GHSA-J6CV-3W8P-VRG8 KubeVirt's authorization mechanism improperly truncates subresource names

A flaw was found in KubeVirt's Role-Based Access Control RBAC evaluation logic. The authorization mechanism improperly truncates subresource names, leading to incorrect permission evaluations. This allows authenticated users with specific custom roles to gain unauthorized access to subresources,...

Vert.x Web static handler component cache can be manipulated to deny the access to static files

The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component used b...

EUVD-2025-4636

Malicious code in bioql PyPI...

Authorization Bypass

github.com/authzed/spicedb is vulnerable to Authorization Bypass. The vulnerability is due to incorrect handling of multiple caveats on the same indirect subject type. It allows an attacker to deny legitimate access, resulting in incorrect "no permission" responses when permissions should be...

Exploit for Code Injection in Weblizar School_Management

cve-2022-1609...

pcs: improper authentication via PAM

A flaw was found in the Pacemaker configuration tool pcs. The pcs daemon allowed expired accounts and accounts with expired passwords to log in when using PAM authentication. Unprivileged, expired accounts with previously denied access could still log in...

Exploit for Code Injection in Xmlhttprequest_Project Xmlhttprequest

CVE-2020-28502 node-XMLHttpRequest RCE NVD Description Th...

Exploit for CVE-2021-28480

ExchangeRCE-CVE-2021-28480 THIS IS NOT A REAL EXPLOIT IT IS A...

Exploit for Path Traversal in F5 Big-Ip_Access_Policy_Manager

c...

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Apple Ipados

kr00k PoC of CVE-2019-15126 kr00k vulnerability Installati...

CVE-2019-19620

In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file. This is limited in scope to the collection of process-execution telemetry, for executions against specific files where the...

iOS 13 Bug Lets 3rd-Party Keyboards Gain 'Full Access' — Even When You Deny

Following the release of iOS 13 and iPadOS earlier this week, Apple has issued an advisory warning iPhone and iPad users of an unpatched security bug impacting third-party keyboard apps. On iOS, third-party keyboard extensions can run entirely standalone without access to external services and...

File access control rules not applied to image previews (NC-SA-2018-002)

A missing check for read permissions allowed users that received an incomming share containing files tagged so they should be denied access to still request a preview for those files...

Mandriva Update for samba MDKA-2007:001 (samba)

Check for the Version of samba OpenVAS Vulnerability Test Mandriva Update for samba MDKA-2007:001 samba Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...