CVE-2026-6290

Velociraptor versions prior to 0.76.3 contain a vulnerability in the query plugin which allows access to all orgs with the user's current ACL token. This allows an authenticated GUI user with access in one org, to use the query plugin, in a notebook cell, to run VQL queries on other orgs which th...

Rapid7 Velociraptor < 0.75.8 / 0.76.x < 0.76.3 Incorrect Authorization (CVE-2026-6290)

The version of Rapid7 Velociraptor installed on the remote host is prior to 0.75.8 or 0.76.x prior to 0.76.3. It is, therefore, affected by an incorrect authorization vulnerability: - Velociraptor contains a vulnerability in the query plugin which allows access to all orgs with the user's current...

CVE-2026-6290

Velociraptor versions prior to 0.76.3 contain a vulnerability in the query plugin which allows access to all orgs with the user's current ACL token. This allows an authenticated GUI user with access in one org, to use the query plugin, in a notebook cell, to run VQL queries on other orgs which th...

CVE-2026-6290 Velociraptor Query() Plugin Misapplies Permissions To Orgs

Velociraptor versions prior to 0.76.3 contain a vulnerability in the query plugin which allows access to all orgs with the user's current ACL token. This allows an authenticated GUI user with access in one org, to use the query plugin, in a notebook cell, to run VQL queries on other orgs which th...

FreeBSD : Vaultwarden -- Multiple vulnerabilities (57f31f61-36a1-11f1-9839-8447094a420f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 57f31f61-36a1-11f1-9839-8447094a420f advisory. The Vaultwarden project reports: GHSA-937x-3j8m-7w7p Unconfirmed Owner Can Purge Entire Organization...

CVE-2023-47543

An authorization bypass through user-controlled key vulnerability CWE-639 in Fortinet FortiPortal version 7.0.0 through 7.0.3 allows an authenticated attacker to interact with ressources of other organizations via HTTP or HTTPS requests...