Lucene search
K

33101 matches found

ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-9272

In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an adversary who is authenticated as a low-privileged user in the Anomaly Detection System ADS may send specially crafted requests that could result in unauthorized access to application data and its...

8.7CVSS5.8AI score0.00234EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-55338

Name of the Vulnerable Software and Affected Versions Gardyn Home Kit and Studio devices affected versions not specified Description A hardcoded iothubowner key in the IoT Hub allows unauthenticated attackers to invoke the IoTHub Registry Manager function. This action exposes connection informati...

10CVSS6.2AI score0.00559EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-55260

Name of the Vulnerable Software and Affected Versions Flowmon ADS versions prior to 12.5.6 Flowmon ADS versions prior to 13.0.5 Description An authenticated low-privileged user in the Anomaly Detection System ADS can send specially crafted requests to gain unauthorized access to application data...

8.7CVSS5.9AI score0.00234EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 5 days ago5 views

Rancher has Privilege Escalation from Project Owner to Host

Impact A vulnerability has been identified in Rancher Manager that allows users assigned the Project Owner role to modify Pod Security Admission PSA labels on namespaces within their projects. Under the default role configuration, an attacker with the following access pattern can exploit this...

9.4CVSS5.8AI score0.00319EPSS
Exploits0References5Affected Software1
NVD
NVD
added 5 days ago8 views

CVE-2026-56152

Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...

5.3CVSS0.00181EPSS
Exploits0References1
NVD
NVD
added 5 days ago9 views

CVE-2026-56149

Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. A user with elevated privileges can submit a specially crafted machine learning request that causes excessive memory consumption, which may render the...

4.9CVSS0.00324EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-56152 Incorrect Authorization in Elastic Defend Leading to Information Disclosure

Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...

5.3CVSS0.00181EPSS
Exploits0References1
CVE
CVE
added 5 days ago7 views

CVE-2026-56152

Summary: CVE-2026-56152 concerns Elastic Defend. Affected component is the Elastic Defend response actions where an authorization check failure allowed a low-privileged authenticated user to access response action data they should not view (CWE-863, CAPEC-1). Impact details (as described): The vu...

5.3CVSS5.8AI score0.00181EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-41087

Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...

5.3CVSS5.8AI score0.00181EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago45 views

CVE-2026-56149

Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. A user with elevated privileges can submit a specially crafted machine learning request that causes excessive memory consumption, which may render the...

4.9CVSS5.8AI score0.00324EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-58036 Users API leaks whether privileged users have their user groups disabled for lack of 2FA

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryAllUsers.Php, includes/Api/ApiQueryUsers.Php, includes/Permissions/PermissionManager.Php,...

2.1CVSS0.00239EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-41001

Improper certificate validation and a time-of-check time-of-use TOCTOU race condition in the PrivilegedHelperTool XPC service in Cato Client before v.5.13.1 on macOS allows a local authenticated attacker to escalate privileges to root via a self-signed certificate that bypasses the XPC caller...

7.3CVSS5.8AI score0.00055EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago3 views

CVE-2026-12374

Improper certificate validation and a time-of-check time-of-use TOCTOU race condition in the PrivilegedHelperTool XPC service in Cato Client before v.5.13.1 on macOS allows a local authenticated attacker to escalate privileges to root via a self-signed certificate that bypasses the XPC caller...

7.3CVSS5.8AI score0.00055EPSS
Exploits0References2Affected Software1
CVE
CVE
added 5 days ago27 views

CVE-2026-12374

CVE-2026-12374 affects the macOS PrivilegedHelperTool in Cato Client prior to v5.13.1. The issue combines improper XPC caller certificate validation with a TOCTOU race, allowing a local authenticated attacker to escalate to root by using a self-signed certificate that bypasses XPC caller verifica...

7.3CVSS5.8AI score0.00055EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-40779

Insufficient policy enforcement in Privacy in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network position to leak cross-origin data via malicious network traffic. Chromium security severity: Low...

5.8AI score0.00142EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-40580

Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network position to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00212EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-40548

Insufficient policy enforcement in Web Authentication Passkeys & Security Keys in Google Chrome on iOS prior to 150.0.7871.47 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00238EPSS
Exploits0References3
Talos
Talos
added 5 days ago9 views

GeoVision GeoWebPlayer Websocket Server lack of authentication vulnerability

Summary A lack of authentication vulnerability exists in the Websocket Server functionality of GeoWebPlayer versions: 1.1.1.0. A specially crafted websocket connection can lead to execute priviledged operation. An attacker can stage a malicious webpage to trigger this vulnerability. Confirmed...

8.8CVSS5.9AI score0.00227EPSS
Exploits0
NVD
NVD
added 6 days ago6 views

CVE-2026-14092

Insufficient policy enforcement in Privacy in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network position to leak cross-origin data via malicious network traffic. Chromium security severity: Low...

4.3CVSS0.00142EPSS
Exploits0References2
NVD
NVD
added 6 days ago4 views

CVE-2026-13894

Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network position to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS0.00212EPSS
Exploits0References2
Rows per page
Query Builder