Lucene search
K

13 matches found

OSV
OSV
added 2026/05/13 9:32 p.m.3 views

GHSA-WFHV-MJ62-F5XH Grafana: Users can generate Service Account tokens after permissions removal

When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this...

5.9CVSS5.2AI score0.00245EPSS
Exploits0References4
CVE
CVE
added 2026/05/13 7:28 p.m.41 views

CVE-2026-33381

Grafana CVE-2026-33381 affects Grafana: when a user’s access to mint tokens for a service account is revoked, token minting can still succeed for a few seconds after the revocation. The issue is addressed in Grafana openSUSE/OpenSUSE advisory updates and upstream Grafana fixes, notably Grafana 11...

8.1CVSS5.8AI score0.00245EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.7 views

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. There is a security vulnerability in GitLab, which stems from improper...

2.7CVSS5.9AI score0.00348EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.4 views

File Browser 安全漏洞

File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of File Browser prior to 2.62.2 contained security vulnerabilities. These vulnerabilities stemmed from...

9.8CVSS6.2AI score0.00654EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/02 6:42 p.m.3 views

CVE-2026-0026

In removePermission of PermissionManagerServiceImpl.java, there is a possible way to override any system permission due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

7.8CVSS6.1AI score0.00096EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/01/28 3:39 p.m.2 views

SUSE-SU-2026:0328-1 Security update for xen

This update for xen fixes the following issues: Security fixes: - CVE-2025-58150: Fixed buffer overrun with shadow paging and tracing XSA-477 bsc1256745 - CVE-2026-23553: Fixed incomplete IBPB for vCPU isolation XSA-479 bsc1256747 - CVE-2025-58149: Fixed incorrect removal od permissions on PCI...

8.8CVSS6AI score0.004EPSS
Exploits0References7
OSV
OSV
added 2026/01/27 4:14 p.m.3 views

SUSE-SU-2026:0303-1 Security update for xen

This update for xen fixes the following issues: Security fixes: - CVE-2025-58150: Fixed buffer overrun with shadow paging and tracing XSA-477 bsc1256745 - CVE-2026-23553: Fixed incomplete IBPB for vCPU isolation XSA-479 bsc1256747 - CVE-2025-58149: Fixed incorrect removal od permissions on PCI...

9.8CVSS6AI score0.00435EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2025/11/07 12:0 a.m.3 views

Fedora 41 : xen (2025-48dc1c8c79)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-48dc1c8c79 advisory. Incorrect removal of permissions on PCI device unplug XSA-476, CVE-2025-58149 ---- x86: Incorrect input sanitisation in Viridian hypercalls XSA-475,...

7.5CVSS5.9AI score0.004EPSS
Exploits0References4
OSV
OSV
added 2024/12/16 7:14 a.m.5 views

BIT-MATTERMOST-2024-29221

Improper Access Control in Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 lacked proper access control in the /api/v4/users/me/teams endpoint allowing a team admin to get the invite ID of their team, thus allowing them to invite users,...

4.7CVSS4.6AI score0.00331EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2022/05/27 12:0 a.m.55 views

Security update for seamonkey (important)

openSUSE Security Update: Security update for seamonkey Announcement ID: openSUSE-SU-2022:0150-1 Rating: important References: 1194735 Cross-References: CVE-2021-45417 CVSS scores: CVE-2021-45417 SUSE: 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.3 An update...

7CVSS8.1AI score0.00493EPSS
Exploits1References1
OSV
OSV
added 2017/03/08 1:59 a.m.3 views

CVE-2017-0491

An elevation of privilege vulnerability in Package Manager could enable a local malicious application to prevent users from uninstalling applications or removing permissions from applications. This issue is rated as Moderate because it is a local bypass of user interaction requirements. Product:...

5.5CVSS7.3AI score0.00374EPSS
Exploits0References4
myhack58
myhack58
added 2013/11/28 12:0 a.m.17 views

iisspy and iis6. 0 parsing fixes-vulnerability warning-the black bar safety net

IIS Spy: “%SystemRoot%/ServicePackFiles/i386/activeds.dll “%SystemRoot%/system32/activeds.dll “%SystemRoot%/system32/activeds. tlb The USER group and the POWERS Group is removed, leaving only the administrators and system permissions. iis6. 0 analysis 1, can upload the directory to the IIS does n...

1.9AI score
Exploits0
CERT
CERT
added 2003/11/05 12:0 a.m.25 views

Oracle command-line program buffer overflow in argument handling

Overview A buffer overflow in some command-line utilities supplied with the Oracle Database Server could allow a local user to gain the privileges of the oracle system user. Description The Oracle 9 i Database Server package includes the oracle and oracleO command-line client programs to connect ...

4.6CVSS7.3AI score0.00855EPSS
Exploits0References4
Rows per page
Query Builder