Lucene search
+L

575 matches found

ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-55548

Yamcs is a mission control framework. Prior to 5.12.8 and 5.13.2, the PacketsApi.exportPackets endpoint in yamcs-core/src/main/java/org/yamcs/http/api/PacketsApi.java failed to enforce object-level ReadPacket privileges when a request omitted specific packet names: with an empty name list the...

4.3CVSS6.1AI score0.00214EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-36425

An issue in OPSWAT AppRemover Driver ardrv.sys v2017.10.02.1551 and earlier in IOCTL handler 0x2420031. Any local user can open the device and send process termination requests without privilege validation...

0.00281EPSS
Exploits1References4
NVD
NVD
added 3 days ago6 views

CVE-2026-56742

Cilium is a networking, observability, and security solution. Prior to 1.17.17, 1.18.11, and 1.19.5, Cilium clusters using Gateway API allow users with permissions to create or update namespaced HTTPRoutes to mirror HTTP traffic to any Service in any namespace, bypassing the ReferenceGrant...

8.9CVSS0.002EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/09 10:27 p.m.8 views

EUVD-2026-42748

Zen is a firefox-based browser. Prior to 1.21.5b, Zen's glance and split-view context-menu actions, Open link in glance and Split link in new tab, load a page-controlled link URL with the System principal instead of the originating page's principal, allowing a malicious web page to place a link t...

6AI score0.0029EPSS
Exploits0References3
OSV
OSV
added 2026/07/08 8:22 p.m.3 views

CVE-2026-58494 Wasmtime: WASI hard links bypass wasmtime-wasi's FilePerms for destination

Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1, wasmtime-wasi hard-link creation and renaming check directory permissions but not matching FilePerms on source and destination preopens, allowing a WASI guest with a read-only source file capability to overwrite...

6.5CVSS6.1AI score0.00119EPSS
Exploits0References11
OSV
OSV
added 2026/07/02 7:2 a.m.3 views

OPENSUSE-SU-2026:21205-1 Security update for docker-stable

This update for docker-stable fixes the following issues - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo- header bsc1260279. - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad...

9.6CVSS6.6AI score0.08123EPSS
Exploits2References12
RedHat Linux
RedHat Linux
added 2026/06/30 2:42 p.m.23 views

mariadb: MariaDB: Privilege bypass allows unauthorized file write via subqueries

A flaw was found in MariaDB server. This vulnerability allows a low-privileged authenticated user to bypass a security control that normally restricts file operations. Specifically, the system failed to verify the necessary 'FILE' privilege when certain 'SELECT' statements, which write data to...

8.1CVSS5.8AI score0.00399EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/30 1:11 p.m.7 views

mariadb: MariaDB: Privilege bypass allows unauthorized file write via subqueries

A flaw was found in MariaDB server. This vulnerability allows a low-privileged authenticated user to bypass a security control that normally restricts file operations. Specifically, the system failed to verify the necessary 'FILE' privilege when certain 'SELECT' statements, which write data to...

8.1CVSS5.8AI score0.00399EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/30 11:22 a.m.8 views

mariadb: MariaDB: Privilege bypass allows unauthorized file write via subqueries

A flaw was found in MariaDB server. This vulnerability allows a low-privileged authenticated user to bypass a security control that normally restricts file operations. Specifically, the system failed to verify the necessary 'FILE' privilege when certain 'SELECT' statements, which write data to...

8.1CVSS5.8AI score0.00399EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/30 7:8 a.m.4 views

mariadb: MariaDB: Privilege bypass allows unauthorized file write via subqueries

A flaw was found in MariaDB server. This vulnerability allows a low-privileged authenticated user to bypass a security control that normally restricts file operations. Specifically, the system failed to verify the necessary 'FILE' privilege when certain 'SELECT' statements, which write data to...

8.1CVSS5.8AI score0.00399EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/30 7:8 a.m.5 views

mariadb: MariaDB server: Information disclosure of stored routine definitions due to insufficient privilege check

A flaw was found in MariaDB server. A user who has been granted EXECUTE access to a stored routine through a role can view the definition of that routine. This information disclosure occurs even if the user does not possess the SHOW CREATE ROUTINE privilege, potentially exposing sensitive routine...

4.3CVSS5.7AI score0.00161EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/29 10:57 p.m.4 views

mariadb: MariaDB: Privilege bypass allows unauthorized file write via subqueries

A flaw was found in MariaDB server. This vulnerability allows a low-privileged authenticated user to bypass a security control that normally restricts file operations. Specifically, the system failed to verify the necessary 'FILE' privilege when certain 'SELECT' statements, which write data to...

8.1CVSS5.8AI score0.00399EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.8 views

RockyLinux 10 : firefox (RLSA-2026:27733)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:27733 advisory. firefox: thunderbird: Sandbox escape in the DOM: Workers component CVE-2026-12294 firefox: thunderbird: Information disclosure, sandbox escape in the...

9.6CVSS6AI score0.00476EPSS
Exploits0References59
OSV
OSV
added 2026/06/23 1:13 p.m.2 views

SUSE-SU-2026:2579-1 Security update for docker-stable

This update for docker-stable fixes the following issues: - CVE-2026-33997: Fixed privilege validation bypass during plugin bsc1265907. - CVE-2026-34040: Fixed Authz zero length regression bsc1265929...

8.8CVSS6.1AI score0.08123EPSS
Exploits1References5
OSV
OSV
added 2026/06/23 1:12 p.m.2 views

SUSE-SU-2026:2578-1 Security update for docker-stable

This update for docker-stable fixes the following issues - CVE-2026-33747: github.com/moby/buildkit: malicious frontends can craft API messages that cause files to be written outside of the BuildKit state directory bsc1260967. - CVE-2026-33748: github.com/moby/buildkit: insufficient validation of...

9.8CVSS5.8AI score0.08123EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2026/06/23 7:44 a.m.10 views

CVE-2026-44173

A flaw was found in MariaDB server. This vulnerability allows a low-privileged authenticated user to bypass a security control that normally restricts file operations. Specifically, the system failed to verify the necessary 'FILE' privilege when certain 'SELECT' statements, which write data to...

8.1CVSS5.8AI score0.00399EPSS
Exploits0References5
CVE
CVE
added 2026/06/11 9:22 p.m.25 views

CVE-2026-45174

The vulnerability CVE-2026-45174 affects Idira Endpoint Privilege Manager Linux Agent prior to version 26.5. A local attacker could potentially bypass the agent daemon initialization process, enabling compromise of the daemon initialization sequence. Affected component: Idira EPM Linux Agent; roo...

8.5CVSS5.5AI score0.00126EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/10 11:13 p.m.1 views

mariadb: MariaDB: Privilege bypass allows unauthorized file write via subqueries

A flaw was found in MariaDB server. This vulnerability allows a low-privileged authenticated user to bypass a security control that normally restricts file operations. Specifically, the system failed to verify the necessary 'FILE' privilege when certain 'SELECT' statements, which write data to...

8.1CVSS6.1AI score0.00399EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/10 10:32 p.m.1 views

mariadb: MariaDB: Privilege bypass allows unauthorized file write via subqueries

A flaw was found in MariaDB server. This vulnerability allows a low-privileged authenticated user to bypass a security control that normally restricts file operations. Specifically, the system failed to verify the necessary 'FILE' privilege when certain 'SELECT' statements, which write data to...

8.1CVSS6.1AI score0.00399EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.17 views

Splunk Enterprise 输入验证错误漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. There is an input validation...

5.7CVSS5.9AI score0.00247EPSS
Exploits0References1
Rows per page
Query Builder