Lucene search
+L

566 matches found

Cvelist
Cvelist
added 2026/02/20 10:29 p.m.22 views

CVE-2026-27125 Svelte SSR attribute spreading includes inherited properties from prototype chain

svelte performance oriented web framework. Prior to 5.51.5, in server-side rendering, attribute spreading on elements e.g. enumerates inherited properties from the object's prototype chain rather than only own properties. In environments where Object.prototype has already been polluted — a...

5.3CVSS0.00377EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.10 views

Intel Graphics Software 安全漏洞

Intel Graphics Software is a graphics configuration management tool developed by Intel, a company in the United States. Versions of Intel Graphics Software prior to 25.30.1702.0 contained security vulnerabilities, which were caused by insecure permission inheritance, potentially leading to...

6.7CVSS5.8AI score0.00109EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.3 views

Astra Linux – Vulnerability in libcap2

The PAM module pamcap.so in the libcap configuration suite allows for group names that start with “@”. However, during actual parsing, configurations that do not start with “@” are incorrectly recognized as group names. This can lead to unintended users being granted a set of inherited...

6.1CVSS6.7AI score0.00156EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.3 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002660)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002660 advisory. The XFSISREALTIMEINODE macro in fs/xfs/xfslinux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users...

5.5CVSS6.6AI score0.00418EPSS
Exploits0References11
OpenVAS
OpenVAS
added 2026/01/14 12:0 a.m.7 views

Huawei EulerOS: Security Advisory for proftpd (EulerOS-SA-2026-1097)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.02204EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2026/01/14 12:0 a.m.4 views

Huawei EulerOS: Security Advisory for proftpd (EulerOS-SA-2026-1035)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.02204EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2026/01/14 12:0 a.m.3 views

Huawei EulerOS: Security Advisory for proftpd (EulerOS-SA-2026-1056)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.02204EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/07 12:0 a.m.5 views

Mattermost Desktop < 6.0.0 (macOS) (MMSA-2025-00504)

The version of Mattermost Desktop installed on the remote host is prior to 6.0.0. It is, therefore, affected by a vulnerability as referenced in the MMSA-2025-00504 advisory: - Mattermost Desktop App versions 6.0.0 fail to enable the Hardened Runtime on the Mattermost Desktop App when packaged fo...

3.9CVSS5.8AI score0.00097EPSS
Exploits0References2
Oracle linux
Oracle linux
added 2026/01/06 12:0 a.m.13 views

poppler security update

21.01.0-23 - Bump release for build inheritance - Resolves: RHEL-131792 21.01.0-22 - Check bitmap in combine - Resolves: RHEL-131795, RHEL-131792...

7.1CVSS7AI score0.00234EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.10 views

PT-2026-27736

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s scheduling logic related to SCHED DEADLINE tasks. Specifically, when a SCHED DEADLINE task changes to a lower priority class using sched setscheduler,...

7.8CVSS5.5AI score0.00177EPSS
Exploits0References71
NVD
NVD
added 2025/12/17 7:16 p.m.6 views

CVE-2025-13326

Mattermost Desktop App versions 6.0.0 fail to enable the Hardened Runtime on the Mattermost Desktop App when packaged for Mac App Store which allows an attacker to inherit TCC permissions via copying the binary to a tmp folder...

3.9CVSS0.00097EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/17 6:14 p.m.36 views

CVE-2025-13326 Mattermost Desktop App fails to enable Hardened Runtime when packaged for Mac App Store

Mattermost Desktop App versions 6.0.0 fail to enable the Hardened Runtime on the Mattermost Desktop App when packaged for Mac App Store which allows an attacker to inherit TCC permissions via copying the binary to a tmp folder...

3.9CVSS0.00097EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/15 10:30 a.m.32 views

CVE-2025-14714 TCC Bypass via Inherited Permissions in Bundled Interpreter

An Authentication Bypass vulnerability existed where the application bundled an interpreter Python that inherits the Transparency, Consent, and Control TCC permissions granted by the user to the main application bundle By executing the bundled interpreter directly the attacker's scripts run with...

4.3CVSS0.00122EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/12/11 12:0 a.m.8 views

EulerOS 2.0 SP13 : proftpd (EulerOS-SA-2025-2507)

According to the versions of the proftpd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental...

7.5CVSS7.3AI score0.02204EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/12/11 12:0 a.m.4 views

Huawei EulerOS: Security Advisory for proftpd (EulerOS-SA-2025-2528)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.02204EPSS
Exploits0References2
OSV
OSV
added 2025/11/14 9:45 p.m.5 views

GHSA-9X5G-62GJ-WQF2 Directus has Improper Permission Handling on Deleted Fields

Summary Directus does not properly clean up field-level permissions when a field is deleted. If a new field with the same name is created later, the system automatically re-applies the old permissions, which can lead to unauthorized access. Details When a field is removed from a collection, its...

4.6CVSS6.6AI score0.00187EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/11/14 8:59 p.m.16 views

CVE-2025-64746

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.13.0, Directus does not properly clean up field-level permissions when a field is deleted. When a field is removed from a collection, its reference in the permissions table remains intact. This...

5.4CVSS7.3AI score0.00187EPSS
Exploits1References1
NVD
NVD
added 2025/11/13 9:15 p.m.11 views

CVE-2025-64746

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.13.0, Directus does not properly clean up field-level permissions when a field is deleted. When a field is removed from a collection, its reference in the permissions table remains intact. This...

5.4CVSS0.00187EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/11/13 8:54 p.m.5 views

CVE-2025-64746 Directus has Improper Permission Handling on Deleted Fields

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.13.0, Directus does not properly clean up field-level permissions when a field is deleted. When a field is removed from a collection, its reference in the permissions table remains intact. This...

4.6CVSS6.9AI score0.00187EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.5 views

Siemens SIMATIC and SCALANCE Improper Access Control (CVE-2025-1390)

The PAM module pamcap.so of libcap configuration supports group names starting with @, during actual parsing, configurations not starting with @ are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to securi...

6.1CVSS6.6AI score0.00156EPSS
Exploits0References5
Rows per page
Query Builder