Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2026/06/19 3:54 a.m.11 views

CVE-2026-55226

When deploying only the Topic Operator or only the User Operator via the Kafka custom resource, the Entity Operator's ServiceAccount retains RBAC rights for both operators rather than scoping permissions to the one actually deployed. This allows the ServiceAccount to access KafkaUser custom...

5.4CVSS5.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.13 views

PT-2026-50541

Impact When only the Topic or only the User operators are deployed as part of the Entity Operator in the Kafka custom resource, the RBAC rights are not following the principle of least-privilege and the Entity Operator ServiceAccount still has access rights corresponding to both operators. That...

5.4CVSS5.4AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.11 views

PT-2026-50540

Impact Having the Topic and User operators to watch different namespaces than the one where the Kafka cluster is deployed, is a fully documented feature. When the watchedNamespace field is used within the Topic or User operator as part of the Kafka.spec.entityOperator field, the Cluster Operator...

8CVSS5.4AI score
Exploits0References4
Cvelist
Cvelist
added 2025/09/09 5:1 p.m.9 views

CVE-2025-55226 Graphics Kernel Remote Code Execution Vulnerability

...

6.7CVSS0.00445EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/09 5:1 p.m.1 views

CVE-2025-55226 Graphics Kernel Remote Code Execution Vulnerability

...

6.7CVSS6.5AI score0.00445EPSS
Exploits0References1
Circl
Circl
added 2025/09/09 4:22 p.m.4 views

CVE-2025-55226

creationtimestamp| type| source ---|---|--- 2025-09-09 16:22:30+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2025-0277 2025-09-09 17:06:15+00:00| seen| https://www.thezdi.com/blog/2025/9/9/the-september-2025-security-update-review...

6.7CVSS4.7AI score0.00445EPSS
Exploits0References2
Circl
Circl
added 2025/01/09 9:15 p.m.9 views

CVE-2024-55226

creationtimestamp| type| source ---|---|--- 2025-01-09 21:15:37+00:00| seen| https://infosec.exchange/users/cve/statuses/113800468050519291 2025-01-09 21:16:55+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfdlzqb5m72m 2025-01-09 22:47:58+00:00| seen|...

5.4CVSS4.8AI score0.00366EPSS
Exploits1References3
OSV
OSV
added 2025/01/09 9:15 p.m.6 views

CVE-2024-55226

Vaultwarden v1.32.5 was discovered to contain an authenticated reflected cross-site scripting XSS vulnerability via the component /api/core/mod.rs...

5.4CVSS6.1AI score
Exploits0References3
NVD
NVD
added 2025/01/09 9:15 p.m.14 views

CVE-2024-55226

Vaultwarden v1.32.5 was discovered to contain an authenticated reflected cross-site scripting XSS vulnerability via the component /api/core/mod.rs...

5.4CVSS0.00366EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/01/09 12:0 a.m.11 views

CVE-2024-55226

Vaultwarden v1.32.5 was discovered to contain an authenticated reflected cross-site scripting XSS vulnerability via the component /api/core/mod.rs...

0.00366EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/01/09 12:0 a.m.9 views

CVE-2024-55226

Vaultwarden v1.32.5 was discovered to contain an authenticated reflected cross-site scripting XSS vulnerability via the component /api/core/mod.rs...

6.2AI score0.00366EPSS
Exploits1References3
CVE
CVE
added 2025/01/09 12:0 a.m.85 views

CVE-2024-55226

Vaultwarden v1.32.5 is affected by an authenticated reflected XSS via the /api/core/mod.rs component. The CVE-2024-55226 entry has a CVSS v3.1 base score of 5.4 (Network, Low attack complexity, Privileges Required: Low, User Interaction: Required; Confidentiality/Integrity Low, Availability None)...

5.4CVSS6.2AI score0.00366EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder