14952 matches found
GHSA-7MR4-XJXG-34G6 vulnerabilities
Vulnerabilities for packages: terraform-provider-azapi-fips, dex, kubeflow-katib, blob-csi-fips, external-dns, net-kourier, atlas-fips, step-issuer, crossplane-provider-aws-kinesis-fips, kubevirt-cdi-uploadserver-fips, kots, crossplane-function-go-templating-fips, google-cloud-otel-ops-collector,...
CVE-2026-32288 vulnerabilities
Vulnerabilities for packages: dex, kind, dive, external-dns, net-kourier, mailpit-fips, atlas-fips, kubevirt-cdi-uploadserver-fips, kbld, kots, amazon-ecs-cni-plugins, jaeger, atlantis, helm-fips, kpt, weaviate, step-ca-fips, helm, nerdctl-fips, image-factory, chartmuseum-fips, rook, cloudbeat,...
CVE-2026-32283 vulnerabilities
Vulnerabilities for packages: terraform-provider-azapi-fips, dex, mongo-tools, blob-csi-fips, kind, dive, aws-otel-collector-fips, clickhouse-operator, external-dns, mailpit-fips, atlas-fips, net-kourier, crossplane-provider-aws-kinesis-fips, step-issuer, kubevirt-cdi-uploadserver-fips, kbld, kot...
GHSA-5W89-2C2X-6X66 vulnerabilities
Vulnerabilities for packages: terraform-provider-azapi-fips, dex, kind, kots, kubernetes-release, google-cloud-otel-ops-collector, amazon-ecs-cni-plugins, cadvisor-fips, kpt, kuberay-operator, q, dbmate, nerdctl-fips, image-factory, chartmuseum-fips, flannel-cni-plugin-fips, kube-vip,...
CVE-2026-5059 aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability
aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handlin...
CVE-2026-5059
CVE-2026-5059 – aws-mcp-server is a command-injection remote code execution vulnerability. The flaw occurs in how the server handles the allowed commands list, due to insufficient validation of a user-supplied string before it is used to perform a system call. This allows an unauthenticated attac...
aws-mcp-server 操作系统命令注入漏洞
aws-mcp-server is a lightweight service developed by Alexei Ledenev. It enables AI assistants to execute AWS CLI commands through the Model Context Protocol MCP in a secure, containerized environment. aws-mcp-server has an operating system command injection vulnerability, which stems from...
aws-mcp-server 操作系统命令注入漏洞
aws-mcp-server is a lightweight service developed by Alexei Ledenev. It enables AI assistants to execute AWS CLI commands through the Model Context Protocol MCP in a secure, containerized environment. aws-mcp-server has an operating system command injection vulnerability, which stems from...
Linux Distros Unpatched Vulnerability : CVE-2026-40175
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain in...
DEBIAN-CVE-2026-40175
Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain in which prototype pollution in a third-party dependency may be leveraged to inject unsanitized header values into outbound requests. This...
UBUNTU-CVE-2026-40175
Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain in which prototype pollution in a third-party dependency may be leveraged to inject unsanitized header values into outbound requests. This...
CVE-2026-40175
Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain in which prototype pollution in a third-party dependency may be leveraged to inject unsanitized header values into outbound requests. This...
CVE-2026-40175
Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain in which prototype pollution in a third-party dependency may be leveraged to inject unsanitized header values into outbound requests. This...
UBUNTU-CVE-2026-33551
An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...
GHSA-WGXF-R68R-7W9H vulnerabilities
Vulnerabilities for packages: linux-qemu, linux-vmware, linux-aws, linux-gcp, linux-azure...
GHSA-W53M-3RV6-Q4V9 vulnerabilities
Vulnerabilities for packages: linux-qemu, linux-vmware, linux-aws, linux-gcp, linux-azure...
GHSA-PW2V-CMFH-X2P3 vulnerabilities
Vulnerabilities for packages: linux-qemu, linux-vmware, linux-aws, linux-gcp, linux-azure...
CVE-2026-23171 vulnerabilities
Vulnerabilities for packages: linux-qemu, linux-vmware, linux-aws, linux-gcp, linux-azure...
GHSA-42MQ-7943-CJ3H vulnerabilities
Vulnerabilities for packages: linux-qemu, linux-vmware, linux-aws, linux-gcp, linux-azure...
GHSA-5JGQ-PV8M-5CX7 vulnerabilities
Vulnerabilities for packages: linux-qemu, linux-vmware, linux-aws, linux-gcp, linux-azure...