Lucene search
K

32 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.9 views

CVE-2026-35223

An improper access check allows unauthorized access to comconfig webservice endpoints...

9.8CVSS5.5AI score0.00348EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/29 10:4 p.m.11 views

Malicious Package

Overview @timelycare/config-service is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.8AI score
Exploits0References2
EUVD
EUVD
added 2026/05/05 12:30 a.m.24 views

EUVD-2026-27149

Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin authenticated user to place arbitrary files into arbitrary locations bypassing file system permission protections, leadi...

8.5CVSS5.9AI score0.00122EPSS
Exploits0References2
NVD
NVD
added 2026/05/04 10:16 p.m.32 views

CVE-2026-7791

Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin authenticated user to place arbitrary files into arbitrary locations bypassing file system permission protections, leadi...

8.5CVSS0.00122EPSS
Exploits0References1
CVE
CVE
added 2026/05/04 10:7 p.m.17 views

CVE-2026-7791

CVE-2026-7791 concerns the Skylight Workspace Config Service in Amazon WorkSpaces for Windows prior to version 2.6.2034.0 . A flaw in log rotation privilege management lets a local non-admin authenticated user place arbitrary files in arbitrary locations, bypassing file system permissions and ena...

8.5CVSS5.9AI score0.00122EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/04 10:7 p.m.7 views

CVE-2026-7791

Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin authenticated user to place arbitrary files into arbitrary locations bypassing file system permission protections, leadi...

8.5CVSS5.9AI score0.00122EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/04 10:7 p.m.5 views

CVE-2026-7791

Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin authenticated user to place arbitrary files into arbitrary locations bypassing file system permission protections, leadi...

8.5CVSS5.9AI score0.00122EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/04 10:7 p.m.53 views

CVE-2026-7791

Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin authenticated user to place arbitrary files into arbitrary locations bypassing file system permission protections, leadi...

8.5CVSS0.00122EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:15 p.m.4 views

CVE-2026-4215

A security flaw has been discovered in FlowCI flow-core-x up to 1.23.01. The impacted element is the function Save of the file core/src/main/java/com/flowci/core/config/service/ConfigServiceImpl.java of the component SMTP Host Handler. The manipulation results in server-side request forgery. The...

6.5CVSS6AI score0.00201EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/22 6:21 p.m.7 views

Malicious code in eslint-config-service-users (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e4e2d9cbfd1dc174c6898b4375b8d4417da80c535833d43c5a4ae977252e9269 The package eslint-config-service-users was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References4
NVD
NVD
added 2026/03/16 2:20 p.m.3 views

CVE-2026-4215

A security flaw has been discovered in FlowCI flow-core-x up to 1.23.01. The impacted element is the function Save of the file core/src/main/java/com/flowci/core/config/service/ConfigServiceImpl.java of the component SMTP Host Handler. The manipulation results in server-side request forgery. The...

6.5CVSS0.00201EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/16 4:32 a.m.28 views

CVE-2026-4215 FlowCI flow-core-x SMTP Host ConfigServiceImpl.java save server-side request forgery

A security flaw has been discovered in FlowCI flow-core-x up to 1.23.01. The impacted element is the function Save of the file core/src/main/java/com/flowci/core/config/service/ConfigServiceImpl.java of the component SMTP Host Handler. The manipulation results in server-side request forgery. The...

6.5CVSS0.00201EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/16 4:32 a.m.1 views

CVE-2026-4215 FlowCI flow-core-x SMTP Host ConfigServiceImpl.java save server-side request forgery

A security flaw has been discovered in FlowCI flow-core-x up to 1.23.01. The impacted element is the function Save of the file core/src/main/java/com/flowci/core/config/service/ConfigServiceImpl.java of the component SMTP Host Handler. The manipulation results in server-side request forgery. The...

6.5CVSS6.1AI score0.00201EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.6 views

PT-2026-25611

A security flaw has been discovered in FlowCI flow-core-x up to 1.23.01. The impacted element is the function Save of the file core/src/main/java/com/flowci/core/config/service/ConfigServiceImpl.java of the component SMTP Host Handler. The manipulation results in server-side request forgery. The...

6.5CVSS5.3AI score0.00201EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/14 6:30 p.m.5 views

EUVD-2025-34326

Out-of-bounds read in Windows WLAN Auto Config Service allows an authorized attacker to disclose information locally...

5.5CVSS8.8AI score0.00372EPSS
Exploits0References2
OSV
OSV
added 2025/10/14 5:15 p.m.3 views

CVE-2025-55695

Out-of-bounds read in Windows WLAN Auto Config Service allows an authorized attacker to disclose information locally...

3.3CVSS5.8AI score0.00372EPSS
Exploits0References1
NVD
NVD
added 2025/10/14 5:15 p.m.3 views

CVE-2025-55695

Out-of-bounds read in Windows WLAN Auto Config Service allows an authorized attacker to disclose information locally...

5.5CVSS0.00372EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2022-3800

Malicious code in bioql PyPI...

5.5CVSS5.2AI score0.01836EPSS
Exploits0References8
Prion
Prion
added 2023/03/31 4:15 p.m.19 views

Command injection

The web configuration service of the affected device contains an authenticated command injection vulnerability. It can be used to execute system commands on the operating system OS from the device in the context of the user "root." If the attacker has credentials for the web service, then the...

6CVSS9.3AI score0.01142EPSS
Exploits0References1Affected Software1
Citrix
Citrix
added 2022/06/03 12:0 a.m.7 views

Unable to load settings with Global App Config Service on Citrix Workspace app Chrome OS/HTML5

If the administrator has rolled out any settings via Global App Config Service and a user launches the Citrix Workspace app, it may happen that the settings rolled out previously by the administrator may not be applied. If the administrator now tries to roll out any new settings via Global App...

7AI score
Exploits0
Rows per page
Query Builder