Lucene search
K

1042 matches found

OSV
OSV
added 2026/06/10 9:53 a.m.3 views

SUSE-SU-2026:22095-1 Security update for mariadb

This update for mariadb fixes the following issues Update to 11.8.8: - CVE-2026-3494: audit plugin comment handling bypass bsc1259176. - CVE-2026-34303: mysql: optimizer unspecified vulnerability bsc1266435. - CVE-2026-35549: SHA2 auth plugin crash on large packets bsc1261413. - CVE-2026-44168:...

10CVSS7.6AI score0.00998EPSS
Exploits1References25
SUSE Linux
SUSE Linux
added 2026/06/10 7:39 a.m.8 views

Security update for mariadb

This update for mariadb fixes the following issues: CVE-2026-3494: audit plugin comment handling bypass bsc1259176. CVE-2026-34303: mysql: optimizer unspecified vulnerability bsc1266435. CVE-2026-35549: SHA2 auth plugin crash on large packets bsc1261413. CVE-2026-44168: wsrep SST unsafe parameter...

9.4CVSS7.1AI score0.00998EPSS
Exploits1References48
OSV
OSV
added 2026/06/10 7:39 a.m.5 views

SUSE-SU-2026:2330-1 Security update for mariadb

This update for mariadb fixes the following issues: - CVE-2026-3494: audit plugin comment handling bypass bsc1259176. - CVE-2026-34303: mysql: optimizer unspecified vulnerability bsc1266435. - CVE-2026-35549: SHA2 auth plugin crash on large packets bsc1261413. - CVE-2026-44168: wsrep SST unsafe...

10CVSS7.2AI score0.00998EPSS
Exploits1References25
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.39 views

PT-2026-48511

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.24.0 Description An issue exists in the Kubernetes-native serverless framework where a tenant with environments.fission.io create/update RBAC permissions can deploy containers with privileged access,...

9.9CVSS5.8AI score0.0029EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/08 7:9 p.m.36 views

CVE-2026-46484 Headplane: Path Traversal + RBAC Bypass in renameNode allows authenticated OIDC users to expire or rename any node/user

Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable to a path traversal / authorization bypass in the Headscale API client used by node and user rename operations. This issue has been patched in versions 0.6.3 and 0.7.0-beta.3...

8.1CVSS0.00374EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.19 views

PT-2026-47624

Name of the Vulnerable Software and Affected Versions Arc versions prior to 2026.06.1 Description An authenticated user can read arbitrary local files by bypassing the user-SQL validator and RBAC table-reference extraction. The validator in internal/api/query.go:ValidateSQLRequest used a regex...

7.1CVSS6AI score0.00029EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/06 3:18 a.m.4 views

SUSE CVE-2025-24784

kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. The policy group feature, added to by the 1.17.0 release. By being namespaced, the AdmissionPolicyGroup has a well constrained impact on cluster resources. Hence, it's considere...

4.3CVSS7AI score0.00282EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.11 views

CVE-2026-44283

A flaw was found in etcd, a distributed key-value store. An authenticated user, without sufficient read or lease-related permissions, could bypass Role-Based Access Control RBAC authorization checks. This bypass occurs during transaction operations involving PrevKv or lease attachment in Put...

5.4CVSS5.8AI score0.00225EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.12 views

CVE-2026-41891

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0 to before version 0.31.8.0, the auth filter has the deactivated/banned user check commented out. This issue has been patched in version...

5.3CVSS5.3AI score0.00269EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.9 views

CVE-2026-41890

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.31.1.0 to before version 0.31.8.0, the deleteProcess action accepts a POST parameter tables containing arbitrary table names. These are pass...

6.9CVSS5.5AI score0.00344EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.11 views

CVE-2026-34358

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write methods, allowing any...

8.1CVSS5.6AI score0.00297EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 5:16 p.m.18 views

CVE-2026-50266

In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set deviceowner to a value that has "network:" at the beginning "network:dhcp" for example. The default port RBAC policies incorrectly included PROJECTMANAGER without...

2.2CVSS0.00262EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/02 4:1 p.m.13 views

CVE-2026-48136

When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain CMA can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permission...

4.1CVSS5.8AI score0.04102EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/01 10:3 p.m.15 views

CVE-2026-44848

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, The Docker plugin management endpoints /plugins/ were not registered...

9.4CVSS5.7AI score0.00328EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/29 5:58 p.m.13 views

CVE-2026-47744 Shopper: Authorization bypass and RBAC privilege escalation in team settings

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/Index had no mount authorization. Any authenticated user could load the page and use its public...

9.9CVSS6AI score0.00321EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 5:58 p.m.32 views

CVE-2026-47744 Shopper: Authorization bypass and RBAC privilege escalation in team settings

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/Index had no mount authorization. Any authenticated user could load the page and use its public...

9.9CVSS0.00321EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 3:23 p.m.9 views

CVE-2026-10101

ACM/MCE assisted-service writes raw referenced pull-secret contents into InfraEnv.status.conditions.message when pull-secret validation fails. A namespace principal with the stock view ClusterRole cannot directly read Secrets, but can read InfraEnv objects and recover the referenced Secret's...

6.3CVSS5.8AI score0.00182EPSS
Exploits0References3
CVE
CVE
added 2026/05/29 3:23 p.m.24 views

CVE-2026-10101

The CVE-2026-10101 issue affects the OpenShift ACM/MCE assisted-service: pull-secret validation failures cause raw referenced pull-secret content to be written into InfraEnv.status.conditions[].message. A namespace viewer with only the view ClusterRole can read InfraEnv objects and reconstruct th...

6.3CVSS5.8AI score0.00182EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/29 12:0 a.m.10 views

CVE-2026-42999

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforcecall unconditionally merges the raw JSON request body into the policy enforcement dictionary via policydict.updatejsoninput.copy, overwriting trusted target data that was previously set from...

6CVSS6AI score0.00329EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.19 views

Linux Distros Unpatched Vulnerability : CVE-2026-42999

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforcecall unconditionally merges the raw JSON request body...

8.8CVSS5.7AI score0.00329EPSS
Exploits1References2
Rows per page
Query Builder