Total
72 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-37981 | 1 Redhat | 1 Build Of Keycloak | 2026-06-03 | N/A | 4.3 MEDIUM |
| A flaw was found in Keycloak. A broken access control vulnerability in the Account Resources user lookup endpoint allows a remote authenticated user, who owns at least one User-Managed Access (UMA) resource, to enumerate and harvest personally identifiable information (PII) for all realm users. By sending crafted requests with arbitrary usernames or email values, the endpoint returns full profile objects for unrelated users. This leads to broad profile-level information disclosure. | |||||
| CVE-2021-46747 | 2026-06-02 | N/A | N/A | ||
| Insufficient granularity of access control in ASP (AMD Secure Processor) may allow an attacker with an untrusted user space application to map sensitive SMN (System Management Network) apertures leading to a potential escalation of privileges. | |||||
| CVE-2026-40365 | 1 Microsoft | 1 Sharepoint Server | 2026-06-01 | N/A | 8.8 HIGH |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||||
| CVE-2026-35436 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2026-06-01 | N/A | 8.8 HIGH |
| Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2024-21962 | 2026-05-15 | N/A | N/A | ||
| Improper Input Validation in the AMD RAID driver could allow an attacker to point to an arbitrary memory location potentially resulting in privilege escalation and arbitrary code execution. | |||||
| CVE-2026-6356 | 1 Augmentt | 1 Augmentt | 2026-05-12 | N/A | 9.6 CRITICAL |
| A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to access and modify sensitive information. | |||||
| CVE-2026-40690 | 1 Apache | 1 Airflow | 2026-04-27 | N/A | 4.3 MEDIUM |
| The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deployment and learn the existence and names of DAGs and assets outside their authorized scope. Users are recommended to upgrade to version 3.2.1, which fixes this issue. | |||||
| CVE-2026-38743 | 1 Apache | 1 Airflow | 2026-04-27 | N/A | 4.3 MEDIUM |
| The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance records: a logged-in Airflow user with read access to at least one DAG could retrieve HITL prompts (including their request parameters) and full TaskInstance details for DAGs outside their authorized scope. Because HITL prompts and TaskInstance fields routinely carry operator parameters and free-form context attached to a task, the leak widens visibility of DAG-run data beyond the intended per-DAG RBAC boundary for every authenticated user. Users are recommended to upgrade to version 3.2.1 , which fixes this issue. | |||||
| CVE-2026-33825 | 1 Microsoft | 1 Defender Antimalware Platform | 2026-04-23 | N/A | 7.8 HIGH |
| Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-6388 | 2026-04-17 | N/A | 9.1 CRITICAL | ||
| A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates on applications managed by other tenants. This leads to cross-namespace privilege escalation, impacting application integrity through unauthorized application updates. | |||||
| CVE-2024-21971 | 2026-04-15 | N/A | 5.5 MEDIUM | ||
| Improper input validation in AMD Crash Defender could allow an attacker to provide the Windows® system process ID to a kernel-mode driver, resulting in an operating system crash, potentially leading to denial of service. | |||||
| CVE-2024-21947 | 2026-04-15 | N/A | 7.5 HIGH | ||
| Improper input validation in the system management mode (SMM) could allow a privileged attacker to overwrite arbitrary memory potentially resulting in arbitrary code execution at the SMM level. | |||||
| CVE-2025-20111 | 2026-04-15 | N/A | 7.4 HIGH | ||
| A vulnerability in the health monitoring diagnostics of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of specific Ethernet frames. An attacker could exploit this vulnerability by sending a sustained rate of crafted Ethernet frames to an affected device. A successful exploit could allow the attacker to cause the device to reload. | |||||
| CVE-2025-48517 | 2026-04-15 | N/A | N/A | ||
| Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to create a SEV-ES guest with an ASID in the range meant for SEV-SNP guests potentially resulting in a partial loss of confidentiality. | |||||
| CVE-2024-39279 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| Insufficient granularity of access control in UEFI firmware in some Intel(R) processors may allow a authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2024-52799 | 2026-04-15 | N/A | 8.2 HIGH | ||
| Argo Workflows Chart is used to set up argo and its needed dependencies through one command. Prior to 0.44.0, the workflow-role has excessive privileges, the worst being create pods/exec, which will allow kubectl exec into any Pod in the same namespace, i.e. arbitrary code execution within those Pods. If a user can be made to run a malicious template, their whole namespace can be compromised. This affects versions of the argo-workflows Chart that use appVersion: 3.4 and above, which no longer need these permissions for the only available Executor, Emissary. It could also affect users below 3.4 depending on their choice of Executor in those versions. This only affects the Helm Chart and not the upstream manifests. This vulnerability is fixed in 0.44.0. | |||||
| CVE-2025-22839 | 2026-04-15 | N/A | 7.5 HIGH | ||
| Insufficient granularity of access control in the OOB-MSM for some Intel(R) Xeon(R) 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2024-6696 | 2026-04-15 | N/A | 4.9 MEDIUM | ||
| The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets. (CWE-1220) Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, do not correctly perform an authorization check in the user console trash content An attacker exploits a weakness in the configuration of access controls and is able to bypass the intended protection that these measures guard against and thereby obtain unauthorized access to the system or network. | |||||
| CVE-2023-31343 | 2026-04-15 | N/A | 7.5 HIGH | ||
| Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution. | |||||
| CVE-2026-20107 | 2026-04-15 | N/A | 5.5 MEDIUM | ||
| A vulnerability in the Object Model CLI component of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. To exploit this vulnerability, the attacker must have valid user credentials and any role that includes CLI access. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by issuing crafted commands at the CLI prompt. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | |||||