Search Results (138 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-50405 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-15 7.8 High
Insufficient granularity of access control in Windows Filtering Platform (WFP) allows an authorized attacker to elevate privileges locally.
CVE-2026-50502 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2026-07-15 8 High
Insufficient granularity of access control in Windows Event Logging Service allows an authorized attacker to execute code over a network.
CVE-2026-49170 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2026-07-15 7.8 High
Insufficient granularity of access control in Windows StateRepository API allows an authorized attacker to elevate privileges locally.
CVE-2026-56155 1 Microsoft 8 Windows 10 1607, Windows 10 1809, Windows Server 2012 and 5 more 2026-07-14 7.8 High
Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to elevate privileges locally.
CVE-2026-55006 1 Microsoft 3 Exchange Server 2016, Exchange Server 2019, Exchange Server Se 2026-07-14 7.8 High
Insufficient granularity of access control in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally.
CVE-2026-48581 1 Microsoft 10 Surface Go 2, Surface Go 3, Surface Hub and 7 more 2026-07-14 7.8 High
Insufficient granularity of access control in Microsoft Surface allows an authorized attacker to elevate privileges locally.
CVE-2026-44918 1 Openstack 1 Ironic 2026-07-10 5.5 Medium
OpenStack Ironic through before 37.0.1 allows creation or modification of nodes cross-project without authorization.
CVE-2026-14615 1 Redhat 1 Build Keycloak 2026-07-06 4.3 Medium
A flaw was found in the Fine-Grained Admin Permissions (FGAP) v2 implementation within Keycloak's administrative services. When FGAP v2 is enabled, the system fails to properly filter child groups based on the caller's specific permissions when requested through a parent group. This allows a delegated administrator to view details of child groups they are not authorized to access directly, including group names, paths, and custom attributes.
CVE-2026-55628 1 Imagemagick 1 Imagemagick 2026-07-02 5.5 Medium
In versions prior to 7.1.2-26he, the `-concatenate` operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by the security policy. This issue has been fixed in version 7.1.2-26.
CVE-2026-54475 1 Apache 3 Activemq, Activemq All, Activemq Broker 2026-07-01 7.5 High
Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic temporary destinations are expected to be isolated to the connection that created them. The isolation can be broken as this is only checked in the client, allowing a different connection to consume from another connection's temporary destination. This issue affects Apache ActiveMQ Broker: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ All: before 5.19.8, from 6.0.0 before 6.2.7; Apache ActiveMQ: before 5.19.8, from 6.0.0 before 6.2.7. Users are recommended to upgrade to version 6.2.7, which fixes the issue.
CVE-2025-4404 1 Redhat 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more 2026-06-30 9.1 Critical
A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a successful attack happens, the user can retrieve a Kerberos ticket in the name of this service, containing the admin@REALM credential. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.
CVE-2026-52908 1 Linux 1 Linux Kernel 2026-06-28 7.8 High
In the Linux kernel, the following vulnerability has been resolved: RDMA: During rereg_mr ensure that REREG_ACCESS is compatible If IB_MR_REREG_ACCESS changes from RO to RW then the umem has to be re-evaluated to ensure it is properly pinned as RW. Since the umem is hidden inside each driver's mr struct add a ib_umem_check_rereg() function that each driver has to call before processing IB_MR_REREG_ACCESS. mlx4 has to retain its duplicate ib_access_writable check because it implements IB_MR_REREG_ACCESS | IB_MR_REREG_TRANS by changing both items in place sequentially while the MR is live, so it will continue to not support this combination.
CVE-2026-9088 1 Redhat 2 Build Keycloak, Build Of Keycloak 2026-06-26 2.7 Low
A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user attributes that are explicitly configured to be denied, leading to information disclosure.
CVE-2026-54517 1 Fasterxml 1 Jackson-databind 2026-06-24 5.3 Medium
jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, in BeanDeserializer._deserializeUsingPropertyBased, the active-view (@JsonView) filter was applied only to creator properties; the regular property-buffering branch performed no prop.visibleInView(activeView) check. A change making SetterlessProperty.isMerging() return true routed setterless Collection/Map properties through this unguarded path, so a setterless collection annotated with a restricted @JsonView is populated from attacker JSON even when the active view excludes it. This vulnerability is fixed in 2.21.4 and 3.1.4.
CVE-2026-12771 1 Litellm 1 Litellm 2026-06-22 5 Medium
A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/user_api_key_auth.py of the component M2M JWT Handler. Such manipulation leads to improper authorization. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is reported as difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.
CVE-2025-31201 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2026-06-18 9.8 Critical
This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
CVE-2026-45831 2 Chroma, Trychroma 2 Chromadb, Chromadb 2026-06-16 8.8 High
The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluates whether a user holds a given permission but never checks which tenant, database, or collection that permission applies to allowing users to perform cross tenant actions.
CVE-2024-43604 1 Microsoft 1 Outlook 2026-06-09 5.7 Medium
Outlook for Android Elevation of Privilege Vulnerability
CVE-2026-11257 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-06-08 4.3 Medium
Inappropriate implementation in Browser in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-2651 2 Lfprojects, Mlflow 2 Mlflow, Mlflow/mlflow 2026-06-04 9.0 Critical
A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the `--serve-artifacts` mode is enabled. The authorization logic does not enforce resource-level permission checks for `/mlflow-artifacts/mpu/*` endpoints, enabling attackers to overwrite artifacts belonging to other users. This can lead to unauthorized cross-user writes, model supply chain poisoning, and arbitrary code execution when compromised models are loaded. The issue is resolved in version 3.10.0.