Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2025/10/20 5:39 p.m.1 views

CVE-2025-62510 FileRise insecure folder visibility via name-based mapping and incomplete ACL checks

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In version 1.4.0, a regression allowed folder visibility/ownership to be inferred from folder names. Low-privilege users could see or interact with folders matching their username and, in some...

8.1CVSS6.8AI score0.00027EPSS
Exploits0References5
OSV
OSVadded 2025/09/09 10:31 p.m.1 views

CVE-2025-59044 Himmelblau vulnerable to GID collision via group name-derived mapping (privilege escalation)

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau 0.9.x derives numeric GIDs for Entra ID groups from the group display name when himmelblau.conf idattrmap = name the default configuration. Because Microsoft Entra ID allows multiple groups with the same...

4.4CVSS6.8AI score0.00024EPSS
Exploits0References5
CVE
CVEadded 2025/09/09 10:31 p.m.14 views

CVE-2025-59044

CVE-2025-59044 affects Himmelblau 0.9.x, where group-to-GID mapping derives numeric GIDs from Entra ID group displayName when id_attr_map = name. This can cause distinct groups sharing a displayName to collapse to the same GID on Linux, enabling privilege escalation if access is controlled by num...

4.4CVSS6.3AI score0.00024EPSS
Exploits0References3
OSV
OSVadded 2022/10/26 7:0 a.m.0 views

UBUNTU-CVE-2022-42916

In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly instead of using an insecure cleartext HTTP step even when HTTP is provided in the URL. This mechanism could be bypassed if the host nam...

7.5CVSS6.8AI score0.00048EPSS
Exploits0References4
OSV
OSVadded 2021/12/06 2:57 p.m.0 views

USN-5142-2 samba regressions

USN-5142-1 fixed vulnerabilities in Samba. Some of the upstream changes introduced regressions in name mapping and backups. Please see the following upstream bugs for more information: https://bugzilla.samba.org/showbug.cgi?id=14901 https://bugzilla.samba.org/showbug.cgi?id=14918 This update fixe...

5.9AI score
Exploits0References3
Ubuntu
Ubuntuadded 2021/12/06 2:57 p.m.118 views

USN-5142-2: Samba regressions

USN-5142-1 fixed vulnerabilities in Samba. Some of the upstream changes introduced regressions in name mapping and backups. Please see the following upstream bugs for more information: https://bugzilla.samba.org/showbug.cgi?id=14901 https://bugzilla.samba.org/showbug.cgi?id=14918 This update fixe...

7AI score
Exploits0References2
Microsoft KB
Microsoft KBadded 1970/01/01 12:0 a.m.2 views

Security update 1970-01-01

...

5.3AI score
Exploits0
Rows per page
Query Builder