Lucene search
K

19 matches found

Cvelist
Cvelist
added 2026/06/12 8:55 p.m.31 views

CVE-2026-54397 MISP event editing allows unauthorized assignment to undisclosed sharing groups

A vulnerability in MISP’s non-REST event editing path allowed an authenticated user with event edit permissions to manipulate the submitted form data and set an event’s sharinggroupid to a sharing group they were not authorized to use. When distribution was set to sharing group distribution, the...

6.1CVSS0.00226EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 5:43 a.m.6 views

BIT-KAFKA-2026-41115 Apache Kafka: Improper Authorization in CONSUMER_GROUP_DESCRIBE API

An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMERGROUPDESCRIBE 69 API validates the DESCRIBE operation on the GROUP resource instead of the READ operation that documented in the official kafka documentation and the KIP-848. This...

4.3CVSS5.4AI score0.00288EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/02 8:56 a.m.40 views

CVE-2026-41115 Apache Kafka: Improper Authorization in CONSUMER_GROUP_DESCRIBE API

An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMERGROUPDESCRIBE 69 API validates the DESCRIBE operation on the GROUP resource instead of the READ operation that documented in the official kafka documentation and the KIP-848. This...

0.00288EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.24 views

PT-2026-45725

Name of the Vulnerable Software and Affected Versions Apache Kafka affected versions not specified Description An improper authorization issue exists in the 'CONSUMER GROUP DESCRIBE' 69 API. The implementation validates the DESCRIBE operation on the GROUP resource, which contradicts the READ...

4.3CVSS5.8AI score0.00288EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.7 views

Red Hat Ansible Automation Platform 安全漏洞

The Red Hat Ansible Automation Platform is a unified solution for strategic automation provided by Red Hat Inc. There is a security vulnerability in the Red Hat Ansible Automation Platform. This vulnerability stems from the /etc/passwd file being set with writeable group permissions during the...

6.4CVSS5.8AI score0.00147EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/24 1:57 a.m.4 views

CVE-2026-24420 phpMyFAQ: Attachment download allowed without dlattachment right (broken access control)

phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below allow an authenticated user without the dlattachment permission to download FAQ attachments due to a incomprehensive permissions check. The presence of a right key is improperly validated as proof of authorization in...

6.5CVSS5.8AI score0.0042EPSS
Exploits1References1
CVE
CVE
added 2026/01/24 1:57 a.m.18 views

CVE-2026-24420

phpMyFAQ vulnerability CVE-2026-24420 affects versions 4.0.16 and older, where an authenticated user lacking the dlattachment right can download attachments due to a flawed permissions check in attachment.php. The access decision incorrectly treats the mere presence of a permission key as authori...

6.5CVSS5.4AI score0.0042EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-7807

Malware in sbrugna...

8.8CVSS8.6AI score0.01067EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-19297

Malware in sbrugna...

7.5CVSS7.5AI score0.00826EPSS
Exploits0References2
NVD
NVD
added 2023/12/01 7:15 a.m.15 views

CVE-2023-4658

An issue has been discovered in GitLab EE affecting all versions starting from 8.13 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the Allowed to merge permission as a guest user, when granted t...

3.1CVSS0.00385EPSS
Exploits0References2
OSV
OSV
added 2022/05/28 8:56 a.m.7 views

MGASA-2022-0210 Updated golang packages fix security vulnerability

The syscall.Faccessat function checks whether the calling process can access a file. Faccessat contains a bug where it checks a file’s group permission bits if the process’s user is a member of the process’s group rather than a member of the file’s group. CVE-2022-29526...

5.3CVSS8.6AI score0.02593EPSS
Exploits1References4
Huntr
Huntr
added 2022/05/08 10:5 a.m.27 views

Authentication Bypass Using an Alternate Path or Channel

Steps to reproduce 1. 1. Log into Administrator account 2. 2. Navigate to User section 3. 3. Create a new User, call it testUser pass is 12345678 4. 4. Navigate to Groups section and create a new group, call it testGroup 5. 5. Give a "manage:group" permission for testGroup and assign testUser...

9CVSS6.9AI score0.01801EPSS
Exploits1
CNNVD
CNNVD
added 2022/05/06 12:0 a.m.5 views

Piwigo SQL注入漏洞

Piwigo is a Web-based open source photo gallery software. The software includes features such as image management, image categorization and permission management. Piwigo admin/userperm.php has a SQL injection vulnerability that can be exploited by an attacker to inject it into admin.php via the...

8.8CVSS8.1AI score0.00928EPSS
Exploits1References2
OSV
OSV
added 2020/08/08 9:15 p.m.3 views

CVE-2020-15825

In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges...

8.8CVSS7.3AI score
Exploits0References2
NVD
NVD
added 2020/08/08 9:15 p.m.15 views

CVE-2020-15825

In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges...

8.8CVSS8.8AI score0.01067EPSS
Exploits0References2
OSV
OSV
added 2019/03/13 10:29 p.m.3 views

CVE-2019-6601

In BIG-IP 13.0.0, 12.1.0-12.1.3.7, 11.6.1-11.6.3.2, or 11.5.1-11.5.8, the Application Acceleration Manager AAM wamd process used in processing of images and PDFs fails to drop group permissions when executing helper scripts...

5.5CVSS6.1AI score0.00322EPSS
Exploits0References2
OSV
OSV
added 2015/02/26 11:22 a.m.8 views

USN-2516-1 linux vulnerabilities

A flaw was discovered in the Kernel Virtual Machine's KVM emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS crash or potentially gain privileges on the guest OS...

7.8CVSS7AI score0.05489EPSS
Exploits4References13
Tenable Nessus
Tenable Nessus
added 2005/08/29 12:0 a.m.37 views

Network Time Protocol Daemon (ntpd) < 4.2.1 -u Group Permission Weakness Privilege Escalation

According to its version number, the NTP Network Time Protocol server running on the remote host is affected by a flaw that causes it to run with the permissions of a privileged user if a group name rather than a group ID is specified on the command line. A local attacker, who has managed to...

4.6CVSS5.5AI score0.00445EPSS
Exploits0References2
Atlassian
Atlassian
added 2002/05/22 12:31 p.m.218 views

Problem when signing up for new user Account from login page

I signed up for a new user account from the login page, filled in a username, password, name and e-mail. Then I tried to login with the new username and got this exception: java.lang.NullPointerException at com.opensymphony.module.user.User.getGroupsUser.java:94 at...

0.4AI score
Exploits0
Rows per page
Query Builder