Lucene search
K

36 matches found

OSV
OSV
added 3 days ago5 views

PYSEC-2026-452 pgAdmin 4 server mode has an authorization vulnerability affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

9.9CVSS6.1AI score0.00455EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/11 6:31 p.m.12 views

EUVD-2026-29081

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

9.9CVSS6.1AI score0.00455EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 p.m.15 views

pgAdmin 4 server mode has an authorization vulnerability affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

9.9CVSS6.1AI score0.00455EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/05/11 4:17 p.m.12 views

CVE-2026-7813

Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects without filtering by the requesting user's identity. An authenticated user could access another user's...

9.9CVSS0.00455EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.12 views

PT-2026-39623

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions prior to 9.15 Description An authorization issue in server mode affects the Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fail to filter user-owned objects by the...

9.9CVSS6AI score0.00455EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2025/12/30 11:45 p.m.8 views

theshit vulnerable to unsafe loading of user-owned Python rules when running as root

Impact Vulnerability Type: Local Privilege Escalation LPE / Arbitrary Code Execution. The application loads custom Python rules and configuration files from user-writable locations e.g., /.config/theshit/ without validating ownership or permissions when executed with elevated privileges. If the...

6.7CVSS7.4AI score0.0012EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/11/25 12:16 a.m.4 views

MAL-2025-191392 Malicious code in create-silgi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8d1bd1ddfab5f3ea6caf4f09a93f2ef08f7298e2d68892949e0a6f2975cd1b78 The package create-silgi was found to contain malicious code. Source: google-open-source-security...

6.8AI score
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2004-1114

Malware in sbrugna...

7.2CVSS6.4AI score0.00384EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/11/07 12:0 a.m.6 views

PT-2024-7926 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions 3.13.0 through 3.13.1 GitHub Enterprise Server versions prior to 3.13.2 Description: The issue is related to an authorization bypass vulnerability in GitHub Enterprise Server, allowing unauthorized internal...

6.8CVSS7AI score0.00339EPSS
Exploits0References11
OSV
OSV
added 2024/08/10 7:27 a.m.14 views

BIT-GITLAB-2024-3035 Authorization Bypass Through User-Controlled Key in GitLab

A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories...

8.1CVSS6.8AI score0.00355EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/08/08 11:15 a.m.17 views

CVE-2024-3035

A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories...

8.1CVSS5.9AI score0.00355EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2024/08/08 10:31 a.m.18 views

CVE-2024-3035

Removed by vendor...

8.1CVSS5.8AI score0.00355EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/08/08 10:31 a.m.29 views

CVE-2024-3035 Authorization Bypass Through User-Controlled Key in GitLab

A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories...

6.8CVSS6.5AI score0.00355EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/07/01 12:0 a.m.21 views

Huawei EulerOS: Security Advisory for docker-runc (EulerOS-SA-2024-1853)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.3CVSS6.5AI score0.00327EPSS
Exploits1References2
Veracode
Veracode
added 2023/04/05 8:16 a.m.31 views

Improper Access Control

github.com/opencontainers/runc is vulnerable to Improper Access Control. The vulnerability exists because the rootless runc makes /sys/fs/cgroup writable when runc is executed inside the user namespace, and the config.json does not specify the cgroup namespace to be unshared e.g..,...

6.3CVSS6.6AI score0.00327EPSS
Exploits1References3Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 7:54 p.m.50 views

K21766035: mod_perl vulnerability CVE-2011-2767

Security Advisory Description modperl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because contrary to the documentation there is no configuration option that permits Perl code for the administrator's control of HTTP request...

10CVSS8.2AI score0.08946EPSS
Exploits0
Veracode
Veracode
added 2020/08/06 9:34 p.m.23 views

Privilege Escalation

HylaFAX+ is vulnerable to privilege escalation. The faxsetup utility calls performs chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root...

7.8CVSS3.7AI score0.00387EPSS
Exploits1References11Affected Software1
OSV
OSV
added 2020/06/30 12:15 p.m.26 views

CVE-2020-15396

In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root...

7.8CVSS6.6AI score
Exploits0References9
OSV
OSV
added 2020/06/30 12:15 p.m.2 views

ALPINE-CVE-2020-15396

In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root...

7.8CVSS6.8AI score0.00387EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/06/30 11:17 a.m.37 views

CVE-2020-15396

In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root...

7.4AI score0.00387EPSS
Exploits1References9
Rows per page
Query Builder