Lucene search
K

412 matches found

NVD
NVD
added 2026/06/26 5:16 p.m.10 views

CVE-2026-28385

In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery SSRF vulnerability in the image import functionality allows authenticated users with the cancreateimages entitlement to interact with internal network infrastructure via the /images endpoint. When importing an image from a...

5CVSS0.0017EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/06/26 4:23 p.m.9 views

CVE-2026-28385

In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery SSRF vulnerability in the image import functionality allows authenticated users with the cancreateimages entitlement to interact with internal network infrastructure via the /images endpoint. When importing an image from a...

5CVSS5.8AI score0.0017EPSS
Exploits1
GithubExploit
GithubExploit
added 2026/05/31 3:26 a.m.98 views

rm-oneview-poc

RM OneView — Proof of Concept A working POC of the Relationsh...

5.9AI score
Exploits0
OSV
OSV
added 2026/05/26 1:30 p.m.4 views

GHSA-VR35-JM2F-8WG2 Apache Syncope Vulnerable to Exposure of Sensitive Information Through Data Queries

Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope. An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which allows any administrator with sufficient entitlements for User read to access User-related...

4.9CVSS5.7AI score0.00436EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/25 5:0 p.m.9 views

Improper Isolation or Compartmentalization

Overview Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the GroovyInterceptor initialization of classes via GroovySandbox. An administrator user with the Implementations entitlement can execute arbitrary code by creating a malicious Groovy class...

8.6CVSS6.3AI score0.00652EPSS
Exploits0References2
OSV
OSV
added 2026/05/25 3:0 p.m.4 views

CVE-2026-42797 Apache Syncope: JexlContextBuilder Information Disclosure

Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope. An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which allows any administrator with sufficient entitlements for User read to access User-related...

4.9CVSS5.9AI score0.00436EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/13 2:21 p.m.11 views

CVE-2026-28873

This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4. An app may be able to circumvent App Privacy Report logging...

7.5CVSS5.8AI score0.00308EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 9:31 p.m.11 views

EUVD-2026-29223

This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4. An app may be able to circumvent App Privacy Report logging...

5.8AI score0.00308EPSS
Exploits0References3
NVD
NVD
added 2026/05/11 9:18 p.m.12 views

CVE-2026-28873

This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4. An app may be able to circumvent App Privacy Report logging...

7.5CVSS0.00308EPSS
Exploits0References2
CVE
CVE
added 2026/05/11 8:8 p.m.17 views

CVE-2026-28873

The CVE-2026-28873 issue stems from insufficient entitlement checks that could allow an app to bypass App Privacy Report logging. Affected products include Apple iOS and iPadOS, with fixes in iOS 18.7.9, iPadOS 18.7.9, iOS 26.4, and iPadOS 26.4. The underlying root cause is entitlement verificati...

7.5CVSS5.8AI score0.00308EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2026/05/11 8:8 p.m.7 views

CVE-2026-28873

This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4. An app may be able to circumvent App Privacy Report logging...

5.8AI score0.00308EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/11 8:8 p.m.37 views

CVE-2026-28873

This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4. An app may be able to circumvent App Privacy Report logging...

0.00308EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.12 views

PT-2026-39766

Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.7.9 iOS versions prior to 26.4 iPadOS versions prior to 18.7.9 iPadOS versions prior to 26.4 Description An application may be able to circumvent App Privacy Report logging. This issue is addressed by implementing...

7.5CVSS5.8AI score0.00308EPSS
Exploits0References4
Qualys Blog
Qualys Blog
added 2026/05/06 4:0 p.m.9 views

Before the Breach, There Was a Test Environment

Key Takeaways Most security failures do not begin where they are discovered. By the time risk becomes visible in production, the decisions that created it are often already sitting in test environments. “Temporary” test infrastructure often becomes permanent, creating persistent misconfigurations...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/25 7:22 a.m.6 views

CVE-2026-35431

Server-side request forgery ssrf in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network...

10CVSS5.2AI score0.00511EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/24 12:31 a.m.8 views

EUVD-2026-25312

Server-side request forgery ssrf in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network...

10CVSS5.8AI score0.00511EPSS
Exploits0References2
NVD
NVD
added 2026/04/23 10:16 p.m.9 views

CVE-2026-35431

Server-side request forgery ssrf in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network...

10CVSS0.00511EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/23 9:37 p.m.5 views

CVE-2026-35431

Server-side request forgery ssrf in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network...

10CVSS5.8AI score0.00511EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/23 9:37 p.m.33 views

CVE-2026-35431 Microsoft Entra ID Entitlement Management Spoofing Vulnerability

...

10CVSS0.00511EPSS
Exploits0References1
CVE
CVE
added 2026/04/23 9:37 p.m.82 views

CVE-2026-35431

CVE-2026-35431 covers a spoofing vulnerability in Microsoft Entra ID Entitlement Management. The entry indicates a remote, network-exploitable flaw with no user interaction, causing high impact to confidentiality, integrity, and availability (S:C, C:H, I:H, A:H). Exploit code maturity is UNPROVEN...

10CVSS5.8AI score0.00511EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder