Lucene search
K

49 matches found

RedHat Linux
RedHat Linux
added 6 days ago6 views

keycloak: Keycloak: Privilege escalation via improper scope mapping enforcement

A flaw was found in Keycloak's Fine-Grained Admin Permissions FGAPv2 feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended security...

7.3CVSS5.8AI score0.00292EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/09 7:44 p.m.55 views

CVE-2026-42605 AzuraCast: Path Traversal in `currentDirectory` Parameter Enables Remote Code Execution via Media Upload

AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the currentDirectory request parameter in the Flow.js media upload endpoint POST /api/station/stationid/files/upload is not sanitized for path traversal sequences. When combined with a local filesystem...

8.8CVSS0.00832EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/22 8:7 p.m.11 views

@nocobase/plugin-collection-sql: SQL Validation Bypass Through Missing `checkSQL` Call

Summary The checkSQL validation function that blocks dangerous SQL keywords e.g., pgreadfile, LOADFILE, dblink is applied on the collections:create and sqlCollection:execute endpoints but is entirely missing on the sqlCollection:update endpoint. An attacker with collection management permissions...

7.2CVSS6.1AI score0.01833EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/07 8:37 p.m.1 views

CVE-2026-32712

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Daily Sales management table. The customername column is configured with escape: false in the bootstrap-tabl...

5.4CVSS6AI score0.00169EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/21 4:30 a.m.3 views

CVE-2026-27196 Statamic affected by privilege escalation via stored Cross-site Scripting

Statmatic is a Laravel and Git powered content management system CMS. Versions 5.73.8 and below in addition to 6.0.0-alpha.1 through 6.3.1 have a Stored XSS vulnerability in html fieldtypes which allows authenticated users with field management permissions to inject malicious JavaScript that...

8.1CVSS5.4AI score0.0028EPSS
Exploits0References3
OSV
OSV
added 2026/02/19 8:30 p.m.3 views

GHSA-8R7R-F4GM-WCPQ Statamic affected by privilege escalation via stored cross-site scripting

Impact Stored XSS vulnerability in html fieldtypes allow authenticated users with field management permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Patches This has been fixed in 6.3.2 and 5.73.9...

8.1CVSS5.5AI score0.0028EPSS
Exploits0References5
Snyk
Snyk
added 2026/02/19 8:30 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the configFieldItems function. An attacker can execute arbitrary JavaScript in the context of higher-privileged users by injecting malicious scripts as an authenticated user with field management permissions...

8.1CVSS5.6AI score0.0028EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.8 views

Quick Heal Total Security 安全漏洞

Quick Heal Total Security is a antivirus software developed by the Indian company Quick Heal. Version 23.0.0 of Quick Heal Total Security contains a security vulnerability. This vulnerability stems from insufficient validation of restore paths and improper handling of permissions in the isolation...

7.8CVSS5.8AI score0.00428EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/15 5:51 p.m.1 views

Insufficient Granularity of Access Control

Overview Affected versions of this package are vulnerable to Insufficient Granularity of Access Control in the properties API endpoint. An attacker can access and retrieve the complete list of configurable metadata definitions by sending requests as an authenticated backend user without explicit...

5.3CVSS6.7AI score0.00331EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/07 9:16 a.m.7 views

CVE-2025-68437

Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16, the Craft CMS GraphQL saveAsset mutation is vulnerable to Server-Side Request Forgery SSRF. This vulnerability arises because the file input, specifically its url parameter,...

5.9CVSS7.1AI score0.00427EPSS
Exploits1References1
EUVD
EUVD
added 2026/01/05 9:52 p.m.6 views

EUVD-2026-0845

Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16, the Craft CMS GraphQL saveAsset mutation is vulnerable to Server-Side Request Forgery SSRF. This vulnerability arises because the file input, specifically its url parameter,...

5.9CVSS6.7AI score0.00427EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/11/28 12:0 a.m.4 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS file management module, which can be exploited by an attacker to compromise service...

7.5CVSS6.6AI score0.00137EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-27069

Malware in sbrugna...

5.4CVSS5.3AI score0.00533EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-2173

Malware in sbrugna...

7.2CVSS6.2AI score0.01153EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-4846

Malware in sbrugna...

9.3CVSS7.9AI score0.00476EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.21 views

EUVD-2022-49120

Malicious code in bioql PyPI...

8CVSS7.6AI score0.01096EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-29038

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00656EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/09/27 9:42 a.m.5 views

CVE-2025-7691

A privilege escalation issue has been discovered in GitLab EE affecting all versions from 16.6 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 that could have allowed a developer with specific group management permissions to escalate their privileges and obtain unauthorized access...

8.8CVSS7.2AI score0.00347EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/26 9:5 a.m.6 views

CVE-2025-7691 Privilege Defined With Unsafe Actions in GitLab

A privilege escalation issue has been discovered in GitLab EE affecting all versions from 16.6 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 that could have allowed a developer with specific group management permissions to escalate their privileges and obtain unauthorized access...

6.5CVSS0.00347EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/25 12:0 a.m.2 views

PT-2025-39627

Name of the Vulnerable Software and Affected Versions GitLab EE versions 16.6 through 18.2.6 GitLab EE versions 18.3 through 18.3.2 GitLab EE versions 18.4 through 18.4.0 Description A privilege escalation issue exists in GitLab EE. A developer possessing specific group management permissions may...

9CVSS7.2AI score0.00347EPSS
Exploits0References10
Rows per page
Query Builder