| CVE-2026-7573 |
high |
7.7 |
7.7 |
|
|
|
29d ago |
An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy … |
| CVE-2026-6863 |
medium |
6.8 |
6.8 |
|
|
|
28d ago |
Velocidex Velociraptor has an Incorrect Authorization issue |
| CVE-2026-7572 |
medium |
5.5 |
5.5 |
|
|
|
29d ago |
An off-by-one error (CWE-193) in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial… |
| CVE-2026-6290 |
unknown |
— |
— |
|
|
|
2mo ago |
Velociraptor vulnerability in the query() plugin which allows access to all orgs with the user's current ACL token |
| CVE-2025-6264 |
unknown |
— |
— |
|
|
|
1y ago |
Velociraptor vulnerable to privilege escalation via UpdateConfig artifact in www.velocidex.com/golang/velociraptor |
| CVE-2023-0290 |
unknown |
— |
— |
|
|
|
3y ago |
Velociraptor subject to Path Traversal in www.velocidex.com/golang/velociraptor |
| CVE-2023-0242 |
unknown |
— |
— |
|
|
|
3y ago |
Velociraptor vulnerable to Missing Authorization in www.velocidex.com/golang/velociraptor |
