Lucene search
+L

1041 matches found

cvelist
cvelist
added yesterday35 views

CVE-2026-15779 Samba-winbind: samba: pam_winbind mkhomedir chowns critical system paths without validation

A flaw was found in samba's pamwinbind. When mkhomedir is enabled, pamwinbind chowns the target account's home directory without validating the path is not a critical system directory such as /. On affected systems, accounts with / as their home directory a common default for system accounts can...

6.1CVSS
Exploits0References5
euvd
euvd
added yesterday4 views

EUVD-2026-44662

A flaw was found in samba's pamwinbind. When mkhomedir is enabled, pamwinbind chowns the target account's home directory without validating the path is not a critical system directory such as /. On affected systems, accounts with / as their home directory a common default for system accounts can...

6.1CVSS6.1AI score
Exploits0References5
osv
osv
added 2026/06/30 11:7 a.m.3 views

SUSE-SU-2026:22454-1 Security update for dnsmasq

This update for dnsmasq fixes the following issues Update to 2.93: - CVE-2026-12725: heap buffer overflow in logquery when logging unsupported DS/DNSKEY replies bsc1268764...

7.5CVSS6.2AI score0.00754EPSS
Exploits1References5
thn
thn
added 2026/06/26 11:30 a.m.16 views

Guardian Agents: The Next Layer of Identity Governance

AI agents are moving through enterprise environments, inheriting permissions, traversing systems, and executing decisions at machine speed with minimal oversight. The identity infrastructure built to govern human access wasn't designed for autonomous actors, and the gap between what enterprises a...

6.2AI score
Exploits0
osv
osv
added 2026/06/25 10:34 p.m.4 views

GO-2026-5527 Argo Affected by SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go) in github.com/argoproj/argo-workflows

Argo Affected by SSO RBAC Delegation Nil Pointer Dereference DoS gatekeeper.go in github.com/argoproj/argo-workflows...

6.5CVSS5.8AI score0.00377EPSS
Exploits1References4
astralinux
astralinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: pNFS: Fixed a deadlock that occurred when returning a delegation during the open function. Ben Coddington reported seeing a hang in the following stack trace: 0 ffffd0b50e1774e0 schedule at ffffffff9ca05415 1 ffffd0b50e177548...

5.8AI score0.00168EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/24 12:0 a.m.14 views

PT-2026-51920

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the nfsd4 add rdaccess to wrdeleg function where the nfs4 file get access function may be incorrectly called to increment the nfs4 file access count if fp-fi fdsO RDON...

7.5CVSS5.7AI score0.00432EPSS
Exploits0References5
cve
cve
added 2026/06/23 4:8 p.m.32 views

CVE-2026-56115

CVE-2026-56115 is associated with a one-byte stack out-of-bounds write in dhcpcd up to 10.3.2, due to a malformed DHCPv6 OPTION_PD_EXCLUDE in dhcp6_makemessage() that an unauthenticated same-link attacker can trigger via DHCPv6 ADVERTISE with IA_PD /0. An attacker can corrupt adjacent stack memor...

8.8CVSS5.9AI score0.00307EPSS
Exploits1References2Affected Software1
ubuntu
ubuntu
added 2026/06/16 1:45 p.m.11 views

USN-8433-1: OpenStack Keystone vulnerabilities

It was discovered that OpenStack Keystone allowed restricted application credentials to create EC2 credentials. An authenticated attacker with only a reader role could possibly use this issue to bypass the role restrictions imposed on the application credential. CVE-2026-33551 It was discovered...

8.8CVSS5.8AI score0.00446EPSS
Exploits6
cvelist
cvelist
added 2026/06/12 7:59 p.m.35 views

CVE-2026-54361 MISP mass assignment vulnerabilities allow unauthorized modification of ownership and delegation records

MISP contained multiple mass assignment vulnerabilities in the handling of collections, tag collections, event delegations, and shadow attributes. Several controller actions accepted user-supplied fields that should have remained server-controlled, including record identifiers and ownership-relat...

