Lucene search
K

10 matches found

NVD
NVD
added 2026/06/12 8:16 p.m.15 views

CVE-2026-54357

An improper authorization vulnerability in MISP allowed an authenticated organization administrator to access or modify user settings belonging to site administrator accounts within the same organization. The affected access-control checks scoped administrative actions by organization membership...

5.1CVSS0.00254EPSS
Exploits0References1
Amazon
Amazon
added 2026/04/30 12:0 a.m.13 views

Important: rclone

Issue Overview: gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted...

9.1CVSS7.6AI score0.01557EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2026/03/25 12:23 a.m.9 views

SUSE CVE-2026-33186

gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory...

8.1CVSS6AI score0.01557EPSS
Exploits1References72
CVE
CVE
added 2026/03/20 10:23 p.m.449 views

CVE-2026-33186

Summary: CVE-2026-33186 affects gRPC-Go prior to 1.79.3, where Authorization bypass could occur due to improper input validation of the HTTP/2 :path header. The server accepted non-canonical paths like Service/Method (missing leading slash), causing canonical “deny” rules in path-based authorizat...

9.1CVSS5.9AI score0.01557EPSS
Exploits1References177Affected Software1
Debian CVE
Debian CVE
added 2026/03/20 10:23 p.m.6 views

CVE-2026-33186

gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory...

9.1CVSS7.6AI score0.01557EPSS
Exploits1
OSV
OSV
added 2026/03/20 10:23 p.m.10 views

CVE-2026-33186 gRPC-Go has an authorization bypass via missing leading slash in :path

gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory...

9.1CVSS6AI score0.01557EPSS
Exploits1References179
Cvelist
Cvelist
added 2026/02/24 1:20 a.m.26 views

CVE-2026-25965 ImageMagick's policy bypass through path traversal allows reading restricted content despite secured policy

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/ can be...

8.6CVSS0.00671EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-27515

Malicious code in bioql PyPI...

4.4CVSS6.5AI score0.00132EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.5 views

PT-2025-36998

Name of the Vulnerable Software and Affected Versions: Himmelblau versions 0.9.0 through 0.9.22 Description: Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. The software derives numeric GIDs for Entra ID groups from the group display name when himmelblau.conf id...

4.4CVSS6.5AI score0.00132EPSS
Exploits0References9
The Hacker News
The Hacker News
added 2023/06/23 9:13 a.m.3 views

NSA Releases Guide to Combat Powerful BlackLotus Bootkit Targeting Windows Systems

The U.S. National Security Agency NSA on Thursday released guidance to help organizations detect and prevent infections of a Unified Extensible Firmware Interface UEFI bootkit called BlackLotus. To that end, the agency is recommending that "infrastructure owners take action by hardening user...

6.7CVSS6.7AI score0.10561EPSS
Exploits1
Rows per page
Query Builder