Lucene search
+L

981 matches found

OSV
OSV
added 2026/03/18 3:14 a.m.13 views

CVE-2026-32254 Kube-router Proxy Module Blindly Trusts ExternalIPs/LoadBalancer IPs Enabling Cluster-Wide Traffic Hijacking and DNS DoS

Kube-router is a turnkey solution for Kubernetes networking. Prior to version 2.8.0, Kube-router's proxy module does not validate externalIPs or loadBalancer IPs before programming them into the node's network configuration. Version 2.8.0 contains a patch for the issue. Available workarounds...

7.1CVSS6.3AI score0.00297EPSS
Exploits1References5
NVD
NVD
added 2026/03/17 8:16 p.m.12 views

CVE-2026-4064

Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticated user with any valid token to bypass role-based access controls and perform privileged operations — including reading sensitive data, creating or deleting resources, and...

8.3CVSS0.00325EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/17 10:54 a.m.35 views

CVE-2026-26929 Apache Airflow: Wildcard DagVersion Listing Bypasses Per‑DAG RBAC and Leaks Metadata

Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dagid set to "" wildcard for all DAGs. As a result, version metadata of DAGs that the requester is not authorized to access is returned. Users ar...

0.00406EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.10 views

PT-2026-25978

Name of the Vulnerable Software and Affected Versions Kube-router versions prior to 2.8.0 Description Kube-router's proxy module does not validate externalIPs or loadBalancer IPs before programming them into the node's network configuration. This impacts multi-tenant clusters where untrusted user...

7.1CVSS6.9AI score0.09274EPSS
Exploits4References10
SUSE CVE
SUSE CVE
added 2026/03/12 8:52 a.m.8 views

SUSE CVE-2026-31838

Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a vulnerability in Envoy RBAC header matching could allow authorization policy bypass when policies rely on HTTP headers that may contain multiple values. An attacker could craft requests...

6.9CVSS5.8AI score0.00214EPSS
Exploits0References3
OSV
OSV
added 2026/03/10 6:30 p.m.2 views

GHSA-GHC4-35X6-CRW5 Envoy has RBAC Header Validation Bypass via Multi-Value Header Concatenation

Summary The Envoy RBAC Role-Based Access Control filter contains a logic vulnerability in how it validates HTTP headers when multiple values are present for the same header name. Instead of validating each header value individually, Envoy concatenates all values into a single comma-separated...

7.5CVSS5.8AI score0.00293EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/03/10 2:12 a.m.10 views

CVE-2026-3786

A security flaw has been discovered in EasyCMS up to 1.6. The impacted element is an unknown function of the file /RbacuserAction.class.php of the component Request Parameter Handler. The manipulation of the argument order results in sql injection. The attack can be launched remotely. The exploit...

8.8CVSS6.4AI score0.00276EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.6 views

Envoy 安全漏洞

Envoy is an open-source gateway program developed by Enphase for connecting smart home devices. There are security vulnerabilities in versions of Envoy prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13. These vulnerabilities stem from logical flaws in the role-based access control filter, which may...

8.2CVSS5.8AI score0.00293EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/09 8:11 p.m.41 views

CVE-2026-25045 Budibase Critical Privilege Escalation & IDOR via Missing RBAC on User Role Management (Creator-Role)

Budibase is a low code platform for creating internal tools, workflows, and admin panels. This issue is a combination of Vertical Privilege Escalation and IDOR Insecure Direct Object Reference due to missing server-side RBAC checks in the /api/global/users endpoints. A Creator-level user, who...

8.7CVSS0.00292EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/08 10:32 p.m.3 views

CVE-2026-3786 EasyCMS Request Parameter RbacuserAction.class.php sql injection

A security flaw has been discovered in EasyCMS up to 1.6. The impacted element is an unknown function of the file /RbacuserAction.class.php of the component Request Parameter Handler. The manipulation of the argument order results in sql injection. The attack can be launched remotely. The exploit...

6.5CVSS5.6AI score0.00276EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2026/03/08 10:32 p.m.3 views

CVE-2026-3785

A vulnerability was identified in EasyCMS up to 1.6. The affected element is an unknown function of the file /RbacnodeAction.class.php of the component Request Parameter Handler. The manipulation of the argument order leads to sql injection. The attack can be initiated remotely. The exploit is...

