Lucene search
K

3089 matches found

Nuclei
Nuclei
added 8 hours ago22 views

OpenMetaData - SpEL Injection in PUT /api/v1/policies

OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. CompiledRule::validateExpression is also called from PolicyRepository.prepare. prepare is called from...

9.4CVSS7.2AI score0.12527EPSS
Exploits0References5
EUVD
EUVD
added 14 hours ago4 views

EUVD-2026-43544

Argo CD Helm Chart before 10.0.0 fails to install network policies by default, allowing any pod on a cluster to access repo-server and other Argo APIs. Attackers can exploit this unrestricted network access through combined attacks to achieve cluster compromise and remote code execution...

8.6CVSS6.2AI score
Exploits0References3
CVE
CVE
added yesterday9 views

CVE-2026-62185

The CVE-2026-62185 affects the Argo CD Helm Chart prior to 10.0.0, which fails to install network policies by default. As a result, any pod on the cluster can access the repo-server and other Argo APIs, enabling unrestricted network access. This can lead to cluster compromise and remote code exec...

8.6CVSS6.2AI score
Exploits0References2
Cvelist
Cvelist
added yesterday20 views

CVE-2026-62186 OpenClaw < 2026.6.8 Authorization Bypass via HTTP Model Override

OpenClaw versions before 2026.6.8 contain an authorization bypass vulnerability in OpenAI-compatible HTTP model overrides that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to bypass admin authorization...

7.6CVSS
Exploits0References2
NVD
NVD
added 2 days ago10 views

CVE-2026-15507

A vulnerability was detected in coollabsio Coolify up to 4.1.1. The impacted element is an unknown function of the file /app/Policies/ of the component Policy Handler. Performing a manipulation results in missing authorization. Remote exploitation of the attack is possible. The exploit is now...

6.5CVSS0.00333EPSS
Exploits0References5
CVE
CVE
added 2 days ago12 views

CVE-2026-15507

CVE-2026-15507 affects coollabsio Coolify up to version 4.1.1. The vulnerability is in the Policy Handler component, specifically an unknown function under /app/Policies/. Manipulation can cause missing authorization and enables remote exploitation; the exploit is public. No additional remediatio...

6.5CVSS6.4AI score0.00333EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2 days ago6 views

PT-2026-57574

Name of the Vulnerable Software and Affected Versions coollabsio Coolify versions prior to 4.1.2 Description A flaw in the Policy Handler component, specifically within a function in the /app/Policies/ file, allows for missing authorization. This issue enables remote exploitation through...

6.5CVSS6.7AI score0.00333EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 5 days ago4 views

fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies

A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by providing a specially crafted Uniform Resource Locator URL containing percent-encoded path separators and dot segments. Due to incorrect processing, fast-uri would decode these elements before proper normalization...

7.5CVSS7.2AI score0.00521EPSS
Exploits0References6
CVE
CVE
added 5 days ago11 views

CVE-2026-4298

The CVE-2026-4298 entry concerns the WordPress plugin DSGVO All in one for WP up to version 4.9. The underlying root cause is Missing Authorization due to the function dsgvo_reset_policy_service_func() lacking capability checks and nonce verification when processing user-supplied parameters to re...

4.3CVSS5.9AI score0.00204EPSS
Exploits0References6
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42562

The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 4.9. This is due to the dsgvoresetpolicyservicefunc function lacking both capability checks and nonce verification while processing user-supplied parameters to reset plugin...

4.3CVSS5.9AI score0.00204EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-4298 DSGVO All in one for WP <= 4.9 - Missing Authorization to Authenticated (Subscriber+) Settings Reset

The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 4.9. This is due to the dsgvoresetpolicyservicefunc function lacking both capability checks and nonce verification while processing user-supplied parameters to reset plugin...

4.3CVSS0.00204EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-4298

The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 4.9. This is due to the dsgvoresetpolicyservicefunc function lacking both capability checks and nonce verification while processing user-supplied parameters to reset plugin...

4.3CVSS5.9AI score0.00204EPSS
Exploits0References7
NVD
NVD
added 6 days ago9 views

CVE-2026-56217

Capgo before 12.128.2 contains a policy bypass vulnerability in appversions update enforcement that allows app-scoped API keys to downgrade encrypted bundles to non-encrypted state. Attackers with app-scoped all API keys can directly update the appversions table via PostgREST to clear sessionkey...

5.3CVSS0.00215EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-42209

Exposure of sensitive information due to incompatible policies vulnerability in NOMYSOFT Informatics Education and Consulting Inc. Nomysem allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Nomysem: through 08072026. NOTE: The vendor was contacted early about this...

6.5CVSS5.9AI score0.00223EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-6280 Improper Access Control in Nomysoft Informatics' Nomysem

Exposure of sensitive information due to incompatible policies vulnerability in NOMYSOFT Informatics Education and Consulting Inc. Nomysem allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Nomysem: through 08072026. NOTE: The vendor was contacted early about this...

6.5CVSS0.00223EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-6280

Exposure of sensitive information due to incompatible policies vulnerability in NOMYSOFT Informatics Education and Consulting Inc. Nomysem allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Nomysem: through 08072026. NOTE: The vendor was contacted early about this...

6.5CVSS5.9AI score0.00223EPSS
Exploits0References2
NVD
NVD
added last week7 views

CVE-2026-53935

Cilium is a networking, observability, and security solution. Prior to 1.17.16, from 1.18.2 to 1.18.9, and from 1.19.0 to 1.19.3, users with the ability to create CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs via addressMatcher, enabling hijacking traffic to Services in any namespa...

6.9CVSS0.00341EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-53935

Cilium is a networking, observability, and security solution. Prior to 1.17.16, from 1.18.2 to 1.18.9, and from 1.19.0 to 1.19.3, users with the ability to create CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs via addressMatcher, enabling hijacking traffic to Services in any namespa...

6.9CVSS6AI score0.00341EPSS
Exploits0References8Affected Software1
EUVD
EUVD
added 2026/07/02 5:11 p.m.14 views

EUVD-2026-36324

OpenClaw: MCP loopback could skip owner-only tool policy for non-owner callers...

6.9CVSS5.8AI score0.00096EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.5 views

io.quarkus/quarkus-vertx-http: Quarkus: Authorization bypass in HTTP path-based policies via encoded characters

A flaw was found in Quarkus. A remote attacker could bypass HTTP path-based authorization policies by using specially crafted encoded semicolons, slashes, or backslashes in HTTP requests. This could allow unauthorized access to protected static resources, leading to information disclosure...

7.5CVSS6AI score0.00463EPSS
Exploits1References5
Rows per page
Query Builder