Lucene search
K

3086 matches found

EUVD
EUVD
added 9 hours ago4 views

EUVD-2026-43544

Argo CD Helm Chart before 10.0.0 fails to install network policies by default, allowing any pod on a cluster to access repo-server and other Argo APIs. Attackers can exploit this unrestricted network access through combined attacks to achieve cluster compromise and remote code execution...

8.6CVSS6.2AI score
Exploits0References3
Nuclei
Nuclei
added yesterday22 views

OpenMetaData - SpEL Injection in PUT /api/v1/policies

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. CompiledRule::validateExpression is also called from PolicyRepository.prepare. prepare is called from...

9.4CVSS7.2AI score0.12527EPSS
Exploits0References5
NVD
NVD
added 2 days ago10 views

CVE-2026-15507

A vulnerability was detected in coollabsio Coolify up to 4.1.1. The impacted element is an unknown function of the file /app/Policies/ of the component Policy Handler. Performing a manipulation results in missing authorization. Remote exploitation of the attack is possible. The exploit is now...

6.5CVSS0.00333EPSS
Exploits0References5
CVE
CVE
added 2 days ago12 views

CVE-2026-15507

CVE-2026-15507 affects coollabsio Coolify up to version 4.1.1. The vulnerability is in the Policy Handler component, specifically an unknown function under /app/Policies/. Manipulation can cause missing authorization and enables remote exploitation; the exploit is public. No additional remediatio...

6.5CVSS6.4AI score0.00333EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 5 days ago4 views

fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies

A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by providing a specially crafted Uniform Resource Locator URL containing percent-encoded path separators and dot segments. Due to incorrect processing, fast-uri would decode these elements before proper normalization...

7.5CVSS7.2AI score0.00521EPSS
Exploits0References6
CVE
CVE
added 5 days ago11 views

CVE-2026-4298

The CVE-2026-4298 entry concerns the WordPress plugin DSGVO All in one for WP up to version 4.9. The underlying root cause is Missing Authorization due to the function dsgvo_reset_policy_service_func() lacking capability checks and nonce verification when processing user-supplied parameters to re...

4.3CVSS5.9AI score0.00204EPSS
Exploits0References6
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42562

The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 4.9. This is due to the dsgvoresetpolicyservicefunc function lacking both capability checks and nonce verification while processing user-supplied parameters to reset plugin...

4.3CVSS5.9AI score0.00204EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-4298 DSGVO All in one for WP <= 4.9 - Missing Authorization to Authenticated (Subscriber+) Settings Reset

The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 4.9. This is due to the dsgvoresetpolicyservicefunc function lacking both capability checks and nonce verification while processing user-supplied parameters to reset plugin...

4.3CVSS0.00204EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-4298

The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 4.9. This is due to the dsgvoresetpolicyservicefunc function lacking both capability checks and nonce verification while processing user-supplied parameters to reset plugin...

4.3CVSS5.9AI score0.00204EPSS
Exploits0References7
NVD
NVD
added 6 days ago9 views

CVE-2026-56217

Capgo before 12.128.2 contains a policy bypass vulnerability in appversions update enforcement that allows app-scoped API keys to downgrade encrypted bundles to non-encrypted state. Attackers with app-scoped all API keys can directly update the appversions table via PostgREST to clear sessionkey...

5.3CVSS0.00215EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-42209

Exposure of sensitive information due to incompatible policies vulnerability in NOMYSOFT Informatics Education and Consulting Inc. Nomysem allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Nomysem: through 08072026. NOTE: The vendor was contacted early about this...

6.5CVSS5.9AI score0.00223EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-6280 Improper Access Control in Nomysoft Informatics' Nomysem

Exposure of sensitive information due to incompatible policies vulnerability in NOMYSOFT Informatics Education and Consulting Inc. Nomysem allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Nomysem: through 08072026. NOTE: The vendor was contacted early about this...

6.5CVSS0.00223EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-6280

Exposure of sensitive information due to incompatible policies vulnerability in NOMYSOFT Informatics Education and Consulting Inc. Nomysem allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Nomysem: through 08072026. NOTE: The vendor was contacted early about this...

6.5CVSS5.9AI score0.00223EPSS
Exploits0References2
NVD
NVD
added last week7 views

CVE-2026-53935

Cilium is a networking, observability, and security solution. Prior to 1.17.16, from 1.18.2 to 1.18.9, and from 1.19.0 to 1.19.3, users with the ability to create CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs via addressMatcher, enabling hijacking traffic to Services in any namespa...

6.9CVSS0.00341EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-53935

Cilium is a networking, observability, and security solution. Prior to 1.17.16, from 1.18.2 to 1.18.9, and from 1.19.0 to 1.19.3, users with the ability to create CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs via addressMatcher, enabling hijacking traffic to Services in any namespa...

6.9CVSS6AI score0.00341EPSS
Exploits0References8Affected Software1
EUVD
EUVD
added 2026/07/02 5:11 p.m.14 views

EUVD-2026-36324

OpenClaw: MCP loopback could skip owner-only tool policy for non-owner callers...

6.9CVSS5.8AI score0.00096EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.5 views

io.quarkus/quarkus-vertx-http: Quarkus: Authorization bypass in HTTP path-based policies via encoded characters

A flaw was found in Quarkus. A remote attacker could bypass HTTP path-based authorization policies by using specially crafted encoded semicolons, slashes, or backslashes in HTTP requests. This could allow unauthorized access to protected static resources, leading to information disclosure...

7.5CVSS6AI score0.00463EPSS
Exploits1References5
EUVD
EUVD
added 2026/07/01 12:34 a.m.10 views

EUVD-2026-40450

ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. Remote attackers can bypass path policy restrictions in sandboxed conversion services to write arbitrary files outside intended boundaries...

4.8CVSS5.9AI score0.00164EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 11:17 p.m.6 views

CVE-2026-56350

n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor...

7.7CVSS0.00258EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.31 views

CVE-2026-56377 ImageMagick - Policy Bypass via Incorrect Path Validation

ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. Remote attackers can bypass path policy restrictions in sandboxed conversion services to write arbitrary files outside intended boundaries...

4.8CVSS0.00164EPSS
Exploits0References2
Rows per page
Query Builder