Lucene search
K

772 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.8 views

Devolutions Server 2026.2.4 <= 2026.2.7 Credential Exposure (DEVO-2026-0020)

The version of Devolutions Server installed on the remote host is 2026.2.4 through 2026.2.7. It is, therefore, affected by a vulnerability: - Improper input validation in the PAM AD discovery endpoints allows an authenticated user with the UserGroupsView permission to coerce server-side...

2.7CVSS6AI score0.00216EPSS
Exploits0References2
Fedora
Fedora
added 2026/07/02 1:11 a.m.7 views

[SECURITY] Fedora 44 Update: opkssh-0.14.0-3.fc44

OpenPubkey SSH is a tool which enables ssh to be used with OpenID Connect allowing SSH access to be managed via identities like aliceaexample.com ins tead of long-lived SSH keys...

9.1CVSS5.8AI score0.00533EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/26 7:59 p.m.43 views

CVE-2026-55189 RustFS: FTP frontend skips IAM authorization on object reads

RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, when the FTP frontend is enabled, the FTP read and probe handlers dispatch directly to the storage backend without ever calling the IAM authorization function that the FTP write/list handlers and t...

7.7CVSS0.00201EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.16 views

PT-2026-52966

Name of the Vulnerable Software and Affected Versions RustFS versions prior to 1.0.0-beta.8 Description RustFS is a distributed object storage system built in Rust. The real-time metrics endpoint '/rustfs/admin/v3/metrics' is accessible to any valid IAM user, regardless of their assigned policy...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/10 1:37 p.m.6 views

Incorrect Comparison

Overview @hulumi/policies is a Pulumi CrossGuard policy packs for AWS, GitHub, Kubernetes, Cloudflare, and deployment governance. Includes HulumiHardeningPack, HulumiAwsOrgHardeningPack, state/backend/primitive/detection rules, GitHub packs, EKS packs, and platform governance. SLSA Bui Affected...

8.3CVSS5.8AI score0.0004EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/04 12:4 p.m.10 views

EUVD-2026-34249

A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive actions rather than being restricted to cluster-owned resources, enabling cross-scope impact after credential compromise...

7.2CVSS5.7AI score0.00328EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.15 views

Devolutions Server < 2026.1.20 Multiple Vulnerabilities (DEVO-2026-0014)

The version of Devolutions Server installed on the remote host is prior to 2026.1.20. It is, therefore, affected by multiple vulnerabilities, including: - Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without...

5.4CVSS5.6AI score0.00184EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/02 6:5 p.m.13 views

EUVD-2026-33998

Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription worker that allows authenticated users to perform unauthorized internal network requests by creating FHIR Subscription resources with arbitrary endpoint URLs. Attackers can point subscription endpoints ...

8.5CVSS6AI score0.00229EPSS
Exploits0References4
NVD
NVD
added 2026/06/02 4:16 p.m.20 views

CVE-2026-9522

Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without administrative privileges to delete network discovery scan configurations...

5.4CVSS0.00138EPSS
Exploits0References1
CVE
CVE
added 2026/06/02 2:8 p.m.17 views

CVE-2026-9522

Summary (CVE-2026-9522): Improper access control in the PAM account discovery feature of Devolutions Server 2026.1.19 and earlier enables an authenticated user without administrative privileges to delete network discovery scan configurations. Affected product is Devolutions Server (version line n...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.17 views

PT-2026-45789

Improper access control in the PAM account discovery feature in Devolutions Server 2026.1.19 and earlier allows an authenticated user without administrative privileges to delete network discovery scan configurations...

5.8AI score0.00138EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/29 2:31 p.m.102 views

Exploit for CVE-2026-44595

CVE-2026-44595 — YAMCS Unauthorized User Enumeration via IAM A...

5.8AI score0.00028EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2026/05/27 3:40 p.m.9 views

CVE-2026-44327 free5GC: NEF nnef-oam route group is unauthenticated; no-token requests reach the OAM handler

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-oam route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can hit the OAM route with no Authorization header at all and the handl...

10CVSS5.8AI score0.00311EPSS
Exploits1References3
Snyk
Snyk
added 2026/05/27 12:3 a.m.7 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the IAM API endpoints, including listUsers, getUser, listGroups, and getGroup. An attacker can retrieve sensitive user information, such as usernames, superuser status, and group memberships, by sending...

5.3CVSS5.5AI score0.00028EPSS
Exploits2References2
NVD
NVD
added 2026/05/22 4:16 p.m.14 views

CVE-2026-7325

Improper authorization in the Active Directory browsing feature in Devolutions Server allows a low-privileged authenticated user to obtain authentication material associated with a stored PAM provider service account via authentication relay to an attacker-controlled server. This issue affects :...

7.1CVSS0.00176EPSS
Exploits0References1
NVD
NVD
added 2026/05/22 4:16 p.m.18 views

CVE-2022-31231

Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management IAM module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data...

7.5CVSS0.00346EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/22 3:30 p.m.10 views

CVE-2026-7325

Improper authorization in the Active Directory browsing feature in Devolutions Server allows a low-privileged authenticated user to obtain authentication material associated with a stored PAM provider service account via authentication relay to an attacker-controlled server. This issue affects :...

7.1CVSS5.8AI score0.00176EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/22 2:31 p.m.14 views

CVE-2022-31231

Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management IAM module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References2
CVE
CVE
added 2026/05/22 2:31 p.m.24 views

CVE-2022-31231

CVE-2022-31231 affects Dell ECS (Dell EMC Elastic Cloud Storage) versions 3.5 and 3.6. The IAM module has an ImpropER Access Control vulnerability, enabling a remote unauthenticated attacker to obtain read access to unauthorized data . The root cause is improper access control within IAM, leading...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/22 2:31 p.m.8 views

CVE-2022-31231

Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management IAM module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data...

5.9CVSS0.00346EPSS
Exploits0References1
Rows per page
Query Builder