Lucene search
K

46 matches found

NVD
NVD
added 5 days ago8 views

CVE-2026-57995

phpMyFAQ before 4.1.5 contains a privilege escalation vulnerability in GroupController::updatePermissions that allows GROUPEDIT administrators to grant arbitrary rights to groups without verifying they hold those rights themselves. A delegated administrator can exploit this by assigning high-valu...

8.8CVSS0.00325EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/17 6:8 p.m.21 views

Gitea: API Fork Missing CanCreateOrgRepo Check Allows Org Secret Exfiltration

Summary The API endpoint POST /api/v1/repos/owner/repo/forks only checks IsOrgMember when a user forks a repository into an organization, but does not check CanCreateOrgRepo. The web UI fork handler correctly checks both. This allows a read-only organization member — in a team with...

8.1CVSS6AI score0.00304EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.8 views

Apache HTTP Server 安全漏洞

Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. Apache HTTP Server versions 2.4.66 and earlier contain security vulnerabilities, which stem fro...

8.8CVSS5.8AI score0.00654EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.13 views

Amazon Linux 2023 : clamav1.5, clamav1.5-data, clamav1.5-devel (ALAS2023-2026-1565)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1565 advisory. tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As par...

8.1CVSS6AI score0.00397EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2026/04/03 12:0 a.m.4 views

Ubuntu 25.10 : cargo-c vulnerability (USN-8139-1)

The remote Ubuntu 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8139-1 advisory. It was discovered that tar-rs embedded in cargo-c incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into processin...

6.5CVSS6.1AI score0.00379EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/20 5:25 p.m.10 views

tar-rs `unpack_in` can chmod arbitrary directories by following symlinks

Summary When unpacking a tar archive, the tar crate's unpackdir function uses fs::metadata to check whether a path that already exists is a directory. Because fs::metadata follows symbolic links, a crafted tarball containing a symlink entry followed by a directory entry with the same name causes...

6.5CVSS5.9AI score0.00379EPSS
Exploits1References5Affected Software1
AlpineLinux
AlpineLinux
added 2026/03/20 7:11 a.m.3 views

CVE-2026-33056

tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpackdir function uses fs::metadata to check whether a path that already exists is a directory. Because fs::metadata follows symbolic links, a crafted tarball...

6.5CVSS5.9AI score0.00379EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.12 views

PT-2026-22797

IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM S through rage Scale 6.0.0.0 - 6.0.0.1 could allow a local user to unintentionally trigger additional permissions for resources in a way that allows that resource to be executed by unintended actors...

6.6CVSS5.9AI score0.00132EPSS
Exploits0References2
NVD
NVD
added 2026/01/21 10:15 p.m.7 views

CVE-2026-23526

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.0.0 through 2.54.0, users that have the staff status may freely change their permissions, including giving themselves superuser status and joining the admin group, which gives them full access to...

8.8CVSS0.00255EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:43 a.m.16 views

CVE-2022-26344

Incorrect default permissions in the installation binaries for IntelR SEAPI all versions may allow an authenticated user to potentially enable escalation of privilege via local access...

7.8CVSS7.1AI score0.0018EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/01/06 12:28 a.m.7 views

SUSE CVE-2025-11393

A flaw was found in runtimes-inventory-rhel8-operator. An internal proxy component is incorrectly configured. Because of this flaw, the proxy attaches the cluster's main administrative credentials to any command it receives, instead of only the specific reports it is supposed to handle. This allo...

8.7CVSS6.8AI score0.00215EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.11 views

EUVD-2021-2719

Malware in sbrugna...

7.8CVSS7.6AI score0.00228EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2006-1201

Malware in sbrugna...

7.2CVSS6.4AI score0.00384EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-5300

Malware in sbrugna...

9CVSS8.8AI score0.02007EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-14517

Malicious code in bioql PyPI...

5.1CVSS6.6AI score0.00173EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2025-16170

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00302EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-3542

Malicious code in bioql PyPI...

7.8CVSS7.7AI score0.0011EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-31268

Malicious code in bioql PyPI...

7.8CVSS7.6AI score0.00131EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-0165

Malicious code in bioql PyPI...

5.4CVSS6.4AI score0.00322EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-36791

Malicious code in bioql PyPI...

7.8CVSS7.6AI score0.00131EPSS
Exploits0References1
Rows per page
Query Builder