6.5CVSS6.4AI score0.00276EPSS
Exploits1References4
CVE
CVE
added 2026/03/08 10:32 p.m.20 views

CVE-2026-3785

CVE-2026-3785 affects EasyCMS up to 1.6. The vulnerability is in an unknown function in /RbacnodeAction.class.php (Request Parameter Handler); manipulating the _order argument triggers remote SQL injection. An exploit is publicly available. Remediation guidance from connected sources suggests res...

8.8CVSS6.4AI score0.00276EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/04 12:0 a.m.4 views

openSUSE 16 Security Update : kubevirt (openSUSE-SU-2026:20281-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20281-1 advisory. Update to version 1.7.0 bsc1257128. Security issues fixed: - CVE-2025-64435: logic flaw in the virt-controller can lead to incorrect status...

8.5CVSS7.3AI score0.00513EPSS
Exploits6References25
Wolfi
Wolfi
added 2026/03/03 7:48 a.m.7 views

CVE-2026-27141 vulnerabilities

Vulnerabilities for packages: telegraf, pulumi, crossplane-provider-aws-kms, harbor, azure-service-operator, datadog-agent, crossplane-provider-aws-cloudfront, crossplane-provider-aws-elasticache, traefik, cloud-sql-proxy, cluster-api-azure-controller, opentelemetry-collector, cilium-cli,...

7.5CVSS7.3AI score0.00501EPSS
Exploits0
Chainguard
Chainguard
added 2026/03/03 7:17 a.m.10 views

CVE-2026-27141 vulnerabilities

Vulnerabilities for packages: gitlab-runner, polaris, tigera-operator-fips, kyverno-policy-reporter, kube-vip-fips, omnictl-multiarch-fips, apache-beam-java-sdk, crossplane-provider-aws-ecs, harbor-fips, grafana-alloy-fips, nemo, cert-manager-webhook-pdns-fips, pulumi-language-yaml,...

7.5CVSS7.3AI score0.00501EPSS
Exploits0
Chainguard
Chainguard
added 2026/03/03 7:17 a.m.6 views

GHSA-8FJ7-8H3W-XWFM vulnerabilities

Vulnerabilities for packages: gitlab-runner, polaris, tigera-operator-fips, kyverno-policy-reporter, kube-vip-fips, omnictl-multiarch-fips, apache-beam-java-sdk, crossplane-provider-aws-ecs, harbor-fips, grafana-alloy-fips, nemo, cert-manager-webhook-pdns-fips, pulumi-language-yaml,...

5.3AI score
Exploits0
OSV
OSV
added 2026/02/27 8:51 a.m.4 views

OPENSUSE-SU-2026:20281-1 Security update for kubevirt

This update for kubevirt fixes the following issues: Update to version 1.7.0 bsc1257128. Security issues fixed: - CVE-2025-64435: logic flaw in the virt-controller can lead to incorrect status updates and potentially causing a DoS bsc1253189. - CVE-2024-45310: kubevirt vendored...

8.5CVSS6AI score0.00513EPSS
Exploits6References17
OSV
OSV
added 2026/02/27 8:49 a.m.2 views

SUSE-SU-2026:20571-1 Security update for kubevirt

This update for kubevirt fixes the following issues: Update to version 1.7.0 bsc1257128. Security issues fixed: - CVE-2025-64435: logic flaw in the virt-controller can lead to incorrect status updates and potentially causing a DoS bsc1253189. - CVE-2024-45310: kubevirt vendored...

8.5CVSS6.8AI score0.00513EPSS
Exploits6References18
OSV
OSV
added 2026/02/27 8:49 a.m.4 views

SUSE-SU-2026:20551-1 Security update for kubevirt

This update for kubevirt fixes the following issues: Update to version 1.7.0 bsc1257128. Security issues fixed: - CVE-2025-64435: logic flaw in the virt-controller can lead to incorrect status updates and potentially causing a DoS bsc1253189. - CVE-2024-45310: kubevirt vendored...

8.5CVSS6AI score0.00513EPSS
Exploits6References18
CVE
CVE
added 2026/02/25 1:47 a.m.14 views

CVE-2026-24896

OpenEMR prior to version 8.0.0 contains a Broken Access Control vulnerability in the edih_main.php endpoint. An authenticated user, including low-privilege roles (e.g., Receptionist), can access EDI log files by manipulating the log_select parameter in a GET request. The backend does not enforce ...

6.5CVSS5.4AI score0.0026EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder