Lucene search
K

286 matches found

CVE
CVE
added 2026/05/12 2:18 p.m.19 views

CVE-2026-7431

Affected product: Ivanti Secure Access Client. Vulnerabilities (pre-22.8R6): 7431 involves an incorrect permission assignment on a critical resource, enabling a local authenticated user to read/modify sensitive log data via write access to a shared memory section. 7432 is a race condition that al...

4.4CVSS5.8AI score0.00176EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/12 2:18 p.m.6 views

CVE-2026-7431

An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section...

4.4CVSS5.8AI score0.00176EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 2:18 p.m.33 views

CVE-2026-7431

An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section...

4.4CVSS0.00176EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Ivanti Secure Access Client 安全漏洞

Ivanti Secure Access Client is a security software client developed by the American company Ivanti. Vulnerabilities existed in versions of Ivanti Secure Access Client prior to 22.8R6. These vulnerabilities were due to improper permission allocation for critical resources, which could allow locall...

4.4CVSS5.8AI score0.00176EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.16 views

PT-2026-40038

Name of the Vulnerable Software and Affected Versions Ivanti Secure Access Client versions prior to 22.8R6 Description An incorrect permission assignment for a critical resource allows a local authenticated user to read or modify sensitive log data. This is possible through write access to a shar...

7.8CVSS5.8AI score0.00284EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Flowsint 访问控制错误漏洞

Flowsint is an open-source intelligence visualization tool developed by reconurge. Versions of Flowsint prior to 1.2.3 contained a access control vulnerability. This vulnerability stemmed from ineffective access control, which could allow unauthorized users to read log data of other users...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/10 3:31 p.m.13 views

EUVD-2021-34796

Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint wi...

8.8CVSS6.7AI score0.00927EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/10 3:31 p.m.9 views

Sentry: Superusers can execute arbitrary commands by injecting malicious pickle-serialized objects through audit log entry data parameter

Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint wi...

8.8CVSS6.7AI score0.00927EPSS
Exploits1References8Affected Software1
NVD
NVD
added 2026/05/10 1:16 p.m.18 views

CVE-2021-47935

Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint wi...

8.8CVSS0.00927EPSS
Exploits1References3
PyPA
PyPA
added 2026/05/10 1:16 p.m.18 views

PYSEC-2026-131

Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint wi...

8.8CVSS6.7AI score0.00927EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/05/10 1:16 p.m.13 views

PYSEC-2026-131

Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint wi...

8.8CVSS6.7AI score0.00927EPSS
Exploits1References4
CVE
CVE
added 2026/05/10 12:43 p.m.13 views

CVE-2021-47935

CVE-2021-47935 affects Sentry 8.2.0 and describes a remote code execution via pickle deserialization. The root cause is deserialization of malicious pickle-serialized objects injected into the audit log entry data parameter. An authenticated superuser can submit crafted POST requests to the admin...

8.8CVSS6.7AI score0.00927EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/10 12:43 p.m.12 views

CVE-2021-47935

Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint wi...

8.8CVSS6.7AI score0.00927EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/05/10 12:43 p.m.38 views

CVE-2021-47935 Sentry 8.2.0 Remote Code Execution via Pickle Deserialization

Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint wi...

8.8CVSS0.00927EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/10 12:0 a.m.14 views

PT-2026-39510

Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by injecting malicious pickle-serialized objects through the audit log entry data parameter. Attackers can submit crafted POST requests to the admin audit log endpoint wi...

8.8CVSS6.7AI score0.00927EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.19 views

PT-2026-37309

Name of the Vulnerable Software and Affected Versions YetAnotherForum.NET YAF.NET versions prior to 4.0.5 YetAnotherForum.NET YAF.NET versions prior to 3.2.12 Description Stored Cross-Site Scripting XSS occurs when attacker-controlled input is persisted and later rendered without proper...

8.1CVSS5.8AI score0.00282EPSS
Exploits0References6
Packet Storm News
Packet Storm News
added 2026/04/27 12:0 a.m.22 views

A Systematic Literature Review for Transformer-Based Software Vulnerability Detection

Context: Software vulnerabilities pose significant security threats to software systems, especially as software is increasingly used across many areas of daily life, including health, government, and finance. Recently, transformer-based models have demonstrated promising results in automatic...

5.5AI score
Exploits0
Snyk
Snyk
added 2026/04/08 9:0 p.m.6 views

Improper Encoding or Escaping of Output

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in JsonAccessLogValve, which relies on an unescaped append in generating JSON logs. If non-default values are used for th...

7.5CVSS5.8AI score0.00461EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.8 views

IBM Tivoli Netcool Impact 日志信息泄露漏洞

IBM Tivoli Netcool Impact is a suite of network management software from International Business Machines IBM. The software has the ability to automate business-critical functions and provide a platform that provides unified access to real-time data, events and indicators. IBM Tivoli Netcool Impac...

8.4CVSS5.8AI score0.00116EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/27 3:30 p.m.4 views

EUVD-2024-55508

Insertion of Sensitive Information into Log File vulnerability in the SCIM Driver module in OpenText IDM Driver and Extensions on Windows, Linux, 64 bit allows authenticated local users to obtain sensitive information via access to log files. This issue affects IDM SCIM Driver: 1.0.0.0000 through...

7.3CVSS5.9AI score0.00109EPSS
Exploits0References3
Rows per page
Query Builder