Lucene search
+L

67 matches found

Cvelist
Cvelist
added 2026/03/27 6:30 p.m.31 views

CVE-2026-34386 Fleet vulnerable to SQL injection in MDM bootstrap package by authenticated team or global admin

Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet...

8.7CVSS0.00318EPSS
Exploits0References1
OSV
OSV
added 2026/03/27 6:30 p.m.9 views

CVE-2026-34386 Fleet vulnerable to SQL injection in MDM bootstrap package by authenticated team or global admin

Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet...

8.7CVSS6AI score0.00318EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/10 9:31 p.m.6 views

EUVD-2020-30832

All-Dynamics Digital Signage System 2.0.2 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft a malicious web page that automatically submits forms to create a new user with global...

8.6CVSS6.3AI score0.00233EPSS
Exploits1References5
Snyk
Snyk
added 2025/10/24 3:6 p.m.4 views

Improper Preservation of Permissions

Overview Affected versions of this package are vulnerable to Improper Preservation of Permissions due to the improper removal of ClusterRoleBinding objects when a custom administrative global role or its binding is deleted. An attacker can retain unauthorized access to clusters by leveraging...

4.8CVSS6.9AI score0.00208EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-0097

Malware in sbrugna...

8.8CVSS8.1AI score0.04918EPSS
Exploits0References21
HackRead
HackRead
added 2025/09/23 9:23 p.m.8 views

Microsoft Fixed Entra ID Vulnerability Allowing Global Admin Impersonation

Microsoft patched an Entra ID vulnerability that let attackers impersonate Global Admins across tenants, risking full Microsoft 365 and Azure takeover...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-12689

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope trust/oauth/application credential can...

8.8CVSS7.7AI score0.01562EPSS
Exploits0References2
OSV
OSV
added 2024/12/11 6:42 p.m.5 views

GHSA-C7XH-GJV4-4JGV kcp's impersonation allows access to global administrative groups

Impact Impersonation is a feature of the Kubernetes API, allowing to override user information. As downstream project, kcp inherits this feature. As per the linked documentation a specific level of privilege usually assigned to cluster admins is required for impersonation. The vulnerability in kc...

6.4CVSS7AI score
Exploits0References5
CNNVD
CNNVD
added 2024/02/15 12:0 a.m.7 views

Fortinet FortiClient EMS 安全漏洞

Fortinet FortiClientEMS is part of Fortinet's Endpoint Management solution from Fortinet, a U.S.-based company, and is designed to help organizations effectively manage endpoint devices in their networks and provide monitoring and control of endpoint security. An improper privilege management...

8.8CVSS6.8AI score0.00823EPSS
Exploits0References2
OSV
OSV
added 2022/05/24 5:17 p.m.5 views

GHSA-CHGW-36XV-47CW OpenStack Keystone EC2 and/or credential endpoints are not protected from a scoped context

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope trust/oauth/application credential can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially...

8.8CVSS8.4AI score0.01562EPSS
Exploits0References10
Kitploit
Kitploit
added 2022/01/30 11:30 a.m.27 views

CRT - CrowdStrike Reporting Tool for Azure

This tool queries the following configurations in the Azure AD/O365 tenant which can shed light on hard-to-find permissions and configuration settings in order to assist organizations in securing these environments. Exchange Online O365: Federation Configuration Federation Trust Client Access...

7.5AI score
Exploits0References1
Hacker One
Hacker One
added 2021/01/04 4:20 a.m.49 views

Palo Alto Software: [Bypass #870709] Unauthorised access to pagespeed global admin at https://webtools.paloalto.com/

Hi team, I found bypass of report 870709. Just by using X-Forwarded-For: 127.0.0.1 you can again get access to global admin page. Bypass request Request GET /pagespeed-global-admin/ HTTP/1.1 Host: webtools.paloalto.com X-Forwarded-For: 127.0.0.1...

0.4AI score
Exploits0
Hacker One
Hacker One
added 2020/05/11 11:33 a.m.213 views

Palo Alto Software: Unauthorised access to pagespeed global admin at https://webtools.paloalto.com/

Summary: I came across this subdomain https://webtools.paloalto.com/ which took my attention, after a bit enumeration I found an endpoint which allows anyone to access PageSpeed Global Admin without any type of authentication. Vulnerable URL: https://webtools.paloalto.com/pagespeed-global-admin/...

1.1AI score
Exploits0
OSV
OSV
added 2020/05/07 12:15 a.m.27 views

CVE-2020-12689

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope trust/oauth/application credential can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially...

8.8CVSS8.5AI score
Exploits0References6
NVD
NVD
added 2020/05/07 12:15 a.m.31 views

CVE-2020-12689

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope trust/oauth/application credential can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially...

8.8CVSS8.5AI score0.01562EPSS
Exploits0References6
OSV
OSV
added 2020/05/07 12:15 a.m.3 views

DEBIAN-CVE-2020-12689

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope trust/oauth/application credential can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially...

8.8CVSS7.9AI score0.01562EPSS
Exploits0References1
OSV
OSV
added 2020/05/07 12:15 a.m.25 views

CVE-2020-12691

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user...

8.8CVSS8.6AI score
Exploits0References7
OSV
OSV
added 2020/05/07 12:15 a.m.3 views

DEBIAN-CVE-2020-12691

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user...

8.8CVSS8AI score0.04918EPSS
Exploits0References1
Prion
Prion
added 2020/05/07 12:15 a.m.24 views

Code injection

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope trust/oauth/application credential can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially...

6.5CVSS8.3AI score0.01562EPSS
Exploits0References6Affected Software2
PyPA
PyPA
added 2020/05/07 12:15 a.m.8 views

PYSEC-2020-53

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope trust/oauth/application credential can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially...

8.8CVSS6.8AI score0.01562EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder