Lucene search
+L

37 matches found

osv
osv
added 2026/05/06 11:26 p.m.19 views

CLSA-2026-1778109988 toolbox: Fix of 9 CVEs

Rebuild with golang = 1.22.5 to fix CVE-2022-1705, CVE-2022-41717, CVE-2023-29406, CVE-2023-39318, CVE-2023-39319, CVE-2023-39326, CVE-2023-45290, CVE-2024-24785, CVE-2024-24791...

7.5CVSS7.1AI score0.05623EPSS
Exploits1References1
snyk
snyk
added 2026/03/12 12:31 a.m.5 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the the Vault Kubernetes Authentication Provider. An attacker can access sensitive files by specifying tokenpath configuration parameter to any file on the Consul server node that later returned as jwt data and sent t...

7.6CVSS5.9AI score0.00475EPSS
Exploits0References2
debiancve
debiancve
added 2026/03/11 11:8 p.m.4 views

CVE-2026-2808

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...

6.8CVSS8.1AI score0.00475EPSS
Exploits0
attackerkb
attackerkb
added 2026/03/11 11:8 p.m.4 views

CVE-2026-2808

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...

6.8CVSS5.8AI score0.00475EPSS
Exploits0References2
osv
osv
added 2026/03/11 11:8 p.m.2 views

CVE-2026-2808 Consul vulnerable to arbitrary file reads through the vault kubernetes authentication provider

HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10 and 1.22.4 are vulnerable to arbitrary file read when configured with Kubernetes authentication. This vulnerability, CVE-2026-2808, is fixed in Consul 1.18.21, 1.21.11 and 1.22.5...

6.8CVSS6.9AI score0.00475EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/03/11 12:0 a.m.11 views

PT-2026-24892

Name of the Vulnerable Software and Affected Versions HashiCorp Consul versions 1.18.20 through 1.21.10 HashiCorp Consul version 1.22.4 HashiCorp Consul Enterprise versions 1.18.20 through 1.21.10 HashiCorp Consul Enterprise version 1.22.4 Description HashiCorp Consul and Consul Enterprise are...

9.9CVSS7.2AI score0.02359EPSS
Exploits28References148
redhatcve
redhatcve
added 2026/02/12 1:4 a.m.31 views

CVE-2026-21348

Substance3D - Modeler versions 1.22.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that ...

5.5CVSS5.4AI score0.00151EPSS
Exploits0References1
osv
osv
added 2026/02/10 8:16 p.m.7 views

CVE-2026-21348

Substance3D - Modeler versions 1.22.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that ...

5.5CVSS5.7AI score0.00151EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/02/10 7:33 p.m.4 views

CVE-2026-21348

Substance3D - Modeler versions 1.22.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that ...

5.5CVSS5.4AI score0.00151EPSS
Exploits0References2
cve
cve
added 2026/02/10 7:33 p.m.30 views

CVE-2026-21348

CVE-2026-21348 affects Substance3D Modeler

5.5CVSS5.4AI score0.00151EPSS
Exploits0References1Affected Software1
cve
cve
added 2026/01/13 8:20 p.m.17 views

CVE-2026-21303

Substance3D Modeler v1.22.4 and earlier are affected by an Out-of-bounds Read (CWE-125) that could disclose memory contents. Exploitation requires a user to open a malicious file, potentially leading to memory disclosure. Adobe APSB26-08 notes a fixed update to 1.22.5; apply the security update t...

5.5CVSS5.6AI score0.00209EPSS
Exploits0References1Affected Software1
osv
osv
added 2026/01/03 11:37 a.m.6 views

BIT-GITEA-2025-68940

In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request...

5.3CVSS6.8AI score0.00251EPSS
Exploits0References4
snyk
snyk
added 2025/12/26 3:30 a.m.1 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via inadequate enforcement of branch delete permissions after merging a pull request. An attacker can delete arbitrary branches. Remediation Upgrade code.gitea.io/gitea/routers/api/v1/repo to version 1.22.5 or...

5.3CVSS6.9AI score0.00251EPSS
Exploits0References2
snyk
snyk
added 2025/12/26 3:30 a.m.1 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via inadequate enforcement of branch delete permissions after merging a pull request. An attacker can delete arbitrary branches. Remediation Upgrade github.com/go-gitea/gitea/routers/api/v1/repo to version 1.22.5...

5.3CVSS6.9AI score0.00251EPSS
Exploits0References2
snyk
snyk
added 2025/12/26 3:30 a.m.1 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via inadequate enforcement of branch delete permissions after merging a pull request. An attacker can delete arbitrary branches. Remediation Upgrade code.gitea.io/gitea/routers/web/repo to version 1.22.5 or highe...

5.3CVSS6.6AI score0.00251EPSS
Exploits0References2
snyk
snyk
added 2025/12/26 3:30 a.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via inadequate enforcement of branch delete permissions after merging a pull request. An attacker can delete arbitrary branches. Remediation Upgrade github.com/go-gitea/gitea/services/repository to version 1.22.5...

5.3CVSS6.9AI score0.00251EPSS
Exploits0References2
github
github
added 2025/12/26 3:30 a.m.10 views

Gitea doesn't adequately enforce branch deletion permissions after merging a pull request.

In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request...

5.3CVSS6.9AI score0.00251EPSS
Exploits0References5Affected Software1
osv
osv
added 2025/12/26 3:30 a.m.8 views

GHSA-RRCW-5RJV-VJ26 Gitea doesn't adequately enforce branch deletion permissions after merging a pull request.

In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request...

3.1CVSS6.7AI score0.00251EPSS
Exploits0References5
euvd
euvd
added 2025/12/26 2:14 a.m.5 views

EUVD-2025-205410

In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request...

3.1CVSS6.3AI score0.00251EPSS
Exploits0References4
cvelist
cvelist
added 2025/12/26 2:14 a.m.26 views

CVE-2025-68940

In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request...

3.1CVSS0.00251EPSS
Exploits0References3
Rows per page
Query Builder