Lucene search
K

8 matches found

ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-44787

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the signup flow could allow newly registered users to set primarygroupid and gain whisper-group privileges without legitimate group membership on sites with whispersallowedgroups configured. This...

8.2CVSS6AI score
Exploits0References10Affected Software1
CVE
CVE
added yesterday10 views

CVE-2026-44787

Discourse exposes a flaw in signup: before versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a new user could set primary_group_id and gain whisper-group privileges when whispers_allowed_groups is configured. This is fixed in 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5. The CVSS 3.1 base score ...

8.2CVSS6AI score
Exploits0References9
NVD
NVD
added 2026/04/27 4:16 p.m.42 views

CVE-2026-6970

authd prior to version 0.6.4 contains a logic error in primary group ID assignment that can lead to local privilege escalation. When a user's primary group ID GID differs from their UID, either because the account was created with authd prior to version 0.5.4 or because the primary group was...

7.3CVSS0.0011EPSS
Exploits0References2
OSV
OSV
added 2026/04/27 3:39 p.m.23 views

USN-8212-1 authd vulnerability

It was discovered that authd incorrectly assigned the primary group ID to users under certain conditions. A local attacker could possibly use this issue to achieve privilege escalation, or gain unauthorized access to files belonging to other users...

7.3CVSS5.4AI score0.0011EPSS
Exploits0References2
CVE
CVE
added 2026/04/27 3:28 p.m.25 views

CVE-2026-6970

Summary: CVE-2026-6970 affects authd prior to 0.6.4 and describes a logic error in primary group ID (GID) assignment. If a user’s GID differs from their UID (either from pre-0.5.4 account creation or via authctl group set-gid) and the identity provider record is updated, authd resets the primary ...

7.3CVSS5.2AI score0.0011EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/27 3:28 p.m.4 views

CVE-2026-6970

authd prior to version 0.6.4 contains a logic error in primary group ID assignment that can lead to local privilege escalation. When a user's primary group ID GID differs from their UID, either because the account was created with authd prior to version 0.5.4 or because the primary group was...

7.3CVSS5.2AI score0.0011EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/27 3:28 p.m.66 views

CVE-2026-6970 authd Denial of Service and Local Privilege Escalation

authd prior to version 0.6.4 contains a logic error in primary group ID assignment that can lead to local privilege escalation. When a user's primary group ID GID differs from their UID, either because the account was created with authd prior to version 0.5.4 or because the primary group was...

7.3CVSS0.0011EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.10 views

PT-2026-35449

Name of the Vulnerable Software and Affected Versions authd versions prior to 0.6.4 Description A logic error exists in the primary group ID assignment. When a user's primary group ID GID differs from their user ID UID—occurring if the account was created with versions prior to 0.5.4 or if the...

7.3CVSS5.8AI score0.0011EPSS
Exploits0References16
Rows per page
Query Builder