Lucene search
K

30 matches found

OSV
OSV
added 2026/07/03 8:19 p.m.5 views

CVE-2026-27775 Gitea pre-receive hook permission cache allows full repository write access

Gitea 1.25.5 caches a branch-specific write-permission result across multiple refs in one pre-receive hook session, allowing a per-branch maintainer-edit grant to be reused for other refs and escalate to full repository write access...

8.8CVSS7.1AI score0.00523EPSS
Exploits0References6
OSV
OSV
added 2026/06/24 4:30 p.m.3 views

CVE-2026-53114 perf/amd/ibs: Avoid calling perf_allow_kernel() from the IBS NMI handler

In the Linux kernel, the following vulnerability has been resolved: perf/amd/ibs: Avoid calling perfallowkernel from the IBS NMI handler Calling perfallowkernel from the NMI context is unsafe and could be fatal. Capture the permission at event-initialization time by storing it in event-hw.flags,...

5.8AI score0.00154EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/10 6:59 a.m.38 views

CVE-2026-10721 Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the in Permission, Cache, and Search components

Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7...

8.4CVSS0.0014EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/02/27 12:0 a.m.8 views

Devolutions Server < 2025.3.15 Multiple Vulnerabilities (DEVO-2026-0004)

The version of Devolutions Server installed on the remote host is prior to 2025.3.15. It is, therefore, affected by multiple vulnerabilities: - A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries. CVE-2026-1768 -...

6.5CVSS6AI score0.00301EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/25 10:19 p.m.9 views

CVE-2026-1768

A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issue affects Devolutions Server: before 2025.3.15...

4.3CVSS5.4AI score0.00224EPSS
Exploits0References1
OSV
OSV
added 2026/02/24 8:27 p.m.3 views

CVE-2026-1768

A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issue affects Devolutions Server: before 2025.3.15...

4.3CVSS5.8AI score0.00224EPSS
Exploits0References1
NVD
NVD
added 2026/02/24 8:27 p.m.6 views

CVE-2026-1768

A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issue affects Devolutions Server: before 2025.3.15...

4.3CVSS0.00224EPSS
Exploits0References1
CVE
CVE
added 2026/02/24 7:1 p.m.16 views

CVE-2026-1768

CVE-2026-1768 describes a permission cache poisoning vulnerability in Devolutions Server that allows authenticated users to bypass permissions and access entries. Affected are Devolutions Server versions prior to 2025.3.15. The issue is confirmed across multiple sources and is addressed by upgrad...

4.3CVSS5.4AI score0.00224EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/24 7:1 p.m.1 views

CVE-2026-1768

A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issue affects Devolutions Server: before 2025.3.15...

4.3CVSS5.9AI score0.00224EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/24 7:1 p.m.3 views

CVE-2026-1768

A permission cache poisoning vulnerability in Devolutions Server allows authenticated users to bypass permissions to access entries.This issue affects Devolutions Server: before 2025.3.15...

5.9AI score0.00224EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.11 views

PT-2026-21786

Name of the Vulnerable Software and Affected Versions Devolutions Server versions prior to 2025.3.15 Description An authenticated user can bypass permissions and access entries due to a permission cache poisoning issue in Devolutions Server. Recommendations Update Devolutions Server to version...

5.2AI score0.00224EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/07 9:29 a.m.14 views

CVE-2019-12617

In SilverStripe through 4.3.3, there is access escalation for CMS users with limited access through permission cache pollution...

4CVSS7.1AI score0.00855EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2014-8663

Malware in sbrugna...

2.1CVSS6.2AI score0.00334EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2019-0733

Malware in sbrugna...

4CVSS3.6AI score0.00855EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-1908

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.01273EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 4:3 p.m.18 views

CVE-2020-2286

Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an outdated configuration...

8.8CVSS6.7AI score0.01273EPSS
Exploits0
Grafana
Grafana
added 2022/04/12 12:0 a.m.9 views

Grafana fine-grained access control API Key privilege escalation

Grafana is an open-source platform for monitoring and observability. When fine-grained access control is enabled and a client uses Grafana API Key to make requests, the permissions for that API Key are cached for 30 seconds for the given organization. Because of the way the cache ID is constructe...

8.8CVSS7.3AI score0.02322EPSS
Exploits0
Prion
Prion
added 2020/10/08 1:15 p.m.23 views

Default configuration

Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an outdated configuration...

6.8CVSS8.6AI score0.01273EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/10/08 12:40 p.m.82 views

CVE-2020-2286

Summary: CVE-2020-2286 affects Jenkins Role-based Authorization Strategy Plugin versions 3.0 and earlier. The vulnerability stems from not properly invalidating the permission cache when configuration changes, causing permissions to be granted based on an outdated policy. Affected component: Role...

8.8CVSS8.6AI score0.01273EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2020/10/08 12:40 p.m.31 views

CVE-2020-2286

Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an outdated configuration...

8.8CVSS2.1AI score0.01273EPSS
Exploits0References2
Rows per page
Query Builder