Lucene search
K

25 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.10 views

CVE-2026-41954

Sensitive information disclosure vulnerability exists in the undisclosed iControl REST endpoint and TMOS Shell tmsh command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information. Note: Software versions which have reached End of...

6.9CVSS5.6AI score0.00294EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2014-2235

Malware in sbrugna...

4.3CVSS6.4AI score0.01246EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-7078

Malicious code in bioql PyPI...

8.1CVSS8AI score0.00508EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/03/05 12:0 a.m.9 views

PT-2025-9821

Name of the Vulnerable Software and Affected Versions Kibana versions 8.15.0 through 8.17.2 Description Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests. In Kibana versions = 8.15.0 and 8.17.1, this is exploitable by...

9.9CVSS7.9AI score0.01218EPSS
Exploits0References24
Positive Technologies
Positive Technologies
added 2024/11/22 12:0 a.m.4 views

PT-2024-35462 · Argo Helm · Argo Helm

Name of the Vulnerable Software and Affected Versions: Argo Helm versions prior to 0.45.0 Description: The issue is related to the workflow-role lacking granularity in its privileges, giving unnecessary permissions to workflowtasksets and workflowartifactgctasks for all workflow Pods. This could...

2.8CVSS7.1AI score0.00176EPSS
Exploits0References7
OSV
OSV
added 2024/10/04 6:50 p.m.9 views

GHSA-8XQ9-G7CH-35HG Parse Server's custom object ID allows to acquire role privileges

Impact If the Parse Server option allowCustomObjectId: true is set, an attacker that is allowed to create a new user can set a custom object ID for that new user that exploits the vulnerability and acquires privileges of a specific role. Patches Improved validation for custom user object IDs...

8.6CVSS8.1AI score0.00414EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2024/10/04 6:50 p.m.14 views

Parse Server's custom object ID allows to acquire role privileges

Impact If the Parse Server option allowCustomObjectId: true is set, an attacker that is allowed to create a new user can set a custom object ID for that new user that exploits the vulnerability and acquires privileges of a specific role. Patches Improved validation for custom user object IDs...

8.1CVSS7AI score0.00414EPSS
Exploits0References7Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:54 p.m.107 views

K59904248: iControl SOAP vulnerability CVE-2022-29474

Security Advisory Description A directory traversal vulnerability exists in iControl SOAP that allows an authenticated attacker with at least guest role privileges to read wsdl files in the BIG-IP file system. CVE-2022-29474 Impact An authenticated attacker with at least guest role privileges may...

4.3CVSS4.6AI score0.01469EPSS
Exploits0Affected Software13
Prion
Prion
added 2023/02/06 8:15 p.m.17 views

Cross site scripting

The WP Blog and Widgets WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

4.9CVSS5.3AI score0.00649EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2022/05/24 4:55 p.m.16 views

GHSA-FP37-C92Q-4PWQ Kubernetes kube-apiserver unauthorized access

The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with...

8.1CVSS7.8AI score0.02092EPSS
Exploits0References14
Prion
Prion
added 2022/05/05 5:15 p.m.28 views

Directory traversal

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a directory traversal vulnerability exists in iControl SOAP that allows an authenticated attacker with at...

4CVSS4.4AI score0.01469EPSS
Exploits0References1Affected Software11
Cvelist
Cvelist
added 2022/05/05 4:45 p.m.26 views

CVE-2022-29474

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a directory traversal vulnerability exists in iControl SOAP that allows an authenticated attacker with at...

4.3CVSS4.7AI score0.01469EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/05/05 12:0 a.m.56 views

F5 Networks BIG-IP : iControl SOAP vulnerability (K59904248)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.5 / 14.1.4.6 / 15.1.5.1 / 16.1.2.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K59904248 advisory. - On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1,...

4.3CVSS5.3AI score0.01469EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2020/04/09 10:0 a.m.31 views

CVE-2019-11247

The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with...

8.1CVSS3.7AI score0.02092EPSS
Exploits0References4
Cvelist
Cvelist
added 2019/08/29 12:25 a.m.22 views

CVE-2019-11247 Kubernetes kube-apiserver allows access to custom resources via wrong scope

The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with...

5CVSS7.9AI score0.02092EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2019/08/29 12:25 a.m.24 views

CVE-2019-11247

The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with...

8.1CVSS6.1AI score0.02092EPSS
Exploits0
Prion
Prion
added 2014/05/20 11:13 a.m.17 views

Design/Logic Flaw

Cisco AsyncOS on Email Security Appliance ESA and Content Security Management Appliance SMA devices, when Active Directory is enabled, does not properly handle group names, which allows remote attackers to gain role privileges by leveraging group-name similarity, aka Bug ID CSCum86085...

4.3CVSS7.6AI score0.01246EPSS
Exploits0References2
Cvelist
Cvelist
added 2014/05/20 10:0 a.m.22 views

CVE-2014-2195

Cisco AsyncOS on Email Security Appliance ESA and Content Security Management Appliance SMA devices, when Active Directory is enabled, does not properly handle group names, which allows remote attackers to gain role privileges by leveraging group-name similarity, aka Bug ID CSCum86085...

7AI score0.01246EPSS
Exploits0References2
NVD
NVD
added 2012/09/18 5:55 p.m.26 views

CVE-2012-4413

OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles...

4CVSS6.1AI score0.01881EPSS
Exploits0References7
NVD
NVD
added 2008/06/18 10:41 p.m.16 views

CVE-2008-2768

Cross-site scripting XSS vulnerability in admin/search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to inject arbitrary web script or HTML via unspecified vectors "all fields"...

3.5CVSS5.2AI score0.00892EPSS
Exploits1References5
Rows per page
Query Builder