CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

27 matches found

Tenable Nessus•added 2026/02/27 12:0 a.m.•5 views

Devolutions Server < 2025.3.15 Multiple Vulnerabilities (DEVO-2026-0004)

The version of Devolutions Server installed on the remote host is prior to 2025.3.15. It is, therefore, affected by multiple vulnerabilities: - A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries. CVE-2026-1768 -...

6.5CVSS6AI score0.00048EPSS

Exploits0References3

RedhatCVE•added 2026/02/25 10:19 p.m.•3 views

CVE-2026-1768

A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issue affects Devolutions Server: before 2025.3.15...

4.3CVSS5.4AI score0.00032EPSS

Exploits0References1

OSV•added 2026/02/24 8:27 p.m.•0 views

CVE-2026-1768

A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issue affects Devolutions Server: before 2025.3.15...

4.3CVSS5.8AI score

Exploits0References1

NVD•added 2026/02/24 8:27 p.m.•1 views

CVE-2026-1768

A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issue affects Devolutions Server: before 2025.3.15...

4.3CVSS0.00032EPSS

Exploits0References1

ATTACKERKB•added 2026/02/24 7:1 p.m.•0 views

CVE-2026-1768

A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issue affects Devolutions Server: before 2025.3.15...

4.3CVSS5.9AI score0.00032EPSS

Exploits0References2

CVE•added 2026/02/24 7:1 p.m.•4 views

CVE-2026-1768

CVE-2026-1768 describes a permission cache poisoning vulnerability in Devolutions Server where authenticated users can bypass permissions to access entries. Affected: Devolutions Server, prior to 2025.3.15. The description does not specify exploit details, affected components, root cause beyond a...

4.3CVSS5.4AI score0.00032EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/02/24 7:1 p.m.•2 views

CVE-2026-1768

A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issue affects Devolutions Server: before 2025.3.15...

5.9AI score0.00032EPSS

Exploits0References1

Positive Technologies•added 2026/02/24 12:0 a.m.•3 views

PT-2026-21786

Name of the Vulnerable Software and Affected Versions Devolutions Server versions prior to 2025.3.15 Description An authenticated user can bypass permissions and access entries due to a permission cache poisoning issue in Devolutions Server. Recommendations Update Devolutions Server to version...

5.2AI score0.00032EPSS

Exploits0References3

RedhatCVE•added 2026/01/07 9:29 a.m.•8 views

CVE-2019-12617

In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution...

4CVSS7.1AI score0.00304EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2014-8663

Malware in sbrugna...

2.1CVSS6.2AI score0.00051EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-0733

Malware in sbrugna...

4CVSS3.6AI score0.00304EPSS

Exploits0References8

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-1908

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.001EPSS

Exploits0References3

RedhatCVE•added 2025/05/22 4:3 p.m.•4 views

CVE-2020-2286

Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an outdated configuration...

8.8CVSS6.7AI score0.001EPSS

Exploits0

Grafana•added 2022/04/12 12:0 a.m.•4 views

Grafana fine-grained access control API Key privilege escalation

Grafana is an open-source platform for monitoring and observability. When fine-grained access control is enabled and a client uses Grafana API Key to make requests, the permissions for that API Key are cached for 30 seconds for the given organization. Because of the way the cache ID is constructe...

8.8CVSS7.3AI score0.00261EPSS

Exploits0

Prion•added 2020/10/08 1:15 p.m.•17 views

Default configuration

6.8CVSS8.6AI score0.001EPSS

Exploits0References2Affected Software1

CVE•added 2020/10/08 12:40 p.m.•71 views

CVE-2020-2286

Summary: CVE-2020-2286 affects Jenkins Role-based Authorization Strategy Plugin versions 3.0 and earlier. The vulnerability stems from not properly invalidating the permission cache when configuration changes, causing permissions to be granted based on an outdated policy. Affected component: Role...

8.8CVSS8.6AI score0.001EPSS

Exploits0References2Affected Software1

AlpineLinux•added 2020/10/08 12:40 p.m.•27 views

CVE-2020-2286

8.8CVSS2.1AI score0.001EPSS

Exploits0References2

Positive Technologies•added 2020/10/08 12:0 a.m.•3 views

PT-2020-15516 · Jenkins · Jenkins Role-Based Authorization Strategy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Role-based Authorization Strategy Plugin versions 3.0 and earlier Description: The issue arises from the improper invalidation of a permission cache when the configuration is changed, resulting in permissions being granted based on an...

8.8CVSS8.5AI score0.001EPSS

Exploits0References5

OSV•added 2019/11/12 11:1 p.m.•19 views

GHSA-6R58-4XGR-GM6M SilverStripe Priviledge escalation through cache pollution

In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution...

2.7CVSS3.7AI score0.00304EPSS

Exploits0References7

NVD•added 2019/09/26 12:15 p.m.•11 views

CVE-2019-12617

In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution...

4CVSS4AI score0.00304EPSS

Exploits0References4