Lucene search
K

16 matches found

EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42518

A network attacker positioned between UAA and its LDAP directory can impersonate the directory using any certificate from any trusted CA, then harvest the LDAP bind password and every end-user password sent during simple-bind authentication, and return forged group memberships that grant themselv...

9.3CVSS6AI score0.00132EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-47840 LDAP StartTLS unconditionally disables hostname verification

A network attacker positioned between UAA and its LDAP directory can impersonate the directory using any certificate from any trusted CA, then harvest the LDAP bind password and every end-user password sent during simple-bind authentication, and return forged group memberships that grant themselv...

9.3CVSS0.00132EPSS
Exploits0References1
CVE
CVE
added 6 days ago12 views

CVE-2026-47840

CVE-2026-47840 concerns LDAP StartTLS with UAA: a network attacker between UAA and its LDAP directory can impersonate the directory using any trusted certificate, harvest LDAP bind passwords and end-user passwords during simple-bind, and return forged group memberships that grant admin scopes. Af...

9.3CVSS6AI score0.00132EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/04 9:24 p.m.16 views

Pelican Web UI Affected by a Privilege Escalation Attack

Background On April 2nd, 2026, a Claude coding agent alerted Pelican PI Brian Bockelman to a privilege escalation vulnerability affecting Pelican's Web User Interface WebUI for various versions between v7.21 and v7.24. Upon further investigation, the Pelican team discovered this attack allows any...

9CVSS5.7AI score0.0032EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/03/30 5:49 p.m.5 views

EUVD-2026-16732

AVideo has User Group-Based Category Access Control Bypass via Missing and Broken Group Filtering in categories.json.php...

5.3CVSS5.9AI score0.00319EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.4 views

PT-2026-28621

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description AVideo is an open source video platform. The categories.json.php endpoint, which serves the category listing API, does not properly enforce user group-based access controls on categories...

5.3CVSS5.8AI score0.00319EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2024/12/28 12:0 a.m.6 views

PT-2025-3199 · Couchbase · Couchbase Server

Name of the Vulnerable Software and Affected Versions: Couchbase Server versions 7.6.x through 7.6.3 Description: An issue was discovered that allows a user with the security admin local role to create a new user in a group that has the admin role. This is related to incorrect permission storage...

8.5CVSS7AI score0.00326EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/03/14 12:0 a.m.5 views

Siemens RUGGEDCOM CROSSBOW 安全漏洞

An access control error vulnerability exists in Siemens RUGGEDCOM CROSSBOW, a secure access management solution designed to provide NERC CIP-compliant access to intelligent electronic devices, which stems from a failure of the affected application's client-side query handler to check for...

8.8CVSS6.7AI score0.00632EPSS
Exploits0References2
OSV
OSV
added 2022/01/05 4:15 a.m.6 views

CVE-2021-43946

Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version 8.13.21, and from...

6.5CVSS5.8AI score0.01148EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/12/31 12:0 a.m.2 views

CVE-2021-43946

Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version 8.13.21, and from...

6.5CVSS6.7AI score0.01148EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2016/05/15 1:59 a.m.6 views

CVE-2016-0381

IBM Cognos TM1 10.2.2 before FP5, when the host/pmhub/pm/admin AdminGroups setting is empty, allows remote authenticated users to cause a denial of service configuration outage via a non-empty value...

4.3CVSS5.8AI score0.00993EPSS
Exploits0References2
OSV
OSV
added 2016/05/13 4:59 p.m.5 views

DEBIAN-CVE-2016-2860

The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID...

6.5CVSS6.9AI score0.01501EPSS
Exploits0References1
OSV
OSV
added 2016/05/13 4:59 p.m.5 views

UBUNTU-CVE-2016-2860

The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID...

6.5CVSS6.9AI score0.01501EPSS
Exploits0References3
CNVD
CNVD
added 2016/04/12 12:0 a.m.4 views

IBM OpenAFS ptserver elevation of privilege vulnerability

IBM OpenAFS is a distributed file system from IBM in the United States that allows sharing of files and resources between systems over LANs and WANs. A security vulnerability exists in IBM OpenAFS versions prior to 1.6.17 in ptserver. An attacker could exploit the vulnerability to create arbitrar...

6.5CVSS7.6AI score0.01501EPSS
Exploits0References1
Prion
Prion
added 2012/09/17 5:55 p.m.18 views

Code injection

SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote authenticated users with the EDITPERMISSIONS permission to gain administrator privileges via a TreeMultiselectField that includes admin groups when adding a user to the selected groups...

6CVSS7AI score0.016EPSS
Exploits0References5Affected Software1
Packet Storm
Packet Storm
added 2011/04/12 12:0 a.m.35 views

WebsiteBaker 2.8.1 Path Disclosure / SQL Injection

=================================== Vulnerability ID: HTB22929 Reference: http://www.htbridge.ch/advisory/multiplepathdisclosureinwebsitebaker.html Product: WebsiteBaker Vendor: Website Baker Org http://www.websitebaker2.org/ Vulnerable Version: 2.8.1 Vendor Notification: 29 March 2011...

0.1AI score
Exploits0
Rows per page
Query Builder