Lucene search
K

28865 matches found

OSV
OSV
added 6 days ago4 views

GHSA-VX8H-4PRV-G744 Rancher has Privilege Escalation from Project Owner to Host

Impact A vulnerability has been identified in Rancher Manager that allows users assigned the Project Owner role to modify Pod Security Admission PSA labels on namespaces within their projects. Under the default role configuration, an attacker with the following access pattern can exploit this...

9.4CVSS5.8AI score0.00319EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 6 days ago6 views

Rancher has Privilege Escalation from Project Owner to Host

Impact A vulnerability has been identified in Rancher Manager that allows users assigned the Project Owner role to modify Pod Security Admission PSA labels on namespaces within their projects. Under the default role configuration, an attacker with the following access pattern can exploit this...

9.4CVSS5.8AI score0.00319EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-40130

Rancher has Privilege Escalation from Project Owner to Host...

9.4CVSS5.8AI score0.00319EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 6 days ago11 views

6 security settings every GitHub maintainer should enable this week

At GitHub Security Lab, we spend a lot of our week talking to maintainers. Some find the settings page dense and the docs sprawl. Most maintainers we talk to weren't hired to be security engineers. While this is true, ignoring a project's security settings completely will lead into leaving a lot ...

5.9AI score
Exploits0
OSV
OSV
added 6 days ago9 views

ROOT-APP-GOBINARY-CVE-2026-39831 CVE-2026-39831 in rootio-golang.org/x/crypto - Patched by Root

Root has patched CVE-2026-39831 in the rootio-golang.org/x/crypto package for Root:Go. Multiple fixed versions available...

9.1CVSS5.8AI score0.00373EPSS
Exploits0
NVD
NVD
added 6 days ago8 views

CVE-2026-12090

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to generic SQL Injection via the 'wppmprojfilter' parameter in all versions up to, and including, 5.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficie...

6.5CVSS0.00319EPSS
Exploits0References9
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-40898

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to generic SQL Injection via the 'wppmprojfilter' parameter in all versions up to, and including, 5.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficie...

6.5CVSS5.9AI score0.00319EPSS
Exploits0References9
Nuclei
Nuclei
added 6 days ago483 views

GLPI <=10.0.2 - Remote Command Execution

GLPI through 10.0.2 is susceptible to remote command execution injection in /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module. id: CVE-2022-35914 info: name: GLPI =10.0.2 - Remote Command Execution author: For3stCo1d,allendemoura severity: critical description: | GLPI through 10.0...

9.8CVSS7.8AI score0.99628EPSS
Exploits13References7
SUSE CVE
SUSE CVE
added 6 days ago7 views

SUSE CVE-2026-13574

A vulnerability was determined in llvm llvm-project up to 22.1.6. This impacts the function GCRelocateInst::getBasePtr in the library llvm/lib/IR/IntrinsicInst.cpp of the component Bitcode File Handler. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on th...

4.8CVSS5.8AI score0.00124EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 2:30 p.m.11 views

CVE-2026-48192

CVE-2026-48192 affects Mendix Studio Pro across multiple versions (10.x and 11.x) with a flaw where built project files are not properly validated/sanitized during the build pipeline. An attacker could trick a user into opening and running a specially crafted malicious project locally, potentiall...

6.8CVSS6.1AI score0.00193EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 2:21 p.m.10 views

CVE-2026-44947

CVE-2026-44947 describes a missing clean-up in the legacy Project Role Template Binding (PRTB) reconciler in Rancher, affecting versions 2.13.0–2.13.7 and 2.14.0–2.14.3. The issue allows users to retain unauthorized Pod Security Admission (PSA) permissions after an administrator removes those per...

6.9CVSS5.7AI score0.00229EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-13573

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library /lib/IR/ValueSymbolTable.cpp of th...

4.8CVSS6AI score0.00124EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-53897

Name of the Vulnerable Software and Affected Versions Mendix Studio Pro versions 10.11 through 10.23 Mendix Studio Pro versions prior to 10.24.21 Mendix Studio Pro versions 11.0 through 11.5 Mendix Studio Pro versions prior to 11.6.7 Mendix Studio Pro versions 11.7 through 11.11 Description...

6.8CVSS6.3AI score0.00193EPSS
Exploits0References5
NVD
NVD
added 2026/06/29 10:16 p.m.6 views

CVE-2026-34592

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, Coolify server and project lookups are not scoped to the current team, allowing any authenticated user to access servers and projects belonging to other teams by specifying...

7.7CVSS0.00201EPSS
Exploits0References1
CVE
CVE
added 2026/06/29 9:47 p.m.11 views

CVE-2026-34592

CVE-2026-34592 (Coolify) affects the Coolify server and project lookup functionality. Before 4.0.0-beta.471, lookups were not scoped to the current team, allowing any authenticated user to access servers and projects belonging to other teams by specifying IDs directly. This constitutes an unauthe...

7.7CVSS5.8AI score0.00201EPSS
Exploits0References1
NVD
NVD
added 2026/06/29 4:16 p.m.8 views

CVE-2026-41052

Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10...

9.4CVSS0.00319EPSS
Exploits0References1
CVE
CVE
added 2026/06/29 4:2 p.m.15 views

CVE-2026-13749

Snowflake CLI prior to 3.19 is affected by Improper neutralization in the Snowpark annotation processor callback template, enabling arbitrary code execution during bundling or deployment. An attacker can supply crafted project content that is interpolated into generated Python code, causing code ...

8.8CVSS6.5AI score0.0037EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/29 3:41 p.m.34 views

CVE-2026-41052 Rancher Privilege Escalation from Project Owner to Host

Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10...

9.4CVSS0.00319EPSS
Exploits0References1
CVE
CVE
added 2026/06/29 3:41 p.m.55 views

CVE-2026-41052

Rancher CVE-2026-41052 describes improper privilege handling that enables users with the Project Owner role to escalate to host-level privileges. Affected releases include Rancher 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10. The entry provides a CVSS v4.0 score of 9.4 (CRITICA...

9.4CVSS5.8AI score0.00319EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/29 3:16 p.m.4 views

UBUNTU-CVE-2026-13574

A vulnerability was determined in llvm llvm-project up to 22.1.6. This impacts the function GCRelocateInst::getBasePtr in the library llvm/lib/IR/IntrinsicInst.cpp of the component Bitcode File Handler. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on th...

4.8CVSS5.7AI score0.00124EPSS
Exploits0References8
Rows per page
Query Builder