Lucene search
K

16 matches found

ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-9640

A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regarding the handling of project-restriction policies during snapshot restoration.. An authenticated project operator in a restricted multi-tenant environment can bypass policy...

7.2CVSS5.8AI score0.00329EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/04/16 12:54 a.m.3 views

EUVD-2026-23126

A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates ...

9.1CVSS5.7AI score0.00357EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/15 9:34 p.m.18 views

CVE-2026-6388 Argocd-image-updater: argocd image updater: cross-namespace privilege escalation via insufficient namespace validation

A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates ...

9.1CVSS0.00357EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/16 4:43 p.m.3 views

Race Condition

Overview @nyariv/sandboxjs is a Javascript sandboxing library. Affected versions of this package are vulnerable to Race Condition through the global currentTicks.current state shared between concurrent sandboxes. An attacker can consume excessive CPU resources and bypass execution quotas by...

4.8CVSS6AI score0.00148EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2016-6341

Malware in sbrugna...

6.8CVSS6.4AI score0.02464EPSS
Exploits0References4
NVD
NVD
added 2024/06/27 10:15 a.m.22 views

CVE-2024-0949

Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass. This issue affects Elektraweb: before v17.0.68...

9.8CVSS0.00528EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/27 9:36 a.m.25 views

CVE-2024-0949 Improper Access Control in Talya Informatics' Elektraweb

Missing Authentication, Files or Directories Accessible to External Parties, Use of Hard-coded Credentials vulnerability in Talya Informatics Elektraweb allows Authentication Bypass. This issue affects Elektraweb: before v17.0.68...

9.8CVSS0.00528EPSS
Exploits0References2
CVE
CVE
added 2024/06/27 9:36 a.m.63 views

CVE-2024-0949

CVE-2024-0949 affects Talya Informatics’ Elektraweb prior to 17.0.68. The issue is described as Missing Authentication and Use of Hard-coded Credentials that enables Authentication Bypass due to improper access control, potentially exposing files/directories externally and impacting confidentiali...

9.8CVSS5.8AI score0.00528EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/05/06 12:51 p.m.19 views

CVE-2021-1515 Cisco SD-WAN vManage Information Disclosure Vulnerability

A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to gain access to sensitive information. This vulnerability is due to improper access controls on API endpoints when Cisco SD-WAN vManage Software is running in multi-tenant mode. An attacker with...

4.3CVSS4.9AI score0.00367EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/04/22 7:37 p.m.22 views

CVE-2021-0235 Junos OS: SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series: In a multi-tenant environment, a tenant host administrator may configure logical firewall isolation affecting other tenant networks

On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, vSRX Series devices using tenant services on Juniper Networks Junos OS, due to incorrect permission scheme assigned to tenant system administrators, a tenant system administrator may inadvertently send their network traffic to...

7.3CVSS7.3AI score0.00236EPSS
Exploits0References1
Veracode
Veracode
added 2019/01/15 9:12 a.m.23 views

Information Disclosure

github.com/openshift/origin is vulnerable to information disclosure. The vulnerability is possible because kubernetes watch cache does not return the correct data in a multi tenant environment, revealing the data of a user to another user...

6.5CVSS5.9AI score0.02464EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2017/04/27 9:1 a.m.177 views

Information Disclosure

github.com/openshift/origin is vulnerable to information disclosure. The vulnerability is possible because kubernetes watch cache does not return the correct data in a multi tenant environment, revealing the data of a user to another user...

6.8CVSS5.9AI score0.02464EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2016/08/05 3:59 p.m.31 views

CVE-2016-5392

The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list...

6.8CVSS6.1AI score0.02464EPSS
Exploits0References3
Prion
Prion
added 2016/08/05 3:59 p.m.21 views

Information disclosure

The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list...

6.8CVSS6.2AI score0.02464EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2016/08/05 3:0 p.m.39 views

CVE-2016-5392

The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list...

6.1AI score0.02464EPSS
Exploits0References3
CVE
CVE
added 2016/08/05 3:0 p.m.59 views

CVE-2016-5392

The CVE-2016-5392 vulnerability affects Red Hat OpenShift Enterprise 3.2 deployments where the Kubernetes API server’s watch cache allows a remote, authenticated user who knows other project names to disclose sensitive project and user information. The root cause is an input validation error in t...

6.8CVSS5.9AI score0.02464EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder