1005 matches found
EUVD-2026-41087
Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...
UBUNTU-CVE-2026-54369
acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions aclgetfile, aclsetfile, aclextendedfile, and acldeletedeffile that allows local attackers to escalate privileges by replacing any pathname component with a symbolic link. Attackers who contr...
CVE-2026-54369 acl < 2.4.0 Symlink Traversal Privilege Escalation via libacl Functions
acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions aclgetfile, aclsetfile, aclextendedfile, and acldeletedeffile that allows local attackers to escalate privileges by replacing any pathname component with a symbolic link. Attackers who contr...
EUVD-2026-40085
acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions aclgetfile, aclsetfile, aclextendedfile, and acldeletedeffile that allows local attackers to escalate privileges by replacing any pathname component with a symbolic link. Attackers who contr...
CVE-2026-48772
A flaw was found in ProxySQL, a proxy for MySQL and its forks, as well as PostgreSQL. A remote attacker can exploit this vulnerability by sending a specially crafted PROXY protocol version 1 PP1 header with an 'UNKNOWN' protocol token. Despite the specification requiring these address fields to b...
Astra Linux – Vulnerability in Redis
Redis is an open-source, in-memory database that persists data on disk. In affected versions, specially crafted Lua scripts executed in Redis can cause the heap-based Lua stack to overflow, due to incomplete checks for this condition. This can lead to heap corruption and potentially remote code...
Astra Linux – Vulnerability in Redis
Redis is an in-memory database that persists data on disk. In Redis 7.0, before version 7.0.12, extracting key names from a command and a list of arguments could, in some cases, trigger a heap overflow, leading to the reading of random heap memory, heap corruption, and potentially remote code...
Astra Linux – Vulnerability in Redis
Redis is an open-source, in-memory database that persists data on disk. Versions 8.2.1 and earlier allow an authenticated user to use a specially crafted Lua script to read out-of-bounds data or cause the server to crash, resulting in a denial of service attack. This vulnerability exists in all...
PT-2026-49226
Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before 4.7.16...
CVE-2026-53726
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.80 and 9.9.1-alpha.6, a relation query using the $relatedTo operator could read the membership of a Relation field even when that field was hidden from the requesting clie...
EUVD-2026-36437
Unrestricted upload of file with dangerous type vulnerability in Global IT Informatics Services Inc. WEOLL allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WEOLL: from 2.0.9 before 3.2.45.33...
PT-2026-48884
Name of the Vulnerable Software and Affected Versions WEOLL versions 2.0.9 through 3.2.45.32 Description An unrestricted file upload flaw allows the upload of dangerous file types. This issue enables attackers to access functionality that is not properly constrained by Access Control Lists ACLs,...
CVE-2022-42479
Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Soledad: from n/a through 8.2.5...
EUVD-2022-56003
Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Soledad: from n/a through 8.2.5...
PT-2026-48633
Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Soledad: from n/a through 8.2.5...
EUVD-2026-36133
Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/... endpoint with a ?filter= query string of a few thousand nested parentheses ≈ 4–12 KB drives the recursive-descent PEG parser past the worker thread's stack guard page. Rust responds...
CVE-2026-6274
Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Redline WR3200: from 7.1.3 before 7.1.8...
CVE-2025-14361
Missing Authorization vulnerability in AA-Team Woocommerce Envato Affiliates allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Woocommerce Envato Affiliates: from n/a through 1.2.1...
CVE-2025-53302
Missing Authorization vulnerability in Anton Shevchuk Constructor allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Constructor: from n/a through 1.6.5...
CVE-2026-2254
Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications...