Lucene search
K

1064 matches found

Cvelist
Cvelist
added 2026/07/03 12:25 p.m.31 views

CVE-2026-41123

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper access control vulnerability in the RBAC. A low privileged...

4.3CVSS0.00152EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/03 12:25 p.m.5 views

CVE-2026-41123

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper access control vulnerability in the RBAC. A low privileged...

4.3CVSS6AI score0.00152EPSS
Exploits0References2
NVD
NVD
added 2026/07/02 8:17 p.m.8 views

CVE-2026-59093

Weaviate before 1.38.0 does not verify that a principal performing an RBAC role assignment holds the permissions granted by the assigned role. The assignRoleToUser and assignRoleToGroup handlers POST /authz/users/id/assign and /authz/groups/id/assign authorize only that the caller may assign role...

8.8CVSS0.00285EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/02 7:40 p.m.7 views

EUVD-2026-41424

Weaviate before 1.38.0 does not verify that a principal performing an RBAC role assignment holds the permissions granted by the assigned role. The assignRoleToUser and assignRoleToGroup handlers POST /authz/users/id/assign and /authz/groups/id/assign authorize only that the caller may assign role...

8.8CVSS5.8AI score0.00285EPSS
Exploits0References4
OSV
OSV
added 2026/07/01 8:51 p.m.2 views

GHSA-4J6X-2764-M8GH Rancher has over-inclusive team membership expansion in GitHub App authentication provider

Impact A vulnerability has been identified within Rancher Manager in the GitHub App authentication provider. When evaluating permissions, the provider incorrectly expands user team memberships to include all teams within the associated GitHub organization, rather than restricting access to the...

8.8CVSS5.7AI score0.0037EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.23 views

CVE-2026-56247 Capgo - Privilege Escalation via Cross-Scope RBAC Role Assignment

Capgo before 12.128.2 allows org admins to assign org-scoped RBAC roles at app scope without validating role scope compatibility, including to pending invitees. Attackers can pre-seed malformed high-privilege bindings that survive invite acceptance, enabling accepted low-privilege users to perfor...

8.8CVSS0.00303EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/30 6:20 p.m.18 views

EUVD-2026-36102

Fission: Environment Runtime.Container and Builder.Container SecurityContext bypass allows privileged pod creation...

9.9CVSS5.8AI score0.0029EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/30 3:58 p.m.6 views

Moderate: Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.10.1 release

Red Hat OpenShift distributed tracing platform Tempo 3.10.1 has been released This release of the Red Hat OpenShift distributed tracing platform Tempo provides security improvements and bug fixes. Breaking changes: None Deprecations: None Technology Preview features: None Enhancements: None Bug...

5.3CVSS6AI score0.0037EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/30 2:42 p.m.5 views

mariadb: MariaDB server: Information disclosure of stored routine definitions due to insufficient privilege check

A flaw was found in MariaDB server. A user who has been granted EXECUTE access to a stored routine through a role can view the definition of that routine. This information disclosure occurs even if the user does not possess the SHOW CREATE ROUTINE privilege, potentially exposing sensitive routine...

4.3CVSS5.7AI score0.00161EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/29 10:57 p.m.2 views

mariadb: MariaDB server: Information disclosure of stored routine definitions due to insufficient privilege check

A flaw was found in MariaDB server. A user who has been granted EXECUTE access to a stored routine through a role can view the definition of that routine. This information disclosure occurs even if the user does not possess the SHOW CREATE ROUTINE privilege, potentially exposing sensitive routine...

4.3CVSS5.7AI score0.00161EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/23 8:0 a.m.13 views

CVE-2026-44169

A flaw was found in MariaDB server. A user who has been granted EXECUTE access to a stored routine through a role can view the definition of that routine. This information disclosure occurs even if the user does not possess the SHOW CREATE ROUTINE privilege, potentially exposing sensitive routine...

4.3CVSS5.7AI score0.00161EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/19 1:9 p.m.33 views

CVE-2026-44046 Apache APISIX: wolf-rbac plugin Identity Spoofing

Use of Less Trusted Source vulnerability in Apache APISIX. Attacker can take advantage of wolf-rbac plugin under default configuration to potentially pollute logs with spoofed identity information and exploit IP based access control rules. This issue affects Apache APISIX: from 1.2.0 through...

2.3CVSS0.00314EPSS
Exploits0References1
OSV
OSV
added 2026/06/16 1:45 p.m.5 views

USN-8433-1 keystone vulnerabilities

It was discovered that OpenStack Keystone allowed restricted application credentials to create EC2 credentials. An authenticated attacker with only a reader role could possibly use this issue to bypass the role restrictions imposed on the application credential. CVE-2026-33551 It was discovered...

8.8CVSS5.7AI score0.00446EPSS
Exploits6References8
OSV
OSV
added 2026/06/16 11:50 a.m.6 views

BIT-MYSQL-CLIENT-2026-44169 MariaDB: Authorization bypass in role-based routine-level privilege check exposes stored routine definitions

MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting EXECUTE access to a stored routine via a role, could see the routine definition even without SHOW CREATE ROUTINE privilege. This issue has been...

4.3CVSS5.2AI score0.00161EPSS
Exploits0References3
OSV
OSV
added 2026/06/16 11:46 a.m.8 views

BIT-MARIADB-2026-44169 MariaDB: Authorization bypass in role-based routine-level privilege check exposes stored routine definitions

MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting EXECUTE access to a stored routine via a role, could see the routine definition even without SHOW CREATE ROUTINE privilege. This issue has been...

4.3CVSS5.3AI score0.00161EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.15 views

openSUSE 16 Security Update : mariadb (openSUSE-SU-2026:20933-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20933-1 advisory. This update for mariadb fixes the following issues Update to 11.8.8: - CVE-2026-3494: audit plugin comment handling bypass bsc1259176. -...

10CVSS6.8AI score0.00998EPSS
Exploits1References36
Vulnrichment
Vulnrichment
added 2026/06/12 5:31 p.m.15 views

CVE-2026-44169 MariaDB: Authorization bypass in role-based routine-level privilege check exposes stored routine definitions

MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting EXECUTE access to a stored routine via a role, could see the routine definition even without SHOW CREATE ROUTINE privilege. This issue has been...

4.3CVSS5.2AI score0.00161EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 5:31 p.m.42 views

CVE-2026-44169

CVE-2026-44169 affects MariaDB server (community forks). Issue: authorization bypass in role-based routine-level privilege check can let a user with EXECUTE on a stored routine view the routine definition without SHOW CREATE ROUTINE privilege. Affected versions: 11.4.1–11.4.10, 11.8.1–11.8.6, and...

4.3CVSS5.2AI score0.00161EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/12 5:31 p.m.10 views

CVE-2026-44169

MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting EXECUTE access to a stored routine via a role, could see the routine definition even without SHOW CREATE ROUTINE privilege. This issue has been...

4.3CVSS5.2AI score0.00161EPSS
Exploits0
NVD
NVD
added 2026/06/12 4:16 p.m.12 views

CVE-2026-45831

The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluates whether a user holds a given permission but never checks which tenant, database, or collection that permission applies to allowing users to perform cross tenant actions...

8.8CVSS0.00237EPSS
Exploits0References1
Rows per page
Query Builder