Lucene search
K

207 matches found

Veracode
Veracode
added 2025/03/28 2:37 a.m.10 views

Unauthorized Object Creation And Deletion

kcp is vulnerable to unauthorized object creation and deletion. The vulnerability is due to improper enforcement of access controls in the APIExport VirtualWorkspace, allowing object creation and deletion in arbitrary workspaces without proper authorization checks...

9.6CVSS7.1AI score0.00348EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/03/25 7:38 p.m.29 views

GO-2025-3538 kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace in github.com/kcp-dev/kcp

kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace in github.com/kcp-dev/kcp...

9.6CVSS9.3AI score0.00348EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/03/20 6:49 p.m.25 views

kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace

Impact The APIExport Virtual Workspace can be used to manage objects in workspaces that bind that APIExport for resources defined in the APIExport or specified and accepted via permission claims. This allows an API provider via their APIExport scoped down access to workspaces of API consumers to...

9.6CVSS6.7AI score0.00348EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/03/20 5:49 p.m.11 views

CVE-2025-29922 kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace

kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.26.3, the identified vulnerability allows creating or deleting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existing resources. By...

9.6CVSS5.3AI score0.00348EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/03/20 5:49 p.m.22 views

CVE-2025-29922 kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace

kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.26.3, the identified vulnerability allows creating or deleting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existing resources. By...

9.6CVSS9.3AI score0.00348EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/03/20 5:49 p.m.29 views

CVE-2025-29922 kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace

kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.26.3, the identified vulnerability allows creating or deleting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existing resources. By...

9.6CVSS0.00348EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.4 views

PT-2025-12365

Name of the Vulnerable Software and Affected Versions kcp versions prior to 0.26.3 Description The issue allows creating or deleting an object via the APIExport VirtualWorkspace in any arbitrary target workspace for pre-existing resources, even if there is no APIBinding in that workspace or the...

9.8CVSS7AI score0.99098EPSS
Exploits23References56
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.19 views

Linux Distros Unpatched Vulnerability : CVE-2020-10663

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability...

7.5CVSS7AI score0.06811EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/11/17 12:0 a.m.3 views

Samba 权限许可和访问控制问题漏洞

Samba is a Samba open source suite of standard Windows interoperability programs for Linux and Unix. Samba suffers from a Permission Permission and Access Control Issue vulnerability that stems from the lack of access control lists during object creation, which can lead to unexpected elevation of...

7.5CVSS6.8AI score0.00484EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/08/07 6:30 p.m.25 views

Pulp incorrectly assigns RBAC permissions in tasks that create objects

A flaw was found in the Pulp package. When a role-based access control RBAC object in Pulp is set to assign permissions on its creation, it uses the AutoAddObjPermsMixin typically the addrolesforobjectcreator method. This method finds the object creator by checking the current authenticated user...

8.3CVSS6.4AI score0.0061EPSS
Exploits0References7Affected Software1
CNNVD
CNNVD
added 2024/08/07 12:0 a.m.6 views

Pulp 安全漏洞

Pulp is an open source project from Pulp Open Source that enables developers to easily fetch, upload and distribute software packages locally or in the cloud. A security vulnerability exists in Pulp that stems from a problem with the way role-based access control objects are assigned permissions ...

8.3CVSS6.6AI score0.0061EPSS
Exploits0References6
Veracode
Veracode
added 2024/05/24 7:22 a.m.15 views

Improper Authorization

silverstripe/cms is vulnerable to Improper Authorization. The vulnerability is due to insufficient permission checks during SiteTree object creation, allowing unauthorized users to create new SiteTree objects...

6.9AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2024/05/03 3:15 a.m.3 views

CVE-2023-39478

Softing Secure Integration Server Exposure of Resource to Wrong Sphere Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this...

8.8CVSS5.6AI score0.01252EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/04/15 6:15 p.m.15 views

CVE-2023-45808

iTop is an IT service management platform. When creating or updating an object, extkey values aren't checked to be in the current user silo. In other words, by forging an http request, the user can create objects pointing to out of silo objects for example a UserRequest in an out of scope...

5.4CVSS4.4AI score0.00336EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/04/15 5:28 p.m.16 views

CVE-2023-45808 iTop missing silo check on extkey in console and portal

iTop is an IT service management platform. When creating or updating an object, extkey values aren't checked to be in the current user silo. In other words, by forging an http request, the user can create objects pointing to out of silo objects for example a UserRequest in an out of scope...

4.1CVSS6.9AI score0.00336EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/04/15 5:28 p.m.21 views

CVE-2023-45808 iTop missing silo check on extkey in console and portal

iTop is an IT service management platform. When creating or updating an object, extkey values aren't checked to be in the current user silo. In other words, by forging an http request, the user can create objects pointing to out of silo objects for example a UserRequest in an out of scope...

4.1CVSS4.8AI score0.00336EPSS
Exploits0References3
CVE
CVE
added 2024/04/15 5:28 p.m.56 views

CVE-2023-45808

CVE-2023-45808 – iTop silo check bypass Affected software: Combodo iTop (IT service management platform). Issue: When creating or updating objects, extkey values aren’t checked against the current user silo, allowing forged HTTP requests to reference out-of-silo objects (e.g., a UserRequest in an...

5.4CVSS6.8AI score0.00336EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.6 views

iTop 安全漏洞

iTop is a platform that provides all the resources needed to optimize iTop. A security vulnerability exists in iTop versions 2.7.10, 3.0.4, 3.1.1, and 3.2.0 that stems from permissions that do not check the extkey value when creating or updating an object...

5.4CVSS7.8AI score0.00336EPSS
Exploits0References4
Veracode
Veracode
added 2024/04/12 12:27 p.m.17 views

Prototype Pollution

mysql2 is vulnerable to Prototype Pollution. The vulnerability is due to insecure object creation and improper user input sanitization which is passed through the parserFn method in both textparser.js and binaryparser.js...

6.5CVSS7AI score0.00962EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/04/10 3:30 p.m.22 views

mysql2 vulnerable to Prototype Poisoning

Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in textparser.js and binaryparser.js...

6.5CVSS7AI score0.00962EPSS
Exploits1References8Affected Software1
Rows per page
Query Builder