Lucene search
+L

3997 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/26 5:3 p.m.11 views

CVE-2026-44730

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.7, an organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization. This is due to incorrect ACL o...

7.2CVSS5.8AI score0.00316EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

WordPress plugin Woocommerce Envato Affiliates 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

7.1CVSS5.8AI score0.00248EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.16 views

PT-2026-43350

Name of the Vulnerable Software and Affected Versions OpenCTI versions prior to 6.9.7 Description An organization administrator can escalate their privileges by adding a user from a different organization who possesses higher privileges into their own organization. This occurs due to an incorrect...

7.2CVSS5.8AI score0.00316EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.11 views

Amazon Linux 2023 : perl-Net-CIDR-Lite (ALAS2023-2026-1732)

"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1732 advisory. Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. Inputs containing a trailing newline or non-ASCII digi...

6.5CVSS5.8AI score0.00311EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/21 8:34 p.m.22 views

NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation

Summary The OAuth token strategy attached oauthscope and oauthgrantedresources to the request user, but the ACL middleware never consulted either. An OAuth token issued with a restricted scope e.g. MCP-only therefore inherited the full permissions of the underlying user across all routes; the...

2CVSS5.8AI score0.00151EPSS
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: fs/9p: Fixed the issue of NULL pointer dereferencing when using mkdir. When a 9p tree was mounted with the posixacl option, the parent directory had a default ACL set for its subdirectories. For example: setfacl -m...

5.5CVSS6.3AI score0.00176EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Redis

Redis is an open-source, in-memory database that persists data on disk. In versions prior to 8.0.3, as well as in 7.4.5, 7.2.10, and 6.2.19, an authenticated user could use a specially crafted string to trigger an out-of-bounds write operation on the hyperloglog data structure, potentially leadin...

7.8CVSS5.7AI score0.03877EPSS
Exploits4References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumacltcam: A memory leak has been fixed when canceling the rehash operation. The rehash operation is rescheduled with a delay if the number of credits at the end of the operation is not negative—this indicates that t...

5.5CVSS6.2AI score0.00256EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Redis

Redis is an in-memory database that persists data on disk. By exploiting vulnerabilities in the Lua script execution environment, an attacker with access to Redis prior to versions 7.0.0 or 6.2.7 can inject Lua code that will execute with the potentially higher privileges of another Redis user. T...

7.8CVSS7AI score0.02264EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: NFSD: Fixed the crasher in nfsd4encodefattr4 Ensured that args.acl is initialized early. It is used in a unconditional call to kfree at the end of nfsd4encodefattr4...

5.5CVSS6.1AI score0.00236EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Redis

Redis is an open-source, in-memory database that persists data on disk. In affected versions, a integer overflow bug in Redis can be exploited to corrupt the heap and potentially lead to remote code execution. The vulnerability involves changing the default proto-max-bulk-len and...

7.5CVSS6.8AI score0.03688EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: nfsd: fixed the NULL dereference in nfs3svcencodegetaclres In error cases, the dentry may be NULL. Before 20798dfe249a, the encoder also checked dentry and dreallyispositivedentry, but I think that was unnecessary—a zero status...

5.5CVSS5.3AI score0.00237EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.11 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ksmbd: A possible reference count leak in smb2open has been fixed. The reference count of ACLs will cause a leak when memory allocation fails. This issue has been addressed by adding the missing posixaclrelease function...

5.5CVSS5.5AI score0.00165EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: smb: client: Fixed the directory separator in SMB1 UNIX mounts. When calling cifsmountgettcon with SMB1 UNIX mounts, @cifssb-mntcifsflags needs to be read or updated only after calling resetcifsunixcaps. Otherwise, the...

5.5CVSS6AI score0.001EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Redis

Redis is an open-source, in-memory database that persists data on disk. Versions 8.2.1 and earlier allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, triggering a use-after-free and potentially leading to remote code execution. This issue exists...

9.9CVSS7.8AI score0.86767EPSS
Exploits14References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hciconn: fails to handle SCO/ISO via hciconnfailed if the ACL is deleted prematurely. Not calling hcidisconnectcfm before deleting a connection referenced by a socket generally results in a “use-after-free” issue...

7.8CVSS6.6AI score0.00147EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: dpaa2-switch: Fixed a memory leak in dpaa2switchaclentryadd and dpaa2switchaclentryremove. The cmdbuff needs to be freed when an error occurs in dpaa2switchaclentryadd and dpaa2switchaclentryremove...

5.5CVSS5.9AI score0.00233EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Redis

Redis is an open-source, in-memory database that persists data on disk. A authenticated user may use a specially crafted Lua script to manipulate the garbage collector, potentially leading to remote code execution. This issue has been fixed in versions 7.4.2, 7.2.7, and 6.2.17. An additional...

9.8CVSS7.2AI score0.07934EPSS
Exploits2References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumacltcam: Fixed a possible use-after-free during activity updates. The “rule activity update” process periodically traverses a list of configured rules and queries their activity from the device. As part of this...

7.8CVSS6.2AI score0.00247EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumacltcam: Fixed a possible use-after-free during rehash. The rehash process delays the migration of filters from one region to another based on the number of available credits. If the number of credits is...

8.8CVSS5.9AI score0.00935EPSS
Exploits0References2
Rows per page
Query Builder