Lucene search
+L

3324 matches found

euvd
euvd
added 2026/06/08 6:26 p.m.13 views

EUVD-2026-35184

Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to a vault to execute arbitrary commands on the systems managed by the affected PAM provider. This issue affects : Devolutions...

6.5CVSS5.9AI score0.00196EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/08 6:26 p.m.36 views

CVE-2026-10544

Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to a vault to execute arbitrary commands on the systems managed by the affected PAM provider. This issue affects : Devolutions...

0.00196EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/08 6:26 p.m.7 views

CVE-2026-10544

Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to a vault to execute arbitrary commands on the systems managed by the affected PAM provider. This issue affects : Devolutions...

6.5CVSS5.9AI score0.00196EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/06/08 3:6 p.m.18 views

CLEANSTART-2026-YG71543 Security fixes for CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289, CVE-2026-32952, CVE-2026-33186, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-33816, CVE-2026-34040, CVE-2026-34986, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39821, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-39836, CVE-2026-39883, CVE-2026-41602, CVE-2026-41889, CVE-2026-42499, CVE-2026-42501, CVE-2026-42502, CVE-2026-42506, CVE-2026-42508, CVE-2026-44503, CVE-2026-46595, CVE-2026-46597, CVE-2026-46598, ghsa-7j59-v9qr-6fq9, ghsa-j88v-2chj-qfwx, ghsa-p77j-4mvh-x3m3, ghsa-pjcq-xvwq-hhpj, ghsa-wf45-q9ch-q8gh, ghsa-xmrv-pmrh-hhx2 applied in versions: 1.21.4-r0, 1.21.4-r1, 1.21.4-r2, 1.21.4-r3, 1.21.4-r4, 1.21.4-r5

Multiple security vulnerabilities affect the vault package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS7.1AI score0.08123EPSS
Exploits3References101
osv
osv
added 2026/06/08 12:27 p.m.16 views

CLEANSTART-2026-CN27900 Security fixes for CVE-2025-63811, CVE-2026-1229, CVE-2026-24051, CVE-2026-25680, CVE-2026-25681, CVE-2026-26958, CVE-2026-27136, CVE-2026-27145, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289, CVE-2026-32952, CVE-2026-33186, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-33816, CVE-2026-34986, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39821, CVE-2026-39823, CVE-2026-39824, CVE-2026-39825, CVE-2026-39826, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-39836, CVE-2026-39883, CVE-2026-41602, CVE-2026-41889, CVE-2026-42499, CVE-2026-42501, CVE-2026-42502, CVE-2026-42504, CVE-2026-42506, CVE-2026-42507, CVE-2026-42508, CVE-2026-44503, CVE-2026-46595, CVE-2026-46597, CVE-2026-46598, ghsa-78h2-9frx-2jm8, ghsa-7j59-v9qr-6fq9, ghsa-j88v-2chj-qfwx, ghsa-p77j-4mvh-x3m3, ghsa-pjcq-xvwq-hhpj, ghsa-wf45-q9ch-q8gh, ghsa-xmrv-pmrh-hhx2 applied in versions: 1.20.4-r0, 1.20.4-r1, 1.20.4-r2, 1.20.4-r3, 1.20.4-r4, 1.20.4-r5, 1.20.4-r6, 1.21.4-r0

Multiple security vulnerabilities affect the vault package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS6.8AI score0.01163EPSS
Exploits3References114
ptsecurity
ptsecurity
added 2026/06/08 12:0 a.m.15 views

PT-2026-47429

Name of the Vulnerable Software and Affected Versions Devolutions Server version 2026.2.4.0 Devolutions Server versions prior to 2026.1.20.0 Description Improper neutralization of special elements in the built-in PAM Privileged Access Management provider password rotation templates allows an...

6.5CVSS5.7AI score0.00196EPSS
Exploits0References5
veeam
veeam
added 2026/06/08 12:0 a.m.17 views

Guidance for Veeam Data Cloud Customers in Middle East Regions

Summary Veeam is monitoring risks that may affect cloud infrastructure in the Middle East regions, including the UAE, Qatar, and Israel. Customers using Veeam Data Cloud services in these regions should review their data resilience requirements and consider whether additional geographic separatio...

5.5AI score
Exploits0
redhatcve
redhatcve
added 2026/06/07 12:43 a.m.14 views

CVE-2026-11414

A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network attacker who can reach the server can forge valid download signatures and retrieve files from the...

10CVSS5.6AI score0.00478EPSS
Exploits0References1
snyk
snyk
added 2026/06/06 9:0 p.m.17 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score
Exploits0References2
snyk
snyk
added 2026/06/06 9:0 p.m.15 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score
Exploits0References2
snyk
snyk
added 2026/06/06 9:0 p.m.11 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score
Exploits0References2
susecve
susecve
added 2026/06/06 3:25 a.m.5 views

SUSE CVE-2025-6004

Vault and Vault Enterprise's “Vault” user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

5.3CVSS5.8AI score0.00394EPSS
Exploits0References3
nvd
nvd
added 2026/06/05 8:17 p.m.12 views

CVE-2026-11419

A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authenticated user can supply a crafted absolute path so that the configured storage root is discarded,...

9.4CVSS0.00548EPSS
Exploits0References1
euvd
euvd
added 2026/06/05 7:54 p.m.13 views

EUVD-2026-34913

A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authenticated user can supply a crafted absolute path so that the configured storage root is discarded,...

9.4CVSS6AI score0.00548EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/05 7:54 p.m.40 views

CVE-2026-11419 Path Traversal in Altium Enterprise Server Vault UploadController Allows Arbitrary File Write

A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authenticated user can supply a crafted absolute path so that the configured storage root is discarded,...

9.4CVSS0.00548EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/05 7:54 p.m.10 views

CVE-2026-11419

A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authenticated user can supply a crafted absolute path so that the configured storage root is discarded,...

9.4CVSS6AI score0.00548EPSS
Exploits0References2
cve
cve
added 2026/06/05 7:54 p.m.39 views

CVE-2026-11419

The vulnerability CVE-2026-11419 affects Altium Enterprise Server Vault Service UploadController. A path traversal flaw arises from improper validation of a user-controlled path in image upload requests, allowing an authenticated user to craft absolute paths that bypass the configured storage roo...

9.4CVSS6AI score0.00548EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2026/06/05 7:54 p.m.8 views

CVE-2026-11419 Path Traversal in Altium Enterprise Server Vault UploadController Allows Arbitrary File Write

A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authenticated user can supply a crafted absolute path so that the configured storage root is discarded,...

9.4CVSS6AI score0.00548EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:48 p.m.9 views

CVE-2026-9246

Improper access control in the entry documentation and attachment features in Devolutions Server allows an authenticated user with vault read access to retrieve the documentation and attachments of sealed entries via a crafted API request. This issue affects : Devolutions Server 2026.1.6.0 throug...

4.3CVSS5.4AI score0.00152EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:47 p.m.11 views

CVE-2026-9248

Authorization bypass in the entry duplication feature in Devolutions Server allows an authenticated user with write access to any vault to copy documentation and attachments from an entry in a vault they cannot access via a crafted save request. This issue affects : Devolutions Server 2026.1.6.0...

2.6CVSS5.5AI score0.00129EPSS
Exploits0References1
Rows per page
Query Builder