Lucene search
K

1038 matches found

Cvelist
Cvelist
added 2026/05/09 3:44 a.m.43 views

CVE-2026-42183 Argo Workflows: SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go)

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, a nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization causes a panic denial of service for SSO users whose claims match a...

2.3CVSS0.00377EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/09 3:44 a.m.6 views

EUVD-2026-28891

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, a nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization causes a panic denial of service for SSO users whose claims match a...

2.3CVSS5.7AI score0.00377EPSS
Exploits1References3
CVE
CVE
added 2026/05/09 3:44 a.m.14 views

CVE-2026-42183

CVE-2026-42183 affects Argo Workflows (versions 4.0.0–4.0.4) where a nil pointer dereference in server/auth/gatekeeper.go rbacAuthorization() can cause a denial of service for SSO users when SSO_DELEGATE_RBAC_TO_NAMESPACE is true. The issue arises for claims matching a namespace-level RBAC rule b...

6.5CVSS5.7AI score0.00377EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 5:24 p.m.13 views

ExternalSecrets vulnerable to privilege escalation with secret overwriting

ExternalSecrets allows users to craft Service Account tokens for misconfigured Service Accounts in namespaces the users have access to. Impact A user who only has permission to create ExternalSecret resources can cause the operator to create a Secret that Kubernetes will automatically populate wi...

4.9CVSS5.8AI score0.00214EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/08 2:27 p.m.7 views

CVE-2026-41487

Langfuse is an open source large language model engineering platform. From version 3.68.0 to before version 3.167.0, there is a role-based-access control flaw in the LLM connection update flow. An authenticated, low-privileged user of role “member” in a project could request the update of an...

5.3CVSS5.7AI score0.00181EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2026/05/08 2:27 p.m.28 views

CVE-2026-41487

CVE-2026-41487 affects Langfuse (open source LLM engineering platform). From version 3.68.0 up to before 3.167.0, a role-based access control flaw in the LLM connection update flow allowed an authenticated, low-privilege user with the role “member” in a project to request updating an LLM connecti...

5.4CVSS5.7AI score0.00181EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/08 2:27 p.m.9 views

CVE-2026-41487 Langfuse: Improper role-based-access control in Langfuse LLM connection management allowed users of role “member” to retrieve stored LLM provider API keys

Langfuse is an open source large language model engineering platform. From version 3.68.0 to before version 3.167.0, there is a role-based-access control flaw in the LLM connection update flow. An authenticated, low-privileged user of role “member” in a project could request the update of an...

5.3CVSS5.7AI score0.00181EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.11 views

langfuse 访问控制错误漏洞

Langfuse is an open-source large language model engineering platform developed by Langfuse. Versions 3.68.0 to 3.167.0 contained a access control vulnerability. This vulnerability stemmed from a role-based access control flaw in the LLM connection update process. It could allow low-privilege user...

5.4CVSS5.8AI score0.00181EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.17 views

PT-2026-39011

Name of the Vulnerable Software and Affected Versions Langfuse versions 3.68.0 through 3.166.0 Description A role-based access control flaw exists in the LLM connection update flow. An authenticated user with the "member" role in a project can request an update to an existing LLM connection by...

5.4CVSS5.8AI score0.00181EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/05/07 3:24 a.m.7 views

CVE-2026-41891

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0 to before version 0.31.8.0, the auth filter has the deactivated/banned user check commented out. This issue has been patched in version...

5.3CVSS5.7AI score0.00269EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/07 3:24 a.m.8 views

EUVD-2026-28294

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0 to before version 0.31.8.0, the auth filter has the deactivated/banned user check commented out. This issue has been patched in version...

5.3CVSS5.7AI score0.00269EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/07 3:21 a.m.15 views

etcd RBAC bypass allows unauthorized data access via PrevKv/lease attachment in nested transaction Put requests

Impact What kind of vulnerability is it? Who is impacted? A vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user without sufficient read or lease-related permissions may b...

4.3CVSS5.8AI score0.00225EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2026/05/07 1:56 a.m.37 views

ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction

Summary There is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext Kubernetes Secret data from etcd via the Kubernetes API server's Server-Side Apply dry-run mechanism. Details Argo CD masks Secret...

9.6CVSS5.8AI score0.00505EPSS
Exploits2References3Affected Software1
EUVD
EUVD
added 2026/05/06 6:30 p.m.12 views

EUVD-2026-27862

A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive information on an affected device. This vulnerability is due to improper role-based access control RBAC...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/06 4:15 p.m.8 views

CVE-2026-20193

A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive information on an affected device. This vulnerability is due to improper role-based access control RBAC...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/06 4:15 p.m.36 views

CVE-2026-20193 Cisco Identity Services Engine Authentication Bypass Vulnerability

A vulnerability in the RADIUS Policy API endpoints of Cisco ISE could allow an authenticated, remote attacker with read-only Administrator privileges to gain unauthorized access to sensitive information on an affected device. This vulnerability is due to improper role-based access control RBAC...

4.3CVSS0.00221EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.15 views

PT-2026-37657

Name of the Vulnerable Software and Affected Versions Cisco ISE affected versions not specified Description Improper role-based access control RBAC permissions on the RADIUS Policy API endpoints allow an authenticated remote attacker with read-only Administrator privileges to gain unauthorized re...

4.3CVSS5.9AI score0.00221EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.10 views

Cisco ISE 安全漏洞

Cisco ISE is a NAC solution developed by the American company Cisco. It is used to manage access to network resources for endpoints, users, and devices in a zero-trust architecture. Cisco ISE has a security vulnerability that stems from improper role-based access control permissions on the RADIUS...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/05/06 12:0 a.m.20 views

SecureMCP: A Policy-Enforced LLM Data Access Framework for AIoT Systems Via Model Context Protocol

The deployment of Large Language Model LLM-generated SQL queries in Artificial Intelligence of Things AIoT systems introduces critical security risks, as prompt injection attacks can manipulate LLMs into producing unauthorized queries that expose sensitive data or execute destructive operations...

6.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.14 views

Cisco Identity Services Engine Multiple Vulnerabilities (cisco-sa-ise-unauth-bypass-uxjRXGpb)

According to its self-reported version, Cisco ISE is affected by multiple vulnerabilities. - A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device. This vulnerability exists becaus...

5.3CVSS5.8AI score0.00275EPSS
Exploits0References5
Rows per page
Query Builder