV
added 2026/05/19 9:38 a.m.9 views

CLSA-2026-1779183482 Fix CVE(s): CVE-2026-45186

SECURITY UPDATE: denial of service via On^2 attribute name collision check with moderately sized crafted XML input - debian/patches/CVE-2026-45186.patch: replace linear scan in defineAttribute with O1 hash table lookup using new ELEMENTTYPE.defaultAttsNames field in expat/lib/xmlparse.c -...

7.5CVSS5.8AI score0.00428EPSS
Exploits1References1
OSV
OSV
added 2026/05/18 6:53 p.m.20 views

CLSA-2026-1779130424 expat: Fix of CVE-2026-45186

CVE-2026-45186: fix quadratic complexity in attribute name collision check...

7.5CVSS5.7AI score0.00428EPSS
Exploits1References1
OSV
OSV
added 2026/05/18 6:36 p.m.8 views

CLSA-2026-1779129362 Fix CVE(s): CVE-2026-45186

SECURITY UPDATE: fix quadratic complexity in attribute name collision check - debian/patches/CVE-2026-45186.patch: fix quadratic complexity in attribute name collision check - CVE-2026-45186...

7.5CVSS5.7AI score0.00428EPSS
Exploits1References1
OSV
OSV
added 2026/05/18 6:33 p.m.9 views

CLSA-2026-1779129222 Fix CVE(s): CVE-2026-45186

SECURITY UPDATE: fix quadratic complexity in attribute name collision check - debian/patches/CVE-2026-45186.patch: fix quadratic complexity in attribute name collision check - CVE-2026-45186...

7.5CVSS5.7AI score0.00428EPSS
Exploits1References1
Rows per page
Query Builder