Lucene search
K

1041 matches found

CVE
CVE
added 2026/05/19 9:39 p.m.28 views

CVE-2026-34358

CtrlPanel (open-source billing software) exposes a broken access control in versions 1.1.1 and earlier due to missing authorization on admin write endpoints. Several controllers (ApplicationApiController admin.api.write; CouponController admin.coupons.write; PartnerController admin.partners.write...

8.1CVSS5.9AI score0.00297EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/19 7:30 p.m.25 views

Kong Ingress Controller for Kubernetes (KIC): Cross-namespace TLS Secret Exfiltration in Gateways with GatewayClass missing `konghq.com/gatewayclass-unmanaged: 'true'` annotation

Summary A vulnerability in the Kong Ingress Controller KIC allows for the unauthorized exfiltration of TLS certificates and private keys across Kubernetes namespace boundaries. In "managed" mode where the GatewayClass lacks an unmanaged annotation, the Gateway TLS translator skips critical status...

5.9AI score
Exploits0References5Affected Software3
Rosalinux
Rosalinux
added 2026/05/19 2:18 p.m.13 views

Advisory ROSA-SA-2026-3280

software: etcd 3.6.10 OS: ROSA-CHROME unaffected versions = etcd-3.6.10-1 affected versions etcd-3.6.10-1 CVE-ID: CVE-2026-33343 BDU-ID: None CVE-Crit: NO DATA CVE-DESC.: A vulnerability in etcd allows an authenticated user with limited RBAC rights to bypass key-level authorization using nested...

6.5CVSS5.7AI score0.0021EPSS
Exploits0
OSV
OSV
added 2026/05/18 5:39 a.m.6 views

BIT-ETCD-2026-44283 etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checks

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user...

4.3CVSS5.8AI score0.00225EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2026/05/18 12:0 a.m.63 views

📄 Bichon 1.0.2 Privilege Escalation

Bichon version 1.0.2 suffers from a vertical privilege escalation vulnerability via the account role assignment functionality. Bichon 1.0.2 Vertical Privilege Escalation via Account Role Assignment ====================================================================== Vendor: rustmailer Product:...

5.8AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/05/17 8:1 a.m.13 views

etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checks

...

6.5CVSS5.8AI score0.00225EPSS
Exploits0
NVD
NVD
added 2026/05/14 7:16 p.m.13 views

CVE-2026-45371

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs. POST /api/graph/getGraph, POST /api/graph/getLocalGraph, POST /api/sync/setSyncInterval, POST /api/storage/updateRecentDocViewTime, POST...

7.2CVSS0.00207EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/14 6:16 p.m.14 views

CVE-2026-44283

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user...

4.3CVSS5.8AI score0.00225EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/05/14 5:1 p.m.20 views

CVE-2026-44283

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user...

4.3CVSS5.8AI score0.00225EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/14 5:1 p.m.11 views

EUVD-2026-30345

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user...

5.8AI score0.00225EPSS
Exploits0References1
CVE
CVE
added 2026/05/14 5:1 p.m.33 views

CVE-2026-44283

CVE-2026-44283 affects etcd, a distributed key-value store. The issue: in nested transaction operations, read access via PrevKv or lease attachment in Put requests can bypass RBAC authorization checks. This could allow an authenticated user with limited read or lease permissions to access data th...

4.3CVSS5.8AI score0.00225EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/05/14 4:33 p.m.12 views

Missing Authorization

Overview github.com/portainer/portainer/api/http/proxy/factory/docker is a management UI which allows to manage different Docker environments. Affected versions of this package are vulnerable to Missing Authorization in the enforcement of endpoint security restrictions for non-admin users on Dock...

9.9CVSS5.7AI score0.00347EPSS
Exploits1References2
OSV
OSV
added 2026/05/14 4:22 p.m.5 views

GHSA-RRMM-9V76-H3P4 Portainer missing authorization on Docker plugin endpoints, which allows host RCE

Summary Portainer enforces Role-Based Access Control RBAC on top of the Docker API. The proxy layer routes incoming Docker API requests to per-resource handlers containers, images, services, volumes, etc. that apply authorization checks. The Docker plugin management endpoints /plugins/ were not...

9.4CVSS6AI score0.00328EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/05/14 4:22 p.m.19 views

Portainer missing authorization on Docker plugin endpoints, which allows host RCE

Summary Portainer enforces Role-Based Access Control RBAC on top of the Docker API. The proxy layer routes incoming Docker API requests to per-resource handlers containers, images, services, volumes, etc. that apply authorization checks. The Docker plugin management endpoints /plugins/ were not...

9.4CVSS6AI score0.00328EPSS
Exploits1References6Affected Software1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

etcd 安全漏洞

Etcd is an open-source key-value storage system for distributed systems, written in the Go language. There are security vulnerabilities in versions of etcd prior to 3.4.44, 3.5.30, and 3.6.11. These vulnerabilities stem from transactions that bypass RBAC authorization checks through PrevKv or Put...

4.3CVSS5.8AI score0.00225EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-44283

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via...

4.3CVSS5.6AI score0.00225EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/12 5:57 p.m.33 views

CVE-2026-42541 Kubewarden: RBAC Reconnaissance via unchecked can_i host capability call

Kubewarden is a policy engine for Kubernetes. Prior to , An attacker with privileged AdmissionPolicy or AdmissionPolicyGroup create permissions which isn't the default can craft a policy that makes use of the cani host callback. The callback issues a SubjectAccessReview SAR requests to enumerate...

4.3CVSS0.00171EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 5:57 p.m.12 views

CVE-2026-42541 Kubewarden: RBAC Reconnaissance via unchecked can_i host capability call

Kubewarden is a policy engine for Kubernetes. Prior to , An attacker with privileged AdmissionPolicy or AdmissionPolicyGroup create permissions which isn't the default can craft a policy that makes use of the cani host callback. The callback issues a SubjectAccessReview SAR requests to enumerate...

4.3CVSS5.8AI score0.00171EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 12:32 p.m.13 views

EUVD-2025-209759

The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the 'Internal/Everyone' role can invoke these APIs, bypassing intended permission checks. This same vulnerability also affects Internal Service APIs, potentially exposing them in WSO2 APIM 3.x...

6.3CVSS5.8AI score0.00174EPSS
Exploits0References2
NVD
NVD
added 2026/05/11 10:16 a.m.29 views

CVE-2025-8325

The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the 'Internal/Everyone' role can invoke these APIs, bypassing intended permission checks. This same vulnerability also affects Internal Service APIs, potentially exposing them in WSO2 APIM 3.x...

8.8CVSS0.00174EPSS
Exploits0References1
Rows per page
Query Builder