Lucene search
K

6108 matches found

OSV
OSV
added 6 days ago3 views

BIT-VAULT-2026-5051 Audit Log Plugin Directory Guard Bypass via Legacy path Option

HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used. This vulnerability CVE-2026-5051 is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17...

4.4CVSS6AI score0.00278EPSS
Exploits0References2
NOZOMI
NOZOMI
added 6 days ago4 views

DoS through oversized audit log entries in Guardian/CMC before 26.2.0

Summary A denial-of-service vulnerability caused by unbounded resource allocation was discovered in the audit logging functionality, due to a missing size limit on input recorded into audit entries. Impact An unauthenticated attacker can submit requests containing excessively large input that is...

8.7CVSS6AI score0.00274EPSS
Exploits0Affected Software2
OSV
OSV
added last week2 views

CVE-2026-43921 FOSSBilling vulnerable to arbitrary PHP code injection via unescaped config serialization

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.10 through 0.7.2 have a PHP code injection vulnerability in FOSSBilling's Config::prettyPrintArrayToPHP method. When configuration values are updated, string values are written into config.php without escaping...

8.9CVSS6.2AI score0.00274EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.11 views

PT-2026-56007

Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.6.0 through 0.7.2 Description A SQL injection issue exists in the Massmailer module filter functionality. An authenticated administrator can provide crafted filter values during the update of a mass email message, which...

6.9CVSS6.1AI score0.00218EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.13 views

PT-2026-56028

Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.6.10 through 0.7.2 Description An issue exists in the Config::prettyPrintArrayToPHP method where string values are written into the config.php file without escaping single quotes during configuration updates. Since...

8.9CVSS6.1AI score0.00274EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/07/02 1:50 p.m.7 views

GoFiber Vulnerable to X-Real-IP Spoofing via Header.Add() in BalancerForward

Summary The BalancerForward proxy helper in GoFiber uses Header.Add instead of Header.Set when injecting the X-Real-IP header. This appends the real client IP as a second header value rather than replacing any attacker-supplied value. Upstream servers that read the first X-Real-IP header nginx,...

5.3CVSS5.7AI score0.00455EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2026/07/02 9:16 a.m.10 views

CVE-2026-8147

In MLflow versions prior to 3.14.0, when running with authentication enabled, the trace API endpoints lack proper authorization validators. This allows any authenticated user to bypass experiment-level authorization controls on all trace operations, including reading, deleting, and modifying trac...

8.1CVSS0.00348EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/07/01 8:33 p.m.12 views

CVE-2026-5051

A flaw was found in HashiCorp Vault and Vault Enterprise. The audit device validation logic did not consistently apply plugin directory protections when a legacy file audit path option was used. This inconsistency could allow an attacker to bypass security controls, potentially leading to...

4.4CVSS5.6AI score0.00278EPSS
Exploits0References4
Chainguard
Chainguard
added 2026/07/01 8:21 p.m.13 views

CVE-2026-40034 vulnerabilities

Vulnerabilities for packages: jujutsu, cargo-audit...

8.5CVSS6.1AI score0.00351EPSS
Exploits0
Wolfi
Wolfi
added 2026/07/01 8:21 p.m.15 views

CVE-2026-40034 vulnerabilities

Vulnerabilities for packages: cargo-audit...

8.5CVSS5.8AI score0.00351EPSS
Exploits0
NVD
NVD
added 2026/07/01 6:16 p.m.10 views

CVE-2026-5051

HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used. This vulnerability CVE-2026-5051 is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17...

4.4CVSS0.00278EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 5:10 p.m.75 views

CVE-2026-5051

CVE-2026-5051 affects HashiCorp Vault and Vault Enterprise prior to 2.0.1. The audit device plugin directory guard could be bypassed when using the legacy file audit path option, because the file audit backend accepted the legacy path as a fallback and did not validate the destination against the...

4.4CVSS5.8AI score0.00278EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 5:10 p.m.48 views

CVE-2026-5051

HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used. This vulnerability CVE-2026-5051 is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17...

4.4CVSS5.8AI score0.00278EPSS
Exploits0References2Affected Software2
EUVD
EUVD
added 2026/07/01 5:10 p.m.8 views

EUVD-2026-41098

HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used. This vulnerability CVE-2026-5051 is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17...

4.4CVSS5.8AI score0.00278EPSS
Exploits0References1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2026/07/01 5:8 p.m.47 views

Vault Audit Device Plugin Directory Guard Bypass via Legacy Path Option

Summary HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used. This vulnerability CVE-2026-5051 is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17. Background Vault...

4.4CVSS6.1AI score0.00278EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2026/07/01 4:16 p.m.6 views

Important: Red Hat Security Advisory: Logging for Red Hat OpenShift - 6.4.6

Logging for Red Hat OpenShift - 6.4.6 Red Hat OpenShift Logging 6.4.6 is a cluster-wide logging solution for OpenShift that collects and manages applications, infrastructure, and audit logs...

9.6CVSS6.7AI score0.01557EPSS
Exploits2References11
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.11 views

PT-2026-54782

Name of the Vulnerable Software and Affected Versions HashiCorp Vault versions prior to 2.0.1 HashiCorp Vault Enterprise versions prior to 2.0.1 Description Audit device validation logic fails to consistently apply plugin directory protections when the legacy file audit path option is utilized...

4.4CVSS5.8AI score0.00278EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/30 2:57 a.m.10 views

CVE-2026-53287

In the Linux kernel, the following vulnerability has been resolved: audit: fix incorrect inheritable capability in CAPSET records auditlogcapset records the effective capability set into the inheritable field due to a copy-paste error. Every CAPSET audit record therefore reports cappi process...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References4
NVD
NVD
added 2026/06/29 2:16 p.m.8 views

CVE-2026-12616

The /v1/upload/sbom endpoint extracts the iss claim from the attacker-supplied JWT with signature verification disabled, then interpolates that string into three log statements before any validation gate. Because the configured log format "%asctimes - %names - %levelnames - %messages" renders...

6.9CVSS0.00308EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/29 1:23 p.m.8 views

EUVD-2026-40094

The /v1/upload/sbom endpoint extracts the iss claim from the attacker-supplied JWT with signature verification disabled, then interpolates that string into three log statements before any validation gate. Because the configured log format "%asctimes - %names - %levelnames - %messages" renders...

6.9CVSS5.8AI score0.00308EPSS
Exploits0References1
Rows per page
Query Builder