Lucene search
K

1015 matches found

Fedora
Fedora
added 2 days ago7 views

[SECURITY] Fedora 44 Update: acl-2.4.0-1.fc44

This package contains the getfacl and setfacl utilities needed for manipulating access control lists...

8.4CVSS6.1AI score0.00142EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-6280

Exposure of sensitive information due to incompatible policies vulnerability in NOMYSOFT Informatics Education and Consulting Inc. Nomysem allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Nomysem: through 08072026. NOTE: The vendor was contacted early about this...

6.5CVSS5.9AI score0.00223EPSS
Exploits0References2
NVD
NVD
added 6 days ago10 views

CVE-2026-11340

Missing Authorization vulnerability in HAVELSAN Inc. Liman MYS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liman MYS: before release.Master.1107...

8.3CVSS0.00195EPSS
Exploits0References1
CVE
CVE
added 6 days ago19 views

CVE-2026-11340

CVE-2026-11340 describes a Missing Authorization vulnerability in HAVELSAN’s Liman MYS prior to release.Master.1107, where functionality is accessible without proper ACL constraints. Core issue: access to certain features is not properly constrained by ACLs, enabling unauthorized access. Accordin...

8.3CVSS5.9AI score0.00195EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago9 views

CVE-2026-11340

Missing Authorization vulnerability in HAVELSAN Inc. Liman MYS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liman MYS: before release.Master.1107...

8.3CVSS5.9AI score0.00195EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42033

Missing Authorization vulnerability in HAVELSAN Inc. Liman MYS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liman MYS: before release.Master.1107...

8.3CVSS5.9AI score0.00195EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 6 days ago5 views

CVE-2026-14474

A flaw was found in SSSD's LDAP sudo provider. When the ldapsudosearchbase option is not explicitly configured, SSSD searches the entire LDAP directory tree for sudoRole objects. An authenticated attacker with write access to any subtree can inject a sudoRole object granting root-level sudo...

8.8CVSS5.9AI score0.00348EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 4:32 p.m.7 views

EUVD-2026-41087

Incorrect Authorization CWE-863 in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs CAPEC-1. Under certain conditions, a low-privileged authenticated user can access response action data that they are not authorized to vie...

5.3CVSS5.8AI score0.00181EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 2:16 p.m.5 views

UBUNTU-CVE-2026-54369

acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions aclgetfile, aclsetfile, aclextendedfile, and acldeletedeffile that allows local attackers to escalate privileges by replacing any pathname component with a symbolic link. Attackers who contr...

8.4CVSS5.9AI score0.00142EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/29 12:37 p.m.8 views

EUVD-2026-40085

acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions aclgetfile, aclsetfile, aclextendedfile, and acldeletedeffile that allows local attackers to escalate privileges by replacing any pathname component with a symbolic link. Attackers who contr...

8.4CVSS5.9AI score0.00142EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/29 12:37 p.m.11 views

CVE-2026-54369 acl < 2.4.0 Symlink Traversal Privilege Escalation via libacl Functions

acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions aclgetfile, aclsetfile, aclextendedfile, and acldeletedeffile that allows local attackers to escalate privileges by replacing any pathname component with a symbolic link. Attackers who contr...

8.4CVSS5.9AI score0.00142EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/22 1:3 p.m.7 views

CVE-2026-48772

A flaw was found in ProxySQL, a proxy for MySQL and its forks, as well as PostgreSQL. A remote attacker can exploit this vulnerability by sending a specially crafted PROXY protocol version 1 PP1 header with an 'UNKNOWN' protocol token. Despite the specification requiring these address fields to b...

10CVSS5.8AI score0.00185EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 7:28 p.m.4 views

CVE-2026-48772

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 2.0.0 through 3.0.8, the ProxySQL MySQL frontend accepts the PROXY UNKNOWN \r\n PP1 frame as a well-formed PROXY protocol header. The HAProxy PROXY protocol v1 specification says that when the protocol token is UNKNOW...

10CVSS5.8AI score0.00185EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.16 views

PT-2026-49226

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MasterStudy LMS Pro: from n/a before 4.7.16...

6.5CVSS5.2AI score0.00196EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 7:16 p.m.17 views

CVE-2026-53726

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.80 and 9.9.1-alpha.6, a relation query using the $relatedTo operator could read the membership of a Relation field even when that field was hidden from the requesting clie...

6.9CVSS0.00276EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 2:10 p.m.12 views

EUVD-2026-36437

Unrestricted upload of file with dangerous type vulnerability in Global IT Informatics Services Inc. WEOLL allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WEOLL: from 2.0.9 before 3.2.45.33...

8.7CVSS5.2AI score0.0021EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.21 views

PT-2026-48884

Name of the Vulnerable Software and Affected Versions WEOLL versions 2.0.9 through 3.2.45.32 Description An unrestricted file upload flaw allows the upload of dangerous file types. This issue enables attackers to access functionality that is not properly constrained by Access Control Lists ACLs,...

8.7CVSS5.2AI score0.0021EPSS
Exploits0References3
NVD
NVD
added 2026/06/11 10:16 a.m.14 views

CVE-2022-42479

Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Soledad: from n/a through 8.2.5...

5.4CVSS0.00177EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/11 9:47 a.m.10 views

EUVD-2022-56003

Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Soledad: from n/a through 8.2.5...

5.4CVSS5.4AI score0.00177EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.21 views

PT-2026-48633

Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Soledad: from n/a through 8.2.5...

5.4CVSS5.4AI score0.00177EPSS
Exploits0References2
Rows per page
Query Builder