CVE-2026-42083

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, PCF NpcfSMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and disclosure of subscriber SUPI. In NewServer, the smPolicyGroup route group is created and routes are...

CVE-2025-64761 OpenBao Privileged Operator Identity Group Root Escalation

OpenBao is an open source identity-based secrets management system. Prior to version 2.4.4, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user's permissions in the system. Specifically this is an issue when...

CVE-2025-64761 OpenBao Privileged Operator Identity Group Root Escalation

OpenBao is an open source identity-based secrets management system. Prior to version 2.4.4, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user's permissions in the system. Specifically this is an issue when...

OpenBao is Vulnerable to Privileged Operator Identity Group Root Escalation

Impact Similar to HCSEC-2025-13 / CVE-2025-5999, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user's permissions in the system. Specifically this is an issue when: 1. An operator in the root namespace has...

GHSA-7FF4-JW48-3436 OpenBao is Vulnerable to Privileged Operator Identity Group Root Escalation

Impact Similar to HCSEC-2025-13 / CVE-2025-5999, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user's permissions in the system. Specifically this is an issue when: 1. An operator in the root namespace has...

EUVD-2021-12255

Malware in sbrugna...

EUVD-2021-18138

Malware in sbrugna...

EUVD-2005-2556

Malware in sbrugna...

EUVD-2023-43719

Malicious code in bioql PyPI...

Privilege Escalation

github.com/hashicorp/vault is vulnerable to privilege escalation. The vulnerability is due to a privileged operator with write permissions to the root namespace’s identity endpoint being able to escalate their own or another user’s token privileges, which allows an attacker to gain Vault’s root...

CVE-2024-10925 Authorization Bypass Through User-Controlled Key in GitLab

A vulnerability in GitLab-EE affecting all versions from 16.2 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows a Guest user to read Security policy YAML...

CVE-2024-6356 Incorrect User Management in GitLab

An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which allowed cross project access for Security policy bot...

Amazon Linux 2022 : containerd, containerd-stress (ALAS2022-2022-032)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-032 advisory. A bug was found in containerd where containers launched through containerd's CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and...

CVE-2023-20230

A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies for example, access policies created by users associated with a different securi...

PT-2023-24122 · Hashicorp +1 · Hashicorp Nomad Enterprise +1

Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad Enterprise versions 1.2.11 through 1.5.6 HashiCorp Nomad Enterprise version 1.4.10 Description: A vulnerability exists where the API caller's ACL token secret ID is exposed to Sentinel policies. Additionally, ACL policies usin...

Hashicorp HashiCorp Vault 安全漏洞

HashiCorp HashiCorp Vault is a private key access management tool from HashiCorp Hashicorp, U.S. A security vulnerability exists in HashiCorp Vault and Vault Enterprise, which stems from allowing a user with write access to an entity alias ID to share with another user load visitors to gain acces...

CVE-2021-23890

Information leak vulnerability in the Agent Handler of McAfee ePolicy Orchestrator ePO prior to 5.10 Update 10 allows an unauthenticated user to download McAfee product packages specifically McAfee Agent available in ePO repository and install them on their own machines to have it managed and the...

CVE-2020-7276

Authentication bypass vulnerability in MfeUpgradeTool in McAfee Endpoint Security ENS for Windows prior to 10.7.0 April 2020 Update allows administrator users to access policy settings via running this tool...

openstack-keystone: Information Exposure through /v3/OS-FEDERATION/projects

A flaw was found in Keystone federation. By doing GET /v3/OS-FEDERATION/projects an authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Only Keystone with the /v3/OS-FEDERATION endpoint enabled via policy.json is...