Lucene search
K

434 matches found

Cvelist
Cvelist
added 2026/03/09 10:26 p.m.41 views

CVE-2026-30862 Critical Stored XSS & Privilege Escalation in Appsmith

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.96, a Critical Stored XSS vulnerability exists in the Table Widget TableWidgetV2. The root cause is a lack of HTML sanitization in the React component rendering pipeline, allowing malicious attributes to be...

9CVSS0.00308EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/28 9:16 p.m.6 views

CVE-2026-22039

Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have a critical authorization boundary bypass in namespaced Kyverno Policy apiCall. The resolved urlPath is executed using the Kyverno admission controller ServiceAccount, with no...

9.9CVSS5.9AI score0.00516EPSS
Exploits1References1
Snyk
Snyk
added 2026/01/27 6:1 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via apiCall. An attacker can gain unauthorized access to sensitive resources and escalate privileges via malicious urlPath values that cause the system to perform Kubernetes API requests outside the...

9.9CVSS5.9AI score0.00516EPSS
Exploits1References2
OSV
OSV
added 2026/01/27 6:1 p.m.4 views

GHSA-8P9X-46GM-QFX2 Kyverno Cross-Namespace Privilege Escalation via Policy apiCall

Summary A critical authorization boundary bypass in namespaced Kyverno Policy apiCall. The resolved urlPath is executed using the Kyverno admission controller ServiceAccount, with no enforcement that the request is limited to the policy’s namespace. As a result, any authenticated user with...

9.9CVSS6AI score0.00516EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/01/27 6:1 p.m.17 views

Kyverno Cross-Namespace Privilege Escalation via Policy apiCall

Summary A critical authorization boundary bypass in namespaced Kyverno Policy apiCall. The resolved urlPath is executed using the Kyverno admission controller ServiceAccount, with no enforcement that the request is limited to the policy’s namespace. As a result, any authenticated user with...

9.9CVSS6AI score0.00516EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/01/27 5:16 p.m.7 views

CVE-2026-22039

Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have a critical authorization boundary bypass in namespaced Kyverno Policy apiCall. The resolved urlPath is executed using the Kyverno admission controller ServiceAccount, with no...

9.9CVSS0.00516EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/01/27 4:7 p.m.3 views

CVE-2026-22039

Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have a critical authorization boundary bypass in namespaced Kyverno Policy apiCall. The resolved urlPath is executed using the Kyverno admission controller ServiceAccount, with no...

9.9CVSS5.9AI score0.00516EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/01/27 4:7 p.m.31 views

CVE-2026-22039

Kyverno contains a cross-namespace privilege escalation in the Policy apiCall path for versions prior to 1.16.3 and 1.15.3. The vulnerability lets an authenticated user with permission to create a namespaced Policy cause Kyverno’s admission controller to perform Kubernetes API requests using Kyve...

9.9CVSS5.9AI score0.00516EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 10:35 a.m.8 views

CVE-2017-18433

cPanel before 64.0.21 allows code execution by webmail and demo accounts via a storefilter API call SEC-236...

9CVSS7.5AI score0.01861EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/17 12:0 a.m.25 views

CVE-2025-67793

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 through 24.2., and 25.1 before 25.1.6. Users with the "Manage roles and permissions" privilege can promote themselves or other DOC users to the Supervisor role through an API call. This privilege is included by default in the...

0.00268EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/11 12:0 a.m.5 views

GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition EE and GitLab Community...

6.5CVSS6.2AI score0.0027EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2025/12/01 12:0 a.m.3 views

Demystifying Feature Engineering in Malware Analysis of API Call Sequences

Machine learning ML has been widely used to analyze API call sequences in malware analysis, which typically requires the expertise of domain specialists to extract relevant features from raw data. The extracted features play a critical role in malware analysis. Traditional feature extraction is...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/11/19 12:10 a.m.4 views

CVE-2025-31649

A hard-coded password vulnerability exists in the ControlVault WBDI Driver functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to execute priviledged operation. An attacker can issue an api call...

8.7CVSS7.1AI score0.00231EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/18 10:49 p.m.5 views

CVE-2025-32089

A buffer overflow vulnerability exists in the CvManagerSBI functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to a arbitrary code execution. An attacker can issue an api call to trigger this...

8.8CVSS7.9AI score0.00247EPSS
Exploits0References1
NVD
NVD
added 2025/11/17 11:15 p.m.5 views

CVE-2025-36553

A buffer overflow vulnerability exists in the CvManager functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability...

8.8CVSS0.0022EPSS
Exploits0References3
NVD
NVD
added 2025/11/17 11:15 p.m.5 views

CVE-2025-31649

A hard-coded password vulnerability exists in the ControlVault WBDI Driver functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to execute priviledged operation. An attacker can issue an api call...

8.7CVSS0.00231EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/17 10:55 p.m.2 views

CVE-2025-31649 Dell ControlVault3 ControlVault WBDI Driver hard-coded password vulnerability

A hard-coded password vulnerability exists in the ControlVault WBDI Driver functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to execute priviledged operation. An attacker can issue an api call...

8.7CVSS6.5AI score0.00231EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/17 10:55 p.m.7 views

CVE-2025-31649 Dell ControlVault3 ControlVault WBDI Driver hard-coded password vulnerability

A hard-coded password vulnerability exists in the ControlVault WBDI Driver functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to execute priviledged operation. An attacker can issue an api call...

8.7CVSS0.00231EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/17 10:54 p.m.5 views

EUVD-2025-197899

A privilege escalation vulnerability exists in the ControlVault WBDI Driver WBIOUSHADDRECORD functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to privilege escalation. An attacker can issue a...

8.7CVSS6.5AI score0.00218EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/17 10:34 p.m.6 views

CVE-2025-32089 Dell ControlVault3 CvManager_SBI buffer overflow vulnerability

A buffer overflow vulnerability exists in the CvManagerSBI functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to a arbitrary code execution. An attacker can issue an api call to trigger this...

8.8CVSS0.00247EPSS
Exploits0References2
Rows per page
Query Builder