Lucene search
K

8 matches found

NVD
NVD
added yesterday3 views

CVE-2026-58251

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user with subscription deny permissions could bypass a plain subject deny rule by using a queue subscription, because queue-specific deny...

6.5CVSS
Exploits0References7
OSV
OSV
added 2026/06/16 7:11 p.m.5 views

GHSA-8XPQ-CJCF-3WH9 Deno: Permission Bypass via Unicode Normalization Mismatch on macOS (APFS)

Summary Deno's permission system enforces filesystem and execution restrictions by comparing the requested path against the path supplied to --deny-read, --deny-write, --deny-run, or --deny-ffi. On macOS, that comparison was done at the raw-byte level while the APFS filesystem treats different...

5.2CVSS5.8AI score0.00144EPSS
Exploits1References2
NVD
NVD
added 2026/05/08 4:16 p.m.22 views

CVE-2026-41070

openvpn-auth-oauth2 is a plugin/management interface client for OpenVPN server to handle an OIDC based single sign-on SSO auth flows. From version 1.26.3 to before version 1.27.3, when openvpn-auth-oauth2 is deployed in the experimental plugin mode shared library loaded by OpenVPN via the plugin...

10CVSS0.00438EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/30 1:58 p.m.9 views

tomcat: security constraint bypass with HTTP/0.9

A flaw was found in Tomcat. An improper input validation vulnerability allows an attacker to bypass security constraints. Specifically, if a security constraint is configured to permit HEAD requests to a URI but deny GET requests, a malformed or specification invalid HEAD request using the HTTP/0...

6.5CVSS7.2AI score0.00494EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/07 7:12 p.m.2 views

CVE-2026-39364 Vite has a `server.fs.deny` bypass with queries

Vite is a frontend tooling framework for JavaScript. From 7.1.0 to before 7.3.2 and 8.0.5, on the Vite dev server, files that should be blocked by server.fs.deny e.g., .env, .crt can be retrieved with HTTP 200 responses when query parameters such as ?raw, ?import&raw, or ?import&url&inline are...

8.2CVSS5.9AI score0.02095EPSS
Exploits1References1
OSV
OSV
added 2023/01/30 8:39 p.m.6 views

CLSA-2023-1675111190 Fix CVE(s): CVE-2022-28321

SECURITY UPDATE: access denial bypass in pamaccess.so - debian/patches-applied/CVE-2022-28321.patch: properly use getnameinfo and getaddrinfo to handle hostnames in access.conf, add freeaddrinfo to avoid memory leaks on return from networknetmaskmatch as well - CVE-2022-28321...

9.8CVSS7.3AI score0.01218EPSS
Exploits0References1
Symantec
Symantec
added 2016/04/07 8:0 a.m.37 views

Symantec ITMS Inventory Solution Application Denial Functionality Bypass

SUMMARY The Inventory Solution component of Symantecs IT Management Agent, the client portion of Symantec IT Management Suite ITMS powered by Altiris, can be configured to deny one or more applications from running on a windows managed client as part of IT management functions. A determined user...

2.1CVSS2.2AI score0.0033EPSS
Exploits0Affected Software1
OSV
OSV
added 2007/07/24 12:30 a.m.1 views

DEBIAN-CVE-2007-3949

modaccess.c in lighttpd 1.4.15 ignores trailing / slash characters in the URL, which allows remote attackers to bypass url.access-deny settings...

8.3CVSS7AI score0.03299EPSS
Exploits0References1
Rows per page
Query Builder