Lucene search
K

6 matches found

OSV
OSV
added 2026/05/21 8:44 p.m.6 views

GHSA-4XRH-5M3M-328W @hulumi/policies: CIS 1.16 admin policy bypass for inline and attached IAM policies

Impact: @hulumi/policies versions before 1.3.2 did not fully inspect inline and attached IAM policy evidence for the administrator-policy guardrail, so some admin-equivalent policy paths could pass policy evaluation. Patched in 1.3.2: the validator inspects the affected policy shapes and includes...

8.7CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/07 3:34 a.m.9 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the RSL policy validation. An attacker can revert the system to a previous trusted state by creating a new Reference State Log entry that references an older policy, provided it i...

6CVSS5.8AI score0.00198EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/11 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-38223

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ceph: avoid kernel BUG for encrypted inode with unaligned file size The generic/397 test hit...

5.5CVSS5.8AI score0.00088EPSS
Exploits0References3
Amazon
Amazon
added 2023/08/25 12:0 a.m.5 views

Medium: jsoup

Issue Overview: jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default...

6.1CVSS6.8AI score0.01208EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2022/08/29 12:0 a.m.4 views

CVE-2022-36033 jsoup may not sanitize Cross-Site Scripting (XSS) attempts if SafeList.preserveRelativeLinks is enabled

jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default...

6.1CVSS6.2AI score0.01208EPSS
Exploits1References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/06/15 8:47 a.m.4 views

Growi vulnerable to weak password requirements

Overview GROWI provided by WESEEK, Inc. contains a weak password requirements vulnerability CWE-521, CVE-2022-1236. 418sec first reported this vulnerability to JPCERT/CC, then JPCERT/CC contacted WSEEK, Inc. as a coordinator. After the coordination between 418sec and WESEEK, Inc. was completed,...

6.5CVSS6.7AI score0.00535EPSS
Exploits0References6
Rows per page
Query Builder