Lucene search
K

565 matches found

RedHat Linux
RedHat Linux
added 5 days ago10 views

mariadb: MariaDB: Privilege bypass allows unauthorized file write via subqueries

A flaw was found in MariaDB server. This vulnerability allows a low-privileged authenticated user to bypass a security control that normally restricts file operations. Specifically, the system failed to verify the necessary 'FILE' privilege when certain 'SELECT' statements, which write data to...

8.1CVSS5.8AI score0.00399EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 5 days ago5 views

mariadb: MariaDB: Privilege bypass allows unauthorized file write via subqueries

A flaw was found in MariaDB server. This vulnerability allows a low-privileged authenticated user to bypass a security control that normally restricts file operations. Specifically, the system failed to verify the necessary 'FILE' privilege when certain 'SELECT' statements, which write data to...

8.1CVSS5.8AI score0.00399EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 5 days ago7 views

mariadb: MariaDB: Privilege bypass allows unauthorized file write via subqueries

A flaw was found in MariaDB server. This vulnerability allows a low-privileged authenticated user to bypass a security control that normally restricts file operations. Specifically, the system failed to verify the necessary 'FILE' privilege when certain 'SELECT' statements, which write data to...

8.1CVSS5.8AI score0.00399EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 5 days ago4 views

mariadb: MariaDB: Privilege bypass allows unauthorized file write via subqueries

A flaw was found in MariaDB server. This vulnerability allows a low-privileged authenticated user to bypass a security control that normally restricts file operations. Specifically, the system failed to verify the necessary 'FILE' privilege when certain 'SELECT' statements, which write data to...

8.1CVSS5.8AI score0.00399EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 5 days ago3 views

mariadb: MariaDB server: Information disclosure of stored routine definitions due to insufficient privilege check

A flaw was found in MariaDB server. A user who has been granted EXECUTE access to a stored routine through a role can view the definition of that routine. This information disclosure occurs even if the user does not possess the SHOW CREATE ROUTINE privilege, potentially exposing sensitive routine...

4.3CVSS5.7AI score0.00161EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 6 days ago3 views

mariadb: MariaDB: Privilege bypass allows unauthorized file write via subqueries

A flaw was found in MariaDB server. This vulnerability allows a low-privileged authenticated user to bypass a security control that normally restricts file operations. Specifically, the system failed to verify the necessary 'FILE' privilege when certain 'SELECT' statements, which write data to...

8.1CVSS5.8AI score0.00399EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.7 views

RockyLinux 10 : firefox (RLSA-2026:27733)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:27733 advisory. firefox: thunderbird: Sandbox escape in the DOM: Workers component CVE-2026-12294 firefox: thunderbird: Information disclosure, sandbox escape in the...

9.6CVSS6AI score0.00476EPSS
Exploits0References59
RedhatCVE
RedhatCVE
added 2026/06/23 7:44 a.m.6 views

CVE-2026-44173

A flaw was found in MariaDB server. This vulnerability allows a low-privileged authenticated user to bypass a security control that normally restricts file operations. Specifically, the system failed to verify the necessary 'FILE' privilege when certain 'SELECT' statements, which write data to...

8.1CVSS5.8AI score0.00399EPSS
Exploits0References5
CVE
CVE
added 2026/06/11 9:22 p.m.20 views

CVE-2026-45174

The vulnerability CVE-2026-45174 affects Idira Endpoint Privilege Manager Linux Agent prior to version 26.5. A local attacker could potentially bypass the agent daemon initialization process, enabling compromise of the daemon initialization sequence. Affected component: Idira EPM Linux Agent; roo...

8.5CVSS5.5AI score0.00126EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

Splunk Enterprise 输入验证错误漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of the American company Splunk. Splunk Cloud Platform is a powerful service for data collection, processing, and analysis. Splunk Enterprise is a suite of software for data collection and analysis. There is an input validation...

5.7CVSS5.9AI score0.00247EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.12 views

CVE-2026-31369

PcManager is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability...

3.2CVSS5.4AI score0.001EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 7:47 p.m.37 views

CVE-2026-48811 FreeScout: Thread Deletion Bypasses Mailbox Access Revocation

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, FreeScout allows a non-admin user to permanently delete an internal note private thread from any conversation, even after that user's access to the mailbox containing the conversation has been...

4.3CVSS0.00155EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the function fsnotifygetmarksafe in fanotify. This function may return false positives for...

7.1CVSS5.8AI score0.00142EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.8 views

Amazon Linux 2023 : docker (ALAS2023-2026-1659)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1659 advisory. Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin...

8.4CVSS5.8AI score0.00387EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/14 3:27 a.m.8 views

CVE-2026-7648

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. This is due to improper handling of user-supplied request parameters in the REST API endpoint, whi...

4.3CVSS5.8AI score0.00423EPSS
Exploits0References9
Amazon
Amazon
added 2026/05/14 12:0 a.m.10 views

Medium: docker

Issue Overview: Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may...

8.1CVSS5.8AI score0.00387EPSS
Exploits0
Amazon
Amazon
added 2026/05/14 12:0 a.m.11 views

Medium: docker

Issue Overview: Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may...

8.1CVSS5.8AI score0.00387EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.14 views

Amazon Linux 2 : docker, --advisory ALAS2DOCKER-2026-114 (ALASDOCKER-2026-114)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-114 advisory. Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that...

8.4CVSS5.8AI score0.00387EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.12 views

Amazon Linux 2 : docker, --advisory ALAS2NITRO-ENCLAVES-2026-100 (ALASNITRO-ENCLAVES-2026-100)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-100 advisory. Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been...

8.4CVSS5.8AI score0.00387EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

Wagtail 安全漏洞

Wagtail is an open-source content management system CMS developed by Wagtail. Versions of Wagtail prior to 7.0.7, 7.3.2, and 7.4 contained security vulnerabilities. These vulnerabilities stemmed from the ability for CMS users to submit content by constructing forms that allowed them to delete for...

6.5CVSS5.8AI score0.00174EPSS
Exploits0References1
Rows per page
Query Builder