8.8CVSS0.00262EPSS
Exploits0References1
euvd
euvd
added 2026/06/12 7:59 p.m.10 views

EUVD-2026-36554

MISP contained multiple mass assignment vulnerabilities in the handling of collections, tag collections, event delegations, and shadow attributes. Several controller actions accepted user-supplied fields that should have remained server-controlled, including record identifiers and ownership-relat...

8.8CVSS5.2AI score0.00262EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/12 7:59 p.m.9 views

CVE-2026-54361 MISP mass assignment vulnerabilities allow unauthorized modification of ownership and delegation records

MISP contained multiple mass assignment vulnerabilities in the handling of collections, tag collections, event delegations, and shadow attributes. Several controller actions accepted user-supplied fields that should have remained server-controlled, including record identifiers and ownership-relat...

8.8CVSS5.1AI score0.00262EPSS
Exploits0References1
osv
osv
added 2026/06/12 7:59 p.m.5 views

CVE-2026-54361 MISP mass assignment vulnerabilities allow unauthorized modification of ownership and delegation records

MISP contained multiple mass assignment vulnerabilities in the handling of collections, tag collections, event delegations, and shadow attributes. Several controller actions accepted user-supplied fields that should have remained server-controlled, including record identifiers and ownership-relat...

8.8CVSS5.9AI score0.00262EPSS
Exploits0References4
cve
cve
added 2026/06/04 5:50 p.m.22 views

CVE-2026-41235

CVE-2026-41235 affects Froxlor 2.3.6 where system.available_shells is used to present allowed shells but not enforced by server-side Ftps::add/ Ftps::update. An authenticated customer with shell delegation can submit an arbitrary shell (e.g., /bin/bash); with nssextrausers integration this shell ...

9.4CVSS5.9AI score0.00227EPSS
Exploits0References2
snyk
snyk
added 2026/05/29 3:36 p.m.9 views

Incorrect Authorization

Overview froxlor/froxlor is a server administration software. Affected versions of this package are vulnerable to Incorrect Authorization via the Ftps::add and Ftps::update functions. An attacker can gain unauthorized shell access and escalate privileges by submitting an arbitrary shell value...

9.4CVSS5.9AI score0.00227EPSS
Exploits0References2
nessus
nessus
added 2026/05/29 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-43000

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the memb...

8.8CVSS5.5AI score0.00328EPSS
Exploits1References2
osv
osv
added 2026/05/28 10:46 p.m.10 views

GHSA-QP9X-WP8F-QGJJ tuf has platform-dependent delegation path matching

DelegatedRole.istargetinpathpattern uses fnmatch.fnmatch to decide whether a given target path is authorized by a delegation's glob pattern. Python's fnmatch.fnmatch calls os.path.normcase on both arguments before matching. On POSIX hosts normcase is the identity function; on Windows hosts os.pat...

4CVSS5.8AI score
Exploits0References3
osv
osv
added 2026/05/28 9:32 p.m.4 views

GHSA-Q623-F4J4-P4XJ OpenStack Keystone has an Incorrect Authorization issue

An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token...

6CVSS5.8AI score0.00328EPSS
Exploits1References8
osv
osv
added 2026/05/28 7:16 p.m.4 views

PYSEC-2026-601

An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token...

8.8CVSS5.8AI score0.00328EPSS
Exploits1References6
osv
osv
added 2026/05/28 3:44 p.m.7 views

SUSE-SU-2026:21913-1 Security update for unbound

This update for unbound fixes the following issues - CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. - CVE-2026-33278: Possible remote code execution during DNSSEC validation bsc1265587. - CVE-2026-40622: "Ghost domain name" variant bsc1265581. - CVE-2026-41292: Parsing a long list of...

10CVSS6.5AI score0.01272EPSS
Exploits0References23
Rows per page
Query Builder