Lucene search
K

43 matches found

EUVD
EUVD
added 2025/10/23 3:39 a.m.5 views

EUVD-2025-35647

Uncaught Exception CWE-248 in the Command Centre Server allows an Authorized and Privileged Operator to crash the Command Centre Server at will. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 MR2, 9.20 prior to vEL9.20.2819 MR4, 9.10 prior to vEL9.10.3672 MR7, 9.00 prior to...

5.5CVSS6.5AI score0.00114EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/23 3:39 a.m.8 views

CVE-2025-48430

Uncaught Exception CWE-248 in the Command Centre Server allows an Authorized and Privileged Operator to crash the Command Centre Server at will. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 MR2, 9.20 prior to vEL9.20.2819 MR4, 9.10 prior to vEL9.10.3672 MR7, 9.00 prior to...

5.5CVSS0.00114EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/23 3:38 a.m.7 views

CVE-2025-41402

Client-Side Enforcement of Server-Side Security CWE-602 in the Command Centre Server allows a privileged operator to enter invalid competency data, bypassing expiry checks. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 MR2, 9.20 prior to vEL9.20.2819 MR4, 9.10 prior to...

5.5CVSS0.00126EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/23 3:38 a.m.3 views

CVE-2025-41402

Client-Side Enforcement of Server-Side Security CWE-602 in the Command Centre Server allows a privileged operator to enter invalid competency data, bypassing expiry checks. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 MR2, 9.20 prior to vEL9.20.2819 MR4, 9.10 prior to...

5.5CVSS6.5AI score0.00126EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/23 3:37 a.m.6 views

CVE-2025-35981

Exposure of Private Personal Information to an Unauthorized Actor CWE-359 in the Command Centre Server allows a privileged Operator to view limited personal data about a Cardholder they would not normally have permissions to view. This issue affects Command Centre Server: 9.30.1874 MR1, 9.20.2337...

5.5CVSS6.4AI score0.00123EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/23 3:37 a.m.16 views

CVE-2025-35981

Exposure of Private Personal Information to an Unauthorized Actor CWE-359 in the Command Centre Server allows a privileged Operator to view limited personal data about a Cardholder they would not normally have permissions to view. This issue affects Command Centre Server: 9.30.1874 MR1, 9.20.2337...

5.5CVSS0.00123EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/23 3:37 a.m.7 views

EUVD-2025-35651

Exposure of Private Personal Information to an Unauthorized Actor CWE-359 in the Command Centre Server allows a privileged Operator to view limited personal data about a Cardholder they would not normally have permissions to view. This issue affects Command Centre Server: 9.30.1874 MR1, 9.20.2337...

5.5CVSS6.3AI score0.00123EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/23 12:0 a.m.4 views

Gallagher Command Centre Server 安全漏洞

Gallagher Command Centre Server is a management system for monitoring and managing infrastructure in buildings from Gallagher New Zealand. A security vulnerability exists in Gallagher Command Centre Server versions 9.30.1874, 9.20.2337, and 9.10.3194, which stems from a privileged operator being...

5.5CVSS6.5AI score0.00123EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/23 12:0 a.m.9 views

Gallagher Command Centre Server 安全漏洞

Gallagher Command Centre Server is a management system used by Gallagher New Zealand to monitor and manage infrastructure in buildings. A security vulnerability exists in Gallagher Command Centre Server that stems from improper enforcement of server-side security mechanisms on the client side,...

5.5CVSS6.5AI score0.00126EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/23 12:0 a.m.4 views

Gallagher Command Centre Server 安全漏洞

Gallagher Command Centre Server is a management system for monitoring and managing infrastructure in buildings from Gallagher New Zealand. A security vulnerability exists in Gallagher Command Centre Server that stems from an uncaught exception that could cause an authorized privileged operator to...

5.5CVSS6.7AI score0.00114EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-3134

Malicious code in bioql PyPI...

7.2CVSS7.5AI score0.00528EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/08/12 11:36 p.m.4 views

SUSE CVE-2025-5999

A privileged Vault operator with write permissions to the root namespace's identity endpoint could escalate their own or another user's token privileges to Vault's root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22...

7.2CVSS7.1AI score0.00487EPSS
Exploits0References3
OSV
OSV
added 2025/08/11 5:59 p.m.4 views

GO-2025-3858 Privileged OpenBao Operator May Execute Code on the Underlying Host in github.com/openbao/openbao

Privileged OpenBao Operator May Execute Code on the Underlying Host in github.com/openbao/openbao. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

9.1CVSS7.1AI score0.00867EPSS
Exploits0References7
Snyk
Snyk
added 2025/08/09 2:41 a.m.7 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the audit subsystem when manipulating log prefixes. An attacker can execute unauthorized code and gain network access by bypassing intended restrictions on privileged API operators. Note: This is exploitable...

9.4CVSS7.8AI score0.00371EPSS
Exploits0References2
OSV
OSV
added 2025/08/01 6:31 p.m.2 views

GHSA-MR4H-QF9J-F665 Hashicorp Vault has Code Execution Vulnerability via Plugin Configuration

A privileged Vault operator within the root namespace with write permission to sys/audit may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

9.1CVSS6.6AI score0.00867EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/08/01 6:31 p.m.11 views

Hashicorp Vault has Code Execution Vulnerability via Plugin Configuration

A privileged Vault operator within the root namespace with write permission to sys/audit may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

9.1CVSS7.5AI score0.00867EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/08/01 5:40 p.m.5 views

CVE-2025-6000 Arbitrary Remote Code Execution via Plugin Catalog Abuse

A privileged Vault operator within the root namespace with write permission to sys/audit may obtain code execution on the underlying host if a plugin directory is set in Vault’s configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

9.1CVSS7.7AI score0.00867EPSS
Exploits0References4
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2025/08/01 5:8 p.m.6 views

Vault Root Namespace Operator May Elevate Token Privileges

Summary A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. This vulnerability, identified as CVE-2025-5999, is fixed in Vault Community Edition 1.20.0 and Vault Enterprise...

7.2CVSS7AI score0.00487EPSS
Exploits0Affected Software1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2024/10/10 8:37 p.m.7 views

Vault Operators in Root Namespace May Elevate Their Privileges

Summary A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. This vulnerability, identified as CVE-2024-9180, is fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18....

7.2CVSS7AI score0.00528EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/10 12:0 a.m.8 views

PT-2024-7690 · Hashicorp +3 · Hashicorp Vault +4

Name of the Vulnerable Software and Affected Versions: HashiCorp Vault versions prior to 1.18.0 HashiCorp Vault Enterprise versions prior to 1.18.0, 1.17.7, 1.16.11, and 1.15.16 Description: A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalat...

9.9CVSS6.5AI score0.97781EPSS
Exploits21References158
Rows per page
Query Builder