Lucene search
K

18 matches found

Cvelist
Cvelist
added 2026/04/28 1:42 p.m.32 views

CVE-2026-40968 Spring gRPC SecurityContext leaks across requests on authorization failure

When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions:...

4.2CVSS0.00171EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/28 1:42 p.m.3 views

CVE-2026-40968 Spring gRPC SecurityContext leaks across requests on authorization failure

When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions:...

4.2CVSS5.2AI score0.00171EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-25636

Malicious code in bioql PyPI...

7.8CVSS6.6AI score0.0012EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/05 5:27 a.m.7 views

CVE-2023-21468

Improper access control vulnerability in Telephony prior to SMR Apr-2023 Release 1 allows attackers to access files with escalated permission...

7.8CVSS6.7AI score0.0012EPSS
Exploits0References1
NVD
NVD
added 2025/09/03 6:15 a.m.6 views

CVE-2023-21468

Improper access control vulnerability in Telephony prior to SMR Apr-2023 Release 1 allows attackers to access files with escalated permission...

7.8CVSS0.0012EPSS
Exploits0References1
OSV
OSV
added 2025/09/03 6:15 a.m.5 views

CVE-2023-21468

Improper access control vulnerability in Telephony prior to SMR Apr-2023 Release 1 allows attackers to access files with escalated permission...

7.8CVSS5.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/03 5:17 a.m.6 views

CVE-2023-21468

Improper access control vulnerability in Telephony prior to SMR Apr-2023 Release 1 allows attackers to access files with escalated permission...

5.9CVSS6.2AI score0.0012EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/03 5:17 a.m.7 views

CVE-2023-21468

Improper access control vulnerability in Telephony prior to SMR Apr-2023 Release 1 allows attackers to access files with escalated permission...

5.9CVSS0.0012EPSS
Exploits0References1
CVE
CVE
added 2025/09/03 5:17 a.m.16 views

CVE-2023-21468

CVE-2023-21468 involves an improper access-control issue in Samsung Telephony prior to SMR Apr-2023 Release 1. The vulnerability permits access to files with escalated permissions due to insufficient access restrictions in the Telephony component. Affected product scope is Samsung Mobile devices;...

7.8CVSS6.2AI score0.0012EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/03 12:0 a.m.7 views

PT-2025-35661

Name of the Vulnerable Software and Affected Versions: Telephony versions prior to SMR Apr-2023 Release 1 Description: An improper access control issue exists in Telephony. This allows attackers to access files with escalated permission. Recommendations: Update Telephony to SMR Apr-2023 Release 1...

5.9CVSS6.3AI score0.0012EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/09/16 11:58 p.m.46 views

CVE-2024-7387 Openshift/builder: path traversal allows command injection in privileged buildcontainer using docker build strategy

A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the “Docker” strategy, executable files inside the privileged build containe...

9.1CVSS0.02321EPSS
Exploits3References10
RedhatCVE
RedhatCVE
added 2020/05/07 7:39 p.m.28 views

CVE-2020-12690

A flaw was found in Keystone, where it inadvertently provided OAuth1 access tokens to every role assignment the creator had for a project, resulting in giving more permissions and escalated access in role assignments than intended. The greatest impact is on confidentiality...

6.5CVSS3.4AI score0.01896EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2020/05/07 7:39 p.m.32 views

CVE-2020-12689

A vulnerability was found in Keystone's EC2 credentials API. This flaw allows any user authenticated within a limited scope trust/OAuth/application credential to create an EC2 credential with escalated permissions, for example, obtaining an "admin" role, while the user is on a limited "viewer" ro...

6.5CVSS2.5AI score0.01562EPSS
Exploits0References4
OSV
OSV
added 2020/05/07 12:15 a.m.3 views

UBUNTU-CVE-2020-12689

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope trust/oauth/application credential can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially...

8.8CVSS7.3AI score0.01562EPSS
Exploits0References4
Prion
Prion
added 2019/07/16 2:15 p.m.24 views

Command injection

Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions...

6.5CVSS8.9AI score0.01846EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/07/16 1:44 p.m.23 views

CVE-2019-1576

Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user’s permissions...

9AI score0.01846EPSS
Exploits0References1
Hacker One
Hacker One
added 2019/06/19 4:50 a.m.93 views

Nextcloud: User with read-only access to a share can gain write access to sub-folders in the share

user0 creates folders /test and /test/sub user0 creates file /test/sub/file.txt user0 shares folder /test with user1 with read+share permissions 17 user1 receives the folder /test and can read-download /test/sub/file.txt - good user1 creates a link share of /test/sub - it has permissions 1...

4CVSS6.8AI score0.01056EPSS
Exploits0
Veracode
Veracode
added 2019/01/15 9:14 a.m.28 views

Command Injection

ansible is vulnerable to command injection. It is possible due to a lack of the returned facts validation, allowing a remote host running ansible or via escalated permissions to alter connection or interpreter settings by injecting malicious command through it...

9.1CVSS9.2AI score0.03253EPSS
Exploits0References16Affected Software2
Rows per page
Query Builder