28 matches found
CVE-2026-10721 Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the in Permission, Cache, and Search components
Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7...
Devolutions Server < 2025.3.15 Multiple Vulnerabilities (DEVO-2026-0004)
The version of Devolutions Server installed on the remote host is prior to 2025.3.15. It is, therefore, affected by multiple vulnerabilities: - A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries. CVE-2026-1768 -...
CVE-2026-1768
A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issue affects Devolutions Server: before 2025.3.15...
CVE-2026-1768
A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issue affects Devolutions Server: before 2025.3.15...
CVE-2026-1768
A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issue affects Devolutions Server: before 2025.3.15...
CVE-2026-1768
A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issue affects Devolutions Server: before 2025.3.15...
CVE-2026-1768
CVE-2026-1768 describes a permission cache poisoning vulnerability in Devolutions Server that allows authenticated users to bypass permissions and access entries. Affected are Devolutions Server versions prior to 2025.3.15. The issue is confirmed across multiple sources and is addressed by upgrad...
CVE-2026-1768
A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issue affects Devolutions Server: before 2025.3.15...
PT-2026-21786
Name of the Vulnerable Software and Affected Versions Devolutions Server versions prior to 2025.3.15 Description An authenticated user can bypass permissions and access entries due to a permission cache poisoning issue in Devolutions Server. Recommendations Update Devolutions Server to version...
CVE-2019-12617
In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution...
EUVD-2014-8663
Malware in sbrugna...
EUVD-2019-0733
Malware in sbrugna...
EUVD-2022-1908
Malicious code in bioql PyPI...
CVE-2020-2286
Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an outdated configuration...
Grafana fine-grained access control API Key privilege escalation
Grafana is an open-source platform for monitoring and observability. When fine-grained access control is enabled and a client uses Grafana API Key to make requests, the permissions for that API Key are cached for 30 seconds for the given organization. Because of the way the cache ID is constructe...
Default configuration
Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an outdated configuration...
CVE-2020-2286
Summary: CVE-2020-2286 affects Jenkins Role-based Authorization Strategy Plugin versions 3.0 and earlier. The vulnerability stems from not properly invalidating the permission cache when configuration changes, causing permissions to be granted based on an outdated policy. Affected component: Role...
CVE-2020-2286
Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an outdated configuration...
PT-2020-15516 · Jenkins · Jenkins Role-Based Authorization Strategy Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Role-based Authorization Strategy Plugin versions 3.0 and earlier Description: The issue arises from the improper invalidation of a permission cache when the configuration is changed, resulting in permissions being granted based on an...
GHSA-6R58-4XGR-GM6M SilverStripe Priviledge escalation through cache pollution
In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution...