Lucene search
K

220036 matches found

Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-50883

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 1.2.0 through 3.16.0 Description A Use of Less Trusted Source issue exists where an attacker can leverage the wolf-rbac plugin under default configuration. This allows for the potential pollution of logs with spoofed...

5.8CVSS5.9AI score0.00314EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.13 views

PT-2026-50882

Name of the Vulnerable Software and Affected Versions FlexNet Manager Suite 2025 R1 FlexNet Manager Suite 2025 R2 Description Insufficient access control in the software could allow unauthorized access to attachment files. Recommendations At the moment, there is no information about a newer versi...

7.1CVSS5.8AI score0.00207EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/19 12:0 a.m.7 views

Lexmark Printers Improper Access Control (CVE-2019-10058)

Various Lexmark products have Incorrect Access Control. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid505497; scriptversion"1.3";...

9.1CVSS7.3AI score0.01082EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.11 views

PT-2026-50984

Name of the Vulnerable Software and Affected Versions libaom affected versions not specified Description Insufficient bounds validation in the AV1 encoder's SVC Scalable Video Coding layer ID control allows an attacker to provide crafted video frame pixels that overlap with internal encoder layer...

7.1CVSS6AI score0.00399EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.33 views

PT-2026-50850

Name of the Vulnerable Software and Affected Versions Dell Server Hardware Manager versions prior to 3.2.2 Description Improper Access Control allows a low privileged attacker with local access to potentially achieve Elevation of privileges, which is the act of gaining higher-level permissions th...

7.8CVSS5.9AI score0.001EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.12 views

PT-2026-50983

Name of the Vulnerable Software and Affected Versions libaom affected versions not specified Description A heap-buffer-overflow read occurs in the reference AV1 codec implementation due to a missing bounds check in the SVC Scalable Video Coding layer ID control function. This allows the spatial...

7.6CVSS5.7AI score0.00399EPSS
Exploits0References24
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-51109

Summary OpenBao users with access to the sys/leases/revoke/:lease id endpoint in any namespace can revoke leases in any other namespace as long as the lease identifier is known to them, bypassing ACLs that should apply for cross-namespace revocations. Impact OpenBao's namespaces provide...

2.1CVSS5.8AI score
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/19 12:0 a.m.5 views

Lexmark Printers Missing Authentication for Critical Function (CVE-2019-9934)

Various Lexmark products have Incorrect Access Control issue 1 of 2. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid505493; scriptversion"1.3";...

5.3CVSS6.1AI score0.00825EPSS
Exploits0References3
NVD
NVD
added 2026/06/18 10:16 p.m.20 views

CVE-2026-47647

Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a network...

9.9CVSS0.00426EPSS
Exploits0References1
CVE
CVE
added 2026/06/18 9:18 p.m.21 views

CVE-2026-8100

CVE-2026-8100 affects Chef 360. The issue arises from improper handling of URL-encoded paths during request processing, allowing an authenticated request to bypass standard access controls and access higher-privilege API endpoints under certain conditions. Impact is deployment/configuration depen...

9.4CVSS5.2AI score0.00401EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/18 5:22 p.m.16 views

Armeria: External Control of File Name or Path in xDS SDS DataSource

External Control of File Name or Path in xDS SDS DataSource Summary DataSourceStream in the :xds module resolves control-plane-supplied filename and environmentvariable fields from SDS Secret resources without any allow-list or base-directory confinement. A semi-trusted or compromised xDS control...

5.9CVSS5.5AI score0.00198EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/18 4:13 p.m.26 views

CVE-2026-54106 U.S. GAO EPDS and CBCA EDS network access control bypass

The U.S. Government Accountability Office GAO Electronic Protest Docketing System EPDS and Civilian Board of Contract Appeals CBCA Electronic Docketing System EDS do not validate X-Forwarded-For HTTP headers, allowing a remote attacker with compromised administrator credentials to bypass network...

5.1CVSS0.00289EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/06/18 2:33 p.m.5 views

WordPress Stylish Cost Calculator plugin <= 8.3.9 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by ParkHyunWoo in WordPress Plugin Stylish Cost Calculator versions = 8.3.9...

7.5CVSS5.8AI score0.00278EPSS
Exploits0Affected Software1
The Hacker News
The Hacker News
added 2026/06/18 2:30 p.m.12 views

Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2

Microsoft has disclosed details of a Windows-based cryptocurrency clipper campaign codenamed CryptoBandits that has targeted users since February 2026 with clipboard-intercepting malware with self-spreading capabilities and using the Tor anonymity network to hide communication. "The clipper in th...

6.4AI score
Exploits0
Patchstack
Patchstack
added 2026/06/18 2:20 p.m.5 views

WordPress Syncee Premium Dropshipping & Wholesale plugin <= 1.0.27 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by dodoh4t in WordPress Plugin Syncee Premium Dropshipping & Wholesale versions = 1.0.27...

7.5CVSS5.8AI score0.00278EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/18 2:17 p.m.12 views

CVE-2026-54222

UBB.threads is vulnerable to Blind SQL Injection, allowing attackers with access to the Members in Control Panel to interact with the underlying database. Due to insufficient input sanitization, an attacker can extract sensitive information, such as user credentials, by manipulating SQL queries...

8.6CVSS0.00305EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 2:17 p.m.3 views

ALPINE-CVE-2026-42490

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To create and manage guests, domctl operations are used by the control domain, a possible Xenstore domain, or by a domain controlling a particular guest. Some of these...

6.5CVSS5.8AI score0.002EPSS
Exploits0References1
NVD
NVD
added 2026/06/18 2:17 p.m.9 views

CVE-2026-12539

Docker Sandboxes sbx blocks ICMP egress with an authorizer applied only at network-creation time, and does not re-apply it to networks rebuilt from disk when the Docker daemon restarts, so a restart-surviving sandbox forwards ICMP to arbitrary hosts. A workload inside a sandbox, which the threat...

5.7CVSS0.00097EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/06/18 2:0 p.m.8 views

Dynamics 365 Elevation of Privilege Vulnerability

Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a network...

9.9CVSS5.8AI score0.00426EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/18 1:51 p.m.16 views

CVE-2026-12539 Docker Sandboxes ICMP egress restriction bypass after daemon restart

Docker Sandboxes sbx blocks ICMP egress with an authorizer applied only at network-creation time, and does not re-apply it to networks rebuilt from disk when the Docker daemon restarts, so a restart-surviving sandbox forwards ICMP to arbitrary hosts. A workload inside a sandbox, which the threat...

5.7CVSS0.00097EPSS
Exploits0References2
Rows per page
Query Builder