Lucene search
K

3973 matches found

Nuclei
Nuclei
added 7 hours ago167 views

Apache HTTP Server - ACL Bypass

Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. id: CVE-2024-38473 info: name: Apache HTTP Server - ACL Bypass author: pdteam severity: high...

8.1CVSS6.7AI score0.25878EPSS
Exploits1References5
NVD
NVD
added yesterday3 views

CVE-2026-57364

Improper Validation of Specified Quantity in Input vulnerability in WPDeveloper Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More better-payment allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Better Payment – Instant Payments,...

6.5CVSS0.00351EPSS
Exploits0References1
Fedora
Fedora
added yesterday7 views

[SECURITY] Fedora 43 Update: acl-2.4.0-1.fc43

This package contains the getfacl and setfacl utilities needed for manipulating access control lists...

8.4CVSS6.1AI score0.00142EPSS
Exploits0
CVE
CVE
added 2 days ago19 views

CVE-2026-59260

OpenWrt luci-app-samba4 contains an ACL misconfiguration that grants file.exec permission on /usr/sbin/smbd. This allows authenticated delegated users to execute the Samba daemon with caller-controlled command-line arguments, enabling remote code execution via the SMB processing path. The vulnera...

8.8CVSS6.3AI score0.00714EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago27 views

CVE-2026-59260 OpenWrt luci-app-samba4 read ACL remote code execution via smbd

OpenWrt luci-app-samba4 read ACL grants file.exec permission on /usr/sbin/smbd, allowing authenticated delegated users to execute the Samba daemon with caller-controlled command-line arguments. Attackers can pass arbitrary Samba global options such as message command to a root smbd process,...

8.8CVSS0.00714EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago10 views

PT-2026-57557

Name of the Vulnerable Software and Affected Versions luci-app-samba4 affected versions not specified Description An issue in the read Access Control List ACL grants file.exec permission on /usr/sbin/smbd. This allows authenticated delegated users to execute the Samba daemon with command-line...

8.8CVSS6.3AI score0.00714EPSS
Exploits0References7
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-57481 Parse Server: LiveQuery discloses object data to a subscriber across an ACL read-access change

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.9.1-alpha.13 and 8.6.83, a LiveQuery subscriber could receive object field values they were not authorized to read when a single save changed both an object field and the subscriber'...

2.3CVSS0.00386EPSS
Exploits0References7
CVE
CVE
added 6 days ago8 views

CVE-2026-57481

Parse Server LiveQuery vulnerability: a subscriber could receive object field values the reader is not authorized to read when a single save changed both the object field and the subscriber’s ACL read access, due to leave/enter events using the wrong object state. Affected versions before 9.9.1-a...

2.3CVSS6AI score0.00386EPSS
Exploits0References7
CVE
CVE
added 6 days ago13 views

CVE-2026-58214

CVE-2026-58214 – NATS Server (MQTT subscribe ACL bypass) Prior to version 2.14.3 and 2.12.12, an authenticated MQTT client could subscribe to the internal $MQTT.deliver.pubrel subject family, bypassing configured subscribe permissions and exposing MQTT QoS2 protocol metadata for sessions in the a...

4.3CVSS5.9AI score0.00367EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/07/07 11:1 a.m.32 views

CVE-2026-11340 Authorization Bypass in HAVELSAN's Open Source Project Liman MYS

Missing Authorization vulnerability in HAVELSAN Inc. Liman MYS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liman MYS: before release.Master.1107...

8.3CVSS0.00195EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 9:51 a.m.4 views

ROOT-OS-DEBIAN-12-CVE-2026-54369 CVE-2026-54369 in rootio-acl - Patched by Root

Root has patched CVE-2026-54369 in the rootio-acl package for Root:Debian:12. Multiple fixed versions available...

8.4CVSS5.9AI score0.00142EPSS
Exploits0
Cvelist
Cvelist
added 2026/07/02 12:28 p.m.37 views

CVE-2026-58652 luci-app-travelmate - Arbitrary Command Execution via UCI Script Parameter

luci-app-travelmate and the travelmate package contain a privilege-escalation flaw: a LuCI/rpcd session holding the luci-app-travelmate write ACL is granted config-wide UCI write access to the travelmate configuration. While the LuCI UI restricts the auto-login script picker to...

7.7CVSS0.00482EPSS
Exploits0References7
OSV
OSV
added 2026/07/02 5:20 a.m.4 views

ROOT-OS-DEBIAN-13-CVE-2026-54369 CVE-2026-54369 in rootio-acl - Patched by Root

Root has patched CVE-2026-54369 in the rootio-acl package for Root:Debian:13. Multiple fixed versions available...

8.4CVSS5.8AI score0.00142EPSS
Exploits0
EUVD
EUVD
added 2026/07/01 11:58 a.m.8 views

EUVD-2026-40951

MCO does not properly enforce authorization checks in the /customer/servlet/mco/webapi/admin-view-hierarchy/get-acl-tree-structure endpoint. An authenticated, low-privileged user can retrieve administrator access control structures without proper authorization checks. This may expose sensitive...

7.1CVSS5.8AI score0.00208EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 11:58 a.m.23 views

CVE-2026-53905

CVE-2026-53905 affects MCO, with confirmation in version 25.3.3.1. The issue is an insufficient authorization enforcement in the /customer/servlet/mco/webapi/admin-view-hierarchy/get-acl-tree-structure endpoint, allowing an authenticated, low-privileged user to retrieve administrator access contr...

7.1CVSS5.8AI score0.00183EPSS
Exploits0References2Affected Software1
CBLMariner
CBLMariner
added 2026/07/01 2:6 a.m.7 views

CVE-2026-54371 affecting package acl for versions less than 2.4.0-1

CVE-2026-54371 affecting package acl for versions less than 2.4.0-1. An upgraded version of the package is available that resolves this issue...

8.4CVSS5.7AI score0.00136EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-54369

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions aclgetfile, aclsetfile, aclextendedfile, and...

8.4CVSS6AI score0.00142EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-54370

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by...

7.2CVSS6.1AI score0.00091EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 2:16 p.m.5 views

UBUNTU-CVE-2026-54369

acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions aclgetfile, aclsetfile, aclextendedfile, and acldeletedeffile that allows local attackers to escalate privileges by replacing any pathname component with a symbolic link. Attackers who contr...

8.4CVSS5.9AI score0.00142EPSS
Exploits0References9
Snyk
Snyk
added 2026/06/29 1:0 p.m.10 views

Symlink Attack

Overview acl is a None Affected versions of this package are vulnerable to Symlink Attack. via the libacl functions. An attacker can gain unauthorized access to or modify access control lists by replacing a pathname component with a symbolic link, redirecting ACL read or write operations to...

8.4CVSS5.9AI score0.00142EPSS
Exploits0References2
Rows per page
Query Builder