Lucene search
K

4 matches found

EUVD
EUVD
added 2026/05/06 6:30 p.m.7 views

EUVD-2026-27844

Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root organization the lowest authenticated role, holding only READRESULTS permission can issue a single authenticated HTTP GET that can read any files...

6.8CVSS5.7AI score0.00236EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/06 2:50 p.m.8 views

CVE-2026-6863

Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root organization the lowest authenticated role, holding only READRESULTS permission can issue a single authenticated HTTP GET that can read any files...

6.8CVSS5.7AI score0.00236EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.15 views

PT-2026-37643

Name of the Vulnerable Software and Affected Versions Velociraptor versions prior to 0.76.4 Description A cross organization authorization bypass exists in the HTTP API. A user assigned the reader role in the root organization, which possesses only READ RESULTS permission, can perform an...

6.8CVSS5.7AI score0.00236EPSS
Exploits0References9
OSV
OSV
added 2016/08/19 9:59 p.m.13 views

CVE-2016-4451

The 1 Organization and 2 Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users with unlimited filters to bypass organization and location restrictions and read or modify data for an arbitrary organization by leveraging knowledge of the id of that...

5CVSS8.4AI score
Exploits0References4
Rows per page
Query Builder