30 matches found
CVE-2026-27775 Gitea pre-receive hook permission cache allows full repository write access
Gitea 1.25.5 caches a branch-specific write-permission result across multiple refs in one pre-receive hook session, allowing a per-branch maintainer-edit grant to be reused for other refs and escalate to full repository write access...
CVE-2026-53114 perf/amd/ibs: Avoid calling perf_allow_kernel() from the IBS NMI handler
In the Linux kernel, the following vulnerability has been resolved: perf/amd/ibs: Avoid calling perfallowkernel from the IBS NMI handler Calling perfallowkernel from the NMI context is unsafe and could be fatal. Capture the permission at event-initialization time by storing it in event-hw.flags,...
CVE-2026-10721 Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the in Permission, Cache, and Search components
Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7...
Devolutions Server < 2025.3.15 Multiple Vulnerabilities (DEVO-2026-0004)
The version of Devolutions Server installed on the remote host is prior to 2025.3.15. It is, therefore, affected by multiple vulnerabilities: - A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries. CVE-2026-1768 -...
CVE-2026-1768
A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issue affects Devolutions Server: before 2025.3.15...
CVE-2026-1768
A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issue affects Devolutions Server: before 2025.3.15...
CVE-2026-1768
A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issue affects Devolutions Server: before 2025.3.15...
CVE-2026-1768
CVE-2026-1768 describes a permission cache poisoning vulnerability in Devolutions Server that allows authenticated users to bypass permissions and access entries. Affected are Devolutions Server versions prior to 2025.3.15. The issue is confirmed across multiple sources and is addressed by upgrad...
CVE-2026-1768
A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issue affects Devolutions Server: before 2025.3.15...
CVE-2026-1768
A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issue affects Devolutions Server: before 2025.3.15...
PT-2026-21786
Name of the Vulnerable Software and Affected Versions Devolutions Server versions prior to 2025.3.15 Description An authenticated user can bypass permissions and access entries due to a permission cache poisoning issue in Devolutions Server. Recommendations Update Devolutions Server to version...
CVE-2019-12617
In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution...
EUVD-2014-8663
Malware in sbrugna...
EUVD-2019-0733
Malware in sbrugna...
EUVD-2022-1908
Malicious code in bioql PyPI...
CVE-2020-2286
Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an outdated configuration...
Grafana fine-grained access control API Key privilege escalation
Grafana is an open-source platform for monitoring and observability. When fine-grained access control is enabled and a client uses Grafana API Key to make requests, the permissions for that API Key are cached for 30 seconds for the given organization. Because of the way the cache ID is constructe...
Default configuration
Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an outdated configuration...
CVE-2020-2286
Summary: CVE-2020-2286 affects Jenkins Role-based Authorization Strategy Plugin versions 3.0 and earlier. The vulnerability stems from not properly invalidating the permission cache when configuration changes, causing permissions to be granted based on an outdated policy. Affected component: Role...
CVE-2020-2286
Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an outdated configuration...