Lucene search
K

3961 matches found

Vulnrichment
Vulnrichment
added 2026/06/02 8:56 a.m.11 views

CVE-2026-41115 Apache Kafka: Improper Authorization in CONSUMER_GROUP_DESCRIBE API

An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMERGROUPDESCRIBE 69 API validates the DESCRIBE operation on the GROUP resource instead of the READ operation that documented in the official kafka documentation and the KIP-848. This...

5.8AI score0.00288EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 8:56 a.m.11 views

EUVD-2026-33904

An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMERGROUPDESCRIBE 69 API validates the DESCRIBE operation on the GROUP resource instead of the READ operation that documented in the official kafka documentation and the KIP-848. This...

4.3CVSS5.8AI score0.00288EPSS
Exploits0References1
CVE
CVE
added 2026/06/02 8:56 a.m.242 views

CVE-2026-41115

Summary: CVE-2026-41115 describes an improper authorization issue in Apache Kafka related to the CONSUMER_GROUP_DESCRIBE API. The vulnerability discussion notes a discrepancy between ACLs and documented permissions, but states that the correct permission for the API is DESCRIBE GROUP and that the...

4.3CVSS5.8AI score0.00288EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.14 views

PT-2026-45773

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/pages/forum/get quotes.php only checks whether the caller is logged in, then reads a post by attacker-controlled post ID and returns its content. The backend helper in modules/Forum/classes/Forum.php does not...

7.1CVSS5.8AI score0.00225EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/30 12:0 a.m.12 views

RockyLinux 9 : kernel (RLSA-2026:21556)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21556 advisory. kernel: proc: use the same treatment to check proclseek as ones for procreaditer et.al CVE-2025-38653 kernel: ima: don't clear IMADIGSIG flag when setti...

9.4CVSS6.2AI score0.00514EPSS
Exploits0References39
Tenable Nessus
Tenable Nessus
added 2026/05/30 12:0 a.m.11 views

RockyLinux 8 : kernel-rt (RLSA-2026:21745)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21745 advisory. kernel: Bluetooth: MGMT: Fix possible UAFs CVE-2025-39981 kernel: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr CVE-2025-68183...

9.4CVSS6AI score0.00514EPSS
Exploits0References37
SUSE Linux
SUSE Linux
added 2026/05/29 3:24 p.m.11 views

Security update for perl-Net-CIDR-Lite

This update for perl-Net-CIDR-Lite fixes the following issues CVE-2026-45190: improper validation of trailing newlines or non-ASCII digits can lead to IP ACL bypass bsc1264710. CVE-2026-45191: extraneous leading zeros in CIDR mask values can lead to IP ACL bypass bsc1264709. CVE-2026-40198: missi...

7.5CVSS5.8AI score0.00311EPSS
Exploits0References14
OSV
OSV
added 2026/05/29 3:24 p.m.4 views

SUSE-SU-2026:2113-1 Security update for perl-Net-CIDR-Lite

This update for perl-Net-CIDR-Lite fixes the following issues - CVE-2026-45190: improper validation of trailing newlines or non-ASCII digits can lead to IP ACL bypass bsc1264710. - CVE-2026-45191: extraneous leading zeros in CIDR mask values can lead to IP ACL bypass bsc1264709. - CVE-2026-40198:...

7.5CVSS5.8AI score0.00311EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/29 1:3 p.m.14 views

EUVD-2026-33305

WWBN AVideo is an open source video platform. In 29.0 and earlier, an unauthenticated remote attacker can read arbitrary image files anywhere on disk that the PHP user can open — including private user-profile photos that the application's normal serving wrappers gate behind ACLs, admin-uploaded...

6.9CVSS6AI score0.00455EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/28 7:42 p.m.14 views

CVE-2026-46139

A flaw was found in the Linux kernel's Server Message Block SMB client. When building an Access Control List ACL descriptor, a buffer was not properly zero-initialized, leaving a reserved field with uninitialized heap data. This can lead to Samba rejecting the security descriptor, causing chmod...

7CVSS6AI score0.00122EPSS
Exploits0References4
OSV
OSV
added 2026/05/28 6:8 p.m.7 views

GHSA-Q537-QHJ4-WCJX OpenCTI: Privilege escalation via graphQL API is abusable by organization admins, due to incorrect ACL on userEdit relationAdd

Summary An organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization. Impact Full platform access, access to sensitive or proprietary information...

7.2CVSS5.8AI score0.00316EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/05/28 1:35 p.m.16 views

kernel: smb: client: validate the whole DACL before rewriting it in cifsacl

A flaw was found in the Linux kernel's Server Message Block SMB client, specifically within the cifsacl functionality. A malicious SMB server could provide a malformed Discretionary Access Control List DACL that claims to contain more Access Control Entries ACEs than are actually present. This...

8.8CVSS5.8AI score0.00259EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/28 1:35 p.m.27 views

Important: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

9.8CVSS6.6AI score0.00675EPSS
Exploits0References19
Cvelist
Cvelist
added 2026/05/28 9:36 a.m.38 views

CVE-2026-46186 Bluetooth: virtio_bt: validate rx pkt_type header length

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: validate rx pkttype header length virtbtrxhandle reads the leading pkttype byte from the RX skb and forwards the remainder to hcirecvframe for every event/ACL/SCO/ISO type, without checking that the remaining...

0.00123EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/28 9:35 a.m.31 views

CVE-2026-46139 smb: client: use kzalloc to zero-initialize security descriptor buffer

In the Linux kernel, the following vulnerability has been resolved: smb: client: use kzalloc to zero-initialize security descriptor buffer Commit 62e7dd0a39c2d "smb: common: change the data type of numaces to le16" split struct smbacl's le32 numaces field into le16 numaces and le16 reserved. The...

0.00122EPSS
Exploits0References5
AlmaLinux
AlmaLinux
added 2026/05/28 12:0 a.m.21 views

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: proc: use the same treatment to check proclseek as ones for procreaditer et.al CVE-2025-38653 kernel: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr CVE-2025-68183...

9.4CVSS5.5AI score0.00514EPSS
Exploits0References40
NVD
NVD
added 2026/05/27 4:16 a.m.17 views

CVE-2026-2254

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications...

6.3CVSS0.00154EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 2:46 a.m.7 views

CVE-2026-2254

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications...

6.3CVSS5.8AI score0.00154EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/27 2:46 a.m.12 views

EUVD-2026-32045

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications...

6.3CVSS5.8AI score0.00154EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 5:3 p.m.11 views

CVE-2026-44730

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.7, an organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization. This is due to incorrect ACL o...

7.2CVSS5.8AI score0.00316EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder