Lucene search
K

12085 matches found

Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.14 views

PT-2026-54763

Name of the Vulnerable Software and Affected Versions Rancher Fleet affected versions not specified Description An authentication bypass exists in the webhook component. Additionally, a Pod Security Standard PSS bypass can be achieved through the manipulation of namespace labels. Recommendations ...

8.8CVSS5.7AI score0.00508EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/06/30 9:36 p.m.17 views

CVE-2026-54516

A flaw was found in jackson-databind. This vulnerability allows a remote attacker to bypass security controls by exploiting an issue in how properties are handled when both @JsonProperty for renaming and @JsonIgnore for ignoring annotations are used. By supplying a specially crafted JSON key, an...

5.3CVSS5.7AI score0.00282EPSS
Exploits0References8
NVD
NVD
added 2026/06/30 9:16 p.m.9 views

CVE-2025-36327

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of sever-side security...

6.5CVSS0.0036EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 8:17 p.m.7 views

EUVD-2025-210378

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of sever-side security...

6.5CVSS5.8AI score0.0036EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 8:17 p.m.31 views

CVE-2025-36327 Vulnerabilities found in Watson Data Intelligence

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of sever-side security...

6.5CVSS0.0036EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 8:17 p.m.18 views

CVE-2025-36327

CVE-2025-36327 affects IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, and 5.3.0. An authenticated user can bypass security controls and perform unauthorized actions due to client-side enforcement of server-side security. The issue is described as a failure of client-side controls to enforce s...

6.5CVSS5.8AI score0.0036EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/30 4:16 p.m.9 views

CVE-2026-48314

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain limited read and write access to...

6.5CVSS0.00333EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 4:16 p.m.7 views

CVE-2026-48285

ColdFusion versions 2025.9, 2023.20 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue...

8.6CVSS0.00439EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 3:12 p.m.44 views

CVE-2026-48285 ColdFusion | Server-Side Request Forgery (SSRF) (CWE-918)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue...

8.6CVSS0.00439EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 1:17 p.m.11 views

CVE-2026-12388

A flaw was found in the Identity Provider IdP mapper component of Keycloak, which is used to manage how user information from external services is mapped to Keycloak users. An administrator with limited permissions to manage identity providers can exploit this flaw by creating a "Hardcoded Role"...

6.5CVSS0.00233EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/30 12:0 p.m.8 views

CVE-2026-12388

A flaw was found in the Identity Provider IdP mapper component of Keycloak, which is used to manage how user information from external services is mapped to Keycloak users. An administrator with limited permissions to manage identity providers can exploit this flaw by creating a "Hardcoded Role"...

6.5CVSS5.6AI score0.00233EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 11:48 a.m.32 views

CVE-2026-14209 Keycloak-admin-ui: keycloak-admin-ui:admin ui extension brute-force-user endpoint bypasses fgapv2 user view restrictions

A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions FGAPv2 are enabled, an administrator who should only be able to search for users but not view their full details can use a...

4.3CVSS0.00173EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/30 10:38 a.m.5 views

vim: arbitrary command execution via modeline sandbox bypass

A flaw was found in Vim. A modeline is used to set specific editor options directly from a text file. However, the complete, guitabtooltip, printheader options and the mapset function lack proper security checks, allowing an attacker to bypass restrictions and cause arbitrary OS command execution...

8.2CVSS5.9AI score0.0047EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/30 8:17 a.m.8 views

CVE-2026-53537

A flaw was found in Python-Multipart. This vulnerability allows a remote attacker to bypass security controls by exploiting a difference in how Content-Disposition and Content-Type headers are parsed. Specifically, the parseoptionsheader function incorrectly applies RFC 2231/5987 decoding, which ...

5.3CVSS5.8AI score0.00177EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/30 7:49 a.m.31 views

CVE-2026-53434

A flaw was found in Apache Tomcat. When configuring Certificate Revocation Lists CRLs for a FFM presumably a specific type of connector, the system fails to detect and act upon an error condition. This oversight could lead to unexpected behavior or a security bypass, as the intended security...

9.1CVSS5.7AI score0.00368EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/30 3:1 a.m.12 views

CVE-2026-53404

A flaw was found in Apache Tomcat's rewrite valve. This vulnerability involves an incorrect control flow implementation where, during the processing of rewrite rules, if the first condition in an OR chain matched, subsequent non-OR conditions were unexpectedly skipped. This can lead to unintended...

7.3CVSS5.7AI score0.00413EPSS
Exploits0References4
OSV
OSV
added 2026/06/30 12:0 a.m.5 views

ALSA-2026:33515 Important: ruby:3.3 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses CVE-2026-42245 ruby/net-imap: ruby: Net::IMAP: IMAP Comman...

7.6CVSS5.9AI score0.00813EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.10 views

PT-2026-53979

Name of the Vulnerable Software and Affected Versions IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 Description An authenticated user can bypass security controls and perform unauthorized actions. This occurs because security checks that should be enforced on the server are instead...

6.5CVSS6AI score0.0036EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-54153

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in the Network component allows an attacker in a privileged network position to bypass the content security policy CSP, which is a security layer that...

9.8CVSS5.8AI score0.00413EPSS
Exploits0References447
RedHat Linux
RedHat Linux
added 2026/06/29 2:54 a.m.6 views

gnutls: gnutls: Security bypass due to incorrect name constraint handling

A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities CAs only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate...

7.4CVSS5.8AI score0.00475EPSS
Exploits0References5
Rows per page
Query Builder