Lucene search
K

507 matches found

Nuclei
Nuclei
added 8 hours ago167 views

Apache HTTP Server - ACL Bypass

Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. id: CVE-2024-38473 info: name: Apache HTTP Server - ACL Bypass author: pdteam severity: high...

8.1CVSS6.7AI score0.25878EPSS
Exploits1References5
CVE
CVE
added 5 days ago13 views

CVE-2026-58214

CVE-2026-58214 – NATS Server (MQTT subscribe ACL bypass) Prior to version 2.14.3 and 2.12.12, an authenticated MQTT client could subscribe to the internal $MQTT.deliver.pubrel subject family, bypassing configured subscribe permissions and exposing MQTT QoS2 protocol metadata for sessions in the a...

4.3CVSS5.9AI score0.00367EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/24 1:21 p.m.8 views

EUVD-2026-38789

ProFTPD through 1.3.9b and 1.3.10rc2 contains an access control bypass vulnerability that allows authenticated FTP users to circumvent Directory ACL restrictions by prefixing paths with /proc/self/root in the RNFR command handler. Attackers can exploit the unresolved symlink components in...

8.6CVSS5.9AI score0.00331EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 1:21 p.m.43 views

CVE-2026-35025 ProFTPD ACL Bypass via /proc/self/root Path Prefix in RNFR

ProFTPD through 1.3.9b and 1.3.10rc2 contains an access control bypass vulnerability that allows authenticated FTP users to circumvent Directory ACL restrictions by prefixing paths with /proc/self/root in the RNFR command handler. Attackers can exploit the unresolved symlink components in...

8.6CVSS0.00331EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/23 4:41 p.m.5 views

CVE-2026-54019

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI added collection-level ACL checks, but the patch can still be bypassed when Milvus multitenancy mode is enabled. The ACL allows unknown non-KB collection names as...

6.5CVSS5.8AI score0.00281EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/06/19 8:16 p.m.26 views

CVE-2026-48772

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 2.0.0 through 3.0.8, the ProxySQL MySQL frontend accepts the PROXY UNKNOWN \r\n PP1 frame as a well-formed PROXY protocol header. The HAProxy PROXY protocol v1 specification says that when the protocol token is UNKNOW...

10CVSS0.00185EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 7:28 p.m.38 views

CVE-2026-48772

ProxySQL (versions 2.0.0–3.0.8) is vulnerable to a PROXY protocol v1 UNKNOWN frame bypass. The frontend accepts the PROXY UNKNOWN header and, despite the spec requiring ignoring the address fields, ProxySQL parses them via sscanf and writes a spoofed source address into the session, feeding i...

10CVSS5.8AI score0.00185EPSS
Exploits0References2
OSV
OSV
added 2026/06/17 5:57 p.m.6 views

GHSA-P5CP-R7RG-QPXC Open WebUI: RAG ACL Bypass in Milvus Multitenancy Mode

RAG ACL Bypass in Milvus Multitenancy Mode Summary This is a bypass of the fix for: - GHSA-h36f-rqpx-j5wx - CVE-2026-44560 - "Unauthorized File and Knowledge Base Content Access via RAG Vector Search" Open WebUI added collection-level ACL checks, but the patch can still be bypassed when Milvus...

6.5CVSS5.7AI score0.00366EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.14 views

PT-2026-50591

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description An issue exists in the self-hosted artificial intelligence platform where collection-level Access Control List ACL checks can be bypassed when Milvus multitenancy mode is enabled. The ACL permits...

6.5CVSS5.9AI score0.00281EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.11 views

SUSE SLED15 / SLES15 Security Update : perl-Net-CIDR-Lite (SUSE-SU-2026:2113-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2113-1 advisory. This update for perl-Net-CIDR-Lite fixes the following issues - CVE-2026-45190: improper validation of trailin...

7.5CVSS5.7AI score0.00311EPSS
Exploits0References12
OSV
OSV
added 2026/06/04 7:28 p.m.9 views

GHSA-V39M-97P8-GQG7 Shopware: Privilege escalation: non-admin user with user:create ACL can create admin accounts

UserController::upsertUser writes user data in SYSTEMSCOPE and does not filter the admin field. A non-admin API user with user:create or user:update ACL permission can set admin: true on new or existing users, escalating to full admin access. The Problem In...

6.5CVSS5.8AI score0.00034EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2026/05/29 3:24 p.m.11 views

Security update for perl-Net-CIDR-Lite

This update for perl-Net-CIDR-Lite fixes the following issues CVE-2026-45190: improper validation of trailing newlines or non-ASCII digits can lead to IP ACL bypass bsc1264710. CVE-2026-45191: extraneous leading zeros in CIDR mask values can lead to IP ACL bypass bsc1264709. CVE-2026-40198: missi...

7.5CVSS5.8AI score0.00311EPSS
Exploits0References14
OSV
OSV
added 2026/05/29 3:24 p.m.4 views

SUSE-SU-2026:2113-1 Security update for perl-Net-CIDR-Lite

This update for perl-Net-CIDR-Lite fixes the following issues - CVE-2026-45190: improper validation of trailing newlines or non-ASCII digits can lead to IP ACL bypass bsc1264710. - CVE-2026-45191: extraneous leading zeros in CIDR mask values can lead to IP ACL bypass bsc1264709. - CVE-2026-40198:...

7.5CVSS5.8AI score0.00311EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/29 1:3 p.m.14 views

EUVD-2026-33305

WWBN AVideo is an open source video platform. In 29.0 and earlier, an unauthenticated remote attacker can read arbitrary image files anywhere on disk that the PHP user can open — including private user-profile photos that the application's normal serving wrappers gate behind ACLs, admin-uploaded...

6.9CVSS6AI score0.00455EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 2:46 a.m.7 views

CVE-2026-2254

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications...

6.3CVSS5.8AI score0.00154EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.11 views

Amazon Linux 2023 : perl-Net-CIDR-Lite (ALAS2023-2026-1732)

"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1732 advisory. Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. Inputs containing a trailing newline or non-ASCII digi...

6.5CVSS5.8AI score0.00311EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/21 8:34 p.m.20 views

NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation

Summary The OAuth token strategy attached oauthscope and oauthgrantedresources to the request user, but the ACL middleware never consulted either. An OAuth token issued with a restricted scope e.g. MCP-only therefore inherited the full permissions of the underlying user across all routes; the...

2CVSS5.8AI score0.00151EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.19 views

PT-2026-41994

Name of the Vulnerable Software and Affected Versions AVideo versions 29.0 and earlier Description An unauthenticated remote attacker can read arbitrary image files from the disk that the PHP user has permission to open. This includes private user-profile photos protected by Access Control Lists...

6.9CVSS6AI score0.00455EPSS
Exploits1References5
Mageia
Mageia
added 2026/05/14 2:43 a.m.15 views

Updated perl-Net-CIDR-Lite packages fix security vulnerabilities

Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. CVE-2026-45190 Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL...

6.5CVSS5.8AI score0.00311EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/11 2:13 p.m.16 views

SUSE CVE-2026-45191

Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass. Mask forms like "/00" and "/01" pass validation and parse to the same prefix as their unpadded value. See also CVE-2026-45190...

7.5CVSS5.8AI score0.003EPSS
Exploits0References5
Rows per page
Query Builder