Lucene search
K

54 matches found

Microsoft CVE
Microsoft CVE
added 2026/06/18 2:0 p.m.10 views

Azure Active Directory Elevation of Privilege Vulnerability

Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network...

10CVSS5.9AI score0.00562EPSS
Exploits0
EUVD
EUVD
added 2026/05/22 10:4 p.m.9 views

EUVD-2026-31522

Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network...

10CVSS5.8AI score0.00301EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.7 views

Microsoft Azure AI Foundry M365 published agents 访问控制错误漏洞

Microsoft Azure AI Foundry M365 Published Agents are a series of enterprise-level intelligent agents provided by the American company Microsoft. There is an access control vulnerability in Microsoft Azure AI Foundry M365 Published Agents. This vulnerability stems from improper access control, whi...

10CVSS5.8AI score0.01164EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.7 views

HCL BigFix Service Management 日志信息泄露漏洞

HCL BigFix Service Management is an IT service management and asset management platform developed by the Indian company HCL. HCL BigFix Service Management has a vulnerability related to log information leakage. This vulnerability stems from ineffective access control, which may lead to unauthoriz...

8.3CVSS5.8AI score0.00248EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.9 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak, which stems from improper configuration of manage-clients permissions, potentially leading to unauthorized privilege escalation...

7.2CVSS5.8AI score0.00471EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/26 4:15 a.m.5 views

CVE-2026-2914

CyberArk Endpoint Privilege Manager Agent versions 25.10.0 and lower allow potential unauthorized privilege elevation leveraging CyberArk elevation dialogs...

8.5CVSS5.3AI score0.00146EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/15 12:0 a.m.6 views

eNet SMART HOME server 安全漏洞

The eNet SMART HOME server is a wireless smart home console developed by the German company eNet. There are security vulnerabilities in the eNet SMART HOME server 2.2.1 and 2.3.1 versions. These vulnerabilities stem from insufficient authorization checks in the setUserGroup JSON-RPC method, which...

9.8CVSS5.8AI score0.00637EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.6 views

WordPress plugin xSmart has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.8AI score0.00405EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.7 views

PT-2026-4312

Name of the Vulnerable Software and Affected Versions Azure Front Door AFD affected versions not specified Description An improper access control issue exists in Azure Front Door AFD. This allows an unauthorized attacker to elevate privileges over a network. Recommendations At the moment, there i...

9.8CVSS5.3AI score0.00781EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/09 10:19 a.m.7 views

CVE-2019-18916

A potential security vulnerability has been identified for HP LaserJet Solution Software for certain HP LaserJet Printers which may lead to unauthorized elevation of privilege on the client...

7.8CVSS7.1AI score0.00241EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-25589

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00607EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/18 7:11 p.m.6 views

CVE-2025-10650 Improper SSH Key Handling in Internal Debug Builds May Grant Cluster-Level Access to Non-Administrative Users

SoftIron HyperCloud 2.5.0 through 2.6.3 may incorrectly add user SSH keys to the administrator-level authorized keys under certain conditions, allowing unauthorized privilege escalation to admin via SSH. Affects non-production debug and internal development builds created between versions 2.5.0 a...

1.8CVSS5.5AI score0.00114EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2023-30630

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible...

7.1CVSS6.8AI score0.00523EPSS
Exploits1References3
CVE
CVE
added 2024/10/04 3:6 p.m.52 views

CVE-2024-47183

Summary: Parse Server vulnerability CVE-2024-47183 arises when allowCustomObjectId: true is enabled. An attacker allowed to create a new user can set a custom object ID and thereby acquire privileges of a specific role. This is mitigated by fixed versions 6.5.9 and 7.3.0. What’s affected: Parse S...

8.1CVSS7.8AI score0.00414EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2024/08/28 8:17 p.m.52 views

CVE-2024-45058

CVE-2024-45058 affects Portabilis Portábilis i-Educar prior to version 2.9. The issue resides in ieducar/intranet/educar_usuario_cad.php where a crafted POST to /intranet/educar_usuario_cad.php can change a user’s type by altering the nivel_usuario_ parameter, because the script does not verify t...

8.1CVSS8AI score0.01365EPSS
Exploits2References2Affected Software1
NVD
NVD
added 2024/06/27 7:15 p.m.20 views

CVE-2024-5714

In lunary-ai/lunary version 1.2.4, an improper access control vulnerability allows members with team management permissions to manipulate project identifiers in requests, enabling them to invite users to projects in other organizations, change members to projects in other organizations with...

7.4CVSS0.00512EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/06/27 6:42 p.m.21 views

CVE-2024-5714 Improper Access Control in lunary-ai/lunary

In lunary-ai/lunary version 1.2.4, an improper access control vulnerability allows members with team management permissions to manipulate project identifiers in requests, enabling them to invite users to projects in other organizations, change members to projects in other organizations with...

7.4CVSS6.8AI score0.00512EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/06/27 6:42 p.m.32 views

CVE-2024-5714 Improper Access Control in lunary-ai/lunary

In lunary-ai/lunary version 1.2.4, an improper access control vulnerability allows members with team management permissions to manipulate project identifiers in requests, enabling them to invite users to projects in other organizations, change members to projects in other organizations with...

7.4CVSS0.00512EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.18 views

RHEL 7 : sudo (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - sudo: Unauthorized privilege escalation in sudoedit CVE-2015-5602 - sudo: by using ! character in the...

7.5CVSS7.3AI score0.03295EPSS
Exploits5References5
OSV
OSV
added 2024/02/28 3:15 p.m.5 views

CVE-2023-6917

A vulnerability has been identified in the Performance Co-Pilot PCP package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges...

6.7CVSS6.8AI score0.002EPSS
Exploits0References3
Rows per page
Query Builder