Lucene search
+L

38130 matches found

OSV
OSV
added 1 hour ago2 views

GHSA-MHWW-P97M-3368 AWS-JDBC Wrapper: Privilege Escalation in Aurora PostgreSQL instance

Aurora PostgreSQL is a fully managed relational database engine that's compatible with PostgreSQL. The team has identified CVE-2026-11400, an issue in Aurora PostgreSQL using the AWS Advanced JDBC Wrapper Impact An issue in AWS Wrappers for Amazon Aurora PostgreSQL will allow for privilege...

8.6CVSS5.3AI score0.00305EPSS
Exploits0References6
NVD
NVD
added 2 hours ago3 views

CVE-2026-16106

A flaw was found in the admin REST API of Keycloak, a solution for identity and access management. The issue occurs when a delegated administrator attempts to remove a child role from a composite role. Due to missing authorization checks, an attacker with limited administrative permissions can...

4.9CVSS
Exploits0References2
Cvelist
Cvelist
added 3 hours ago8 views

CVE-2026-16106 Keycloak-services: keycloak-services: incorrect authorization in admin role-composite deletion allows delegated admin to remove privileged child roles

A flaw was found in the admin REST API of Keycloak, a solution for identity and access management. The issue occurs when a delegated administrator attempts to remove a child role from a composite role. Due to missing authorization checks, an attacker with limited administrative permissions can...

4.9CVSS
Exploits0References2
Vulnrichment
Vulnrichment
added 3 hours ago5 views

CVE-2026-16106 Keycloak-services: keycloak-services: incorrect authorization in admin role-composite deletion allows delegated admin to remove privileged child roles

A flaw was found in the admin REST API of Keycloak, a solution for identity and access management. The issue occurs when a delegated administrator attempts to remove a child role from a composite role. Due to missing authorization checks, an attacker with limited administrative permissions can...

4.9CVSS5.3AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 3 hours ago2 views

CVE-2026-16106

A flaw was found in the admin REST API of Keycloak, a solution for identity and access management. The issue occurs when a delegated administrator attempts to remove a child role from a composite role. Due to missing authorization checks, an attacker with limited administrative permissions can...

4.9CVSS5.3AI score
Exploits0References3
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-45224

A flaw was found in the admin REST API of Keycloak, a solution for identity and access management. The issue occurs when a delegated administrator attempts to remove a child role from a composite role. Due to missing authorization checks, an attacker with limited administrative permissions can...

4.9CVSS5.3AI score
Exploits0References2
CVE
CVE
added 3 hours ago8 views

CVE-2026-16106

CVE-2026-16106 refers to Keycloak, specifically the admin REST API. The issue arises when a delegated administrator attempts to remove a child role from a composite role, bypassing authorization checks. This can allow a user with limited admin permissions to remove privileged roles they are not a...

4.9CVSS5.3AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 3 hours ago3 views

CVE-2026-16106

A flaw was found in the admin REST API of Keycloak, a solution for identity and access management. The issue occurs when a delegated administrator attempts to remove a child role from a composite role. Due to missing authorization checks, an attacker with limited administrative permissions can...

4.9CVSS4.9AI score
Exploits0References3
NVD
NVD
added 3 hours ago4 views

CVE-2026-63100

Maybe through 0.6.0 contains a missing authorization vulnerability that allows authenticated low-privilege member-role users to access and modify global hosting settings by exploiting unprotected show and update actions in the Settings::HostingsController, where the beforeaction ensureadmin filte...

7.1CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 3 hours ago2 views

CVE-2026-63100

Maybe through 0.6.0 contains a missing authorization vulnerability that allows authenticated low-privilege member-role users to access and modify global hosting settings by exploiting unprotected show and update actions in the Settings::HostingsController, where the beforeaction ensureadmin filte...

7.1CVSS5.3AI score
Exploits0References3
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-45199

Maybe through 0.6.0 contains a missing authorization vulnerability that allows authenticated low-privilege member-role users to access and modify global hosting settings by exploiting unprotected show and update actions in the Settings::HostingsController, where the beforeaction ensureadmin filte...

7.1CVSS5.3AI score
Exploits0References2
Cvelist
Cvelist
added 3 hours ago8 views

CVE-2026-63100 Maybe 0.6.0 Missing Authorization via HostingsController show/update

Maybe through 0.6.0 contains a missing authorization vulnerability that allows authenticated low-privilege member-role users to access and modify global hosting settings by exploiting unprotected show and update actions in the Settings::HostingsController, where the beforeaction ensureadmin filte...

7.1CVSS
Exploits0References2
CVE
CVE
added 3 hours ago8 views

CVE-2026-63100

CVE-2026-63100 describes a missing authorization vulnerability in the Settings::HostingsController (through version 0.6.0). Authenticated low-privilege member-role users can access and modify global hosting settings because the before_action ensure_admin filter is only applied to the clear_cache ...

7.1CVSS5.3AI score
Exploits0References2
NCSC
NCSC
added 5 hours ago2 views

Vulnerabilities in Splunk Enterprise and Splunk Cloud Platform

Splunk has identified vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. The first vulnerability relates to insufficient CSRF protection and input validation in the Deployment Server endpoints. This allows attackers to execute arbitrary SPL queries under the Splunk-system-user contex...

8.3CVSS5.7AI score0.00381EPSS
Exploits0References3
The Hacker News
The Hacker News
added 8 hours ago8 views

The Race to Field Military Autonomy Is On, Can Trusted Information Infrastructure Keep Pace?

Military forces are under increasing pressure to field autonomous capabilities faster than ever before. Across the U.S., UK, and NATO, new investment, evolving defense strategies, and accelerated acquisition pathways are transforming how capability is delivered, rewarding programs that can move...

5.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 10 hours ago3 views

kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected role

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM x86 shadow paging mechanism. This vulnerability occurs when a host page directory entry PDE mapping is changed from within the guest, leading to an unexpected role mismatch in shadow paging. This mismatch can cause a...

7.6AI score0.00176EPSS
Exploits5References6
RedHat Linux
RedHat Linux
added 10 hours ago3 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring Syst...

8.8CVSS6.8AI score0.00176EPSS
Exploits5References4
NVD
NVD
added 12 hours ago5 views

CVE-2026-9810

The AI Copilot WordPress plugin before 1.5.4 does not bind OAuth access tokens to a WordPress user, and accepts any valid token as an administrator session, allowing unauthenticated attackers who complete the public OAuth flow to execute privileged MCP tools as an administrator, including arbitra...

9.8CVSS
Exploits0References1
NVD
NVD
added 12 hours ago4 views

CVE-2026-11961

The User Registration & Membership WordPress plugin before 5.2.3 does not validate that the membership tier submitted during public registration is one of the tiers allowed by the registration form before assigning that tier's associated user role, allowing unauthenticated users to register into ...

8.1CVSS
Exploits0References1
The Hacker News
The Hacker News
added 13 hours ago9 views

CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a newly patched security flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities KEV catalog, requiring Federal Civilian Executive Branch FCEB agencies to apply the fixes by July 19, 2026. T...

9.8CVSS7.5AI score0.01296EPSS
Exploits0
Rows per page
Query Builder