Lucene search
K

44 matches found

CVE
CVE
added 2026/05/06 2:15 a.m.24 views

CVE-2026-7573

Velocidex Velociraptor (GetUserRoles gRPC API) is affected in versions below 0.76.5, due to an authorization bypass (CWE-639) that allows any authenticated low-privilege user to retrieve the complete ACL policy (roles/permissions) for any user across all organizations by supplying specific Name a...

7.7CVSS5.8AI score0.00255EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/06 2:15 a.m.41 views

CVE-2026-7573 GetUserRoles API endpoint allows any authenticated user to enumerate ACL policies across all organizations

An authorization bypass CWE-639 in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy roles and permissions for any user across all organizations by supplying targeted Name and Org...

5CVSS0.00255EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.10 views

Velocidex Velociraptor 安全漏洞

Velocidex Velociraptor is a tool developed by Velocidex Australia that uses the Velociraptor Query Language VQL to retrieve host-based status information. Versions of Velocidex Velociraptor prior to 0.76.5 contained a security vulnerability. This vulnerability stemmed from an authorization bypass...

7.7CVSS5.8AI score0.00255EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/05 3:52 p.m.6 views

CVE-2026-30783 RustDesk Client Can Orphan API Channel to Ignore All Admin Commands and ACL Policies

A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient Client signaling, API sync loop, config management modules allows Privilege Abuse. This vulnerability is associated with program files src/rendezvousmediator.Rs, src/hbbshttp/sync....

4.8CVSS5.8AI score0.00376EPSS
Exploits1References3
CVE
CVE
added 2026/03/05 3:52 p.m.20 views

CVE-2026-30783

CVE-2026-30783 affects rustdesk-client across Windows, macOS, Linux, iOS, Android, and WebClient up to version 1.4.5. The issue is tied to client signaling, API sync loop, and config handling, specifically in src/rendezvous_mediator.Rs and src/hbbs_http/sync.Rs. Root cause details and exact explo...

9.8CVSS5.8AI score0.00376EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2014-0262

Malware in sbrugna...

7.5CVSS7.6AI score0.03464EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-2560

Malware in sbrugna...

6.5CVSS6.5AI score0.01008EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-16313

Malicious code in bioql PyPI...

2.6CVSS6.5AI score0.00494EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-2015

Malicious code in bioql PyPI...

3.4CVSS4.1AI score0.00493EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-2141

Malicious code in bioql PyPI...

4.1CVSS4.6AI score0.00364EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/29 10:49 p.m.12 views

CVE-2025-2826

n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming packets to...

2.6CVSS6.8AI score0.00494EPSS
Exploits0References1
NVD
NVD
added 2025/05/27 11:15 p.m.24 views

CVE-2025-2826

n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming packets to...

2.6CVSS0.00494EPSS
Exploits0References1
CVE
CVE
added 2025/05/27 10:22 p.m.65 views

CVE-2025-2826

CVE-2025-2826 affects Arista EOS platforms where IPv4/ MAC / IPv6 ingress ACLs may not be enforced on one or more interfaces, leading to ingress packets being incorrectly allowed or denied. The Arista advisory notes the issue exists in EOS train 4.33.x, with fixed releases including 4.33.2.1F, 4....

2.6CVSS3.8AI score0.00494EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/27 10:22 p.m.10 views

CVE-2025-2826 n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets.

n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming packets to...

2.6CVSS6.8AI score0.00494EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:15 a.m.8 views

CVE-2023-3072

HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11...

4.1CVSS6.7AI score0.00364EPSS
Exploits0References1
OSV
OSV
added 2024/03/06 11:10 a.m.22 views

BIT-VAULT-2021-43998

HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault...

6.5CVSS6.5AI score0.01008EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/07/20 12:30 a.m.18 views

Nomad ACL Policies without Label are Applied to Unexpected Resources

A vulnerability was identified in Nomad, an ACL policy using a block without label may be applied to unexpected resources. This vulnerability, CVE-2023-3072, affects Nomad from 0.7 up to 1.5.6 and 1.4.10 and was fixed in 1.6.0, 1.5.7, and 1.4.11...

4.1CVSS6.7AI score0.00364EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2023/07/20 12:15 a.m.25 views

CVE-2023-3299

HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11...

3.4CVSS3.7AI score0.00493EPSS
Exploits0References1
NVD
NVD
added 2023/07/20 12:15 a.m.26 views

CVE-2023-3072

HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11...

4.1CVSS4.2AI score0.00364EPSS
Exploits0References1
Prion
Prion
added 2023/07/20 12:15 a.m.14 views

Denial of service

HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11...

4.7CVSS4.2AI score0.00364EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder