Lucene search
K

677 matches found

OSV
OSV
added 2026/02/26 2:16 a.m.3 views

CVE-2026-22728

Bitnami Sealed Secrets is vulnerable to a scope-widening attack during the secret rotation /v1/rotate flow. The rotation handler derives the sealing scope for the newly encrypted output from untrusted spec.template.metadata.annotations present in the input SealedSecret. By submitting a victim...

4.9CVSS5.9AI score0.00352EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/26 12:50 a.m.24 views

CVE-2026-22728 sealed-secrets /v1/rotate can widen sealing scope to cluster-wide via attacker-controlled template annotations

Bitnami Sealed Secrets is vulnerable to a scope-widening attack during the secret rotation /v1/rotate flow. The rotation handler derives the sealing scope for the newly encrypted output from untrusted spec.template.metadata.annotations present in the input SealedSecret. By submitting a victim...

4.9CVSS0.00352EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.5 views

PT-2026-22072

Name of the Vulnerable Software and Affected Versions Bitnami Sealed Secrets affected versions not specified Description Bitnami Sealed Secrets is susceptible to a scope-widening attack during the secret rotation process via the /v1/rotate API endpoint. The rotation handler uses untrusted data fr...

9.9CVSS6.9AI score0.22162EPSS
Exploits68References140
CakePHP
CakePHP
added 2026/02/24 12:0 a.m.21 views

CakePHP 5.3.2 Released

CakePHP 5.3.2 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 5.3.2. This is a maintenance release for the 5.3 branch that fixes community reported issues, regressions and a security issue with PaginatorHelper. Bugfixes You can expect the following change...

5.6AI score
Exploits0
OSV
OSV
added 2026/02/20 8:41 a.m.4 views

BIT-GRAFANA-2026-21722 Public Dashboards time range restriction on annotations can be bypassed

Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange. This did not leak any...

5.3CVSS5.5AI score0.00327EPSS
Exploits0References3
NVD
NVD
added 2026/02/18 3:18 p.m.4 views

CVE-2026-23212

In the Linux kernel, the following vulnerability has been resolved: bonding: annotate data-races around slave-lastrx slave-lastrx and slave-targetlastarprx... can be read and written locklessly. Add READONCE and WRITEONCE annotations. syzbot reported: BUG: KCSAN: data-race in bondrcvvalidate /...

4.7CVSS0.00086EPSS
Exploits0References5
NVD
NVD
added 2026/02/14 3:16 p.m.8 views

CVE-2026-23121

In the Linux kernel, the following vulnerability has been resolved: mISDN: annotate data-race around dev-work dev-work can re read locklessly in mISDNread and mISDNpoll. Add READONCE/WRITEONCE annotations. BUG: KCSAN: data-race in mISDNioctl / mISDNread write to 0xffff88812d848280 of 4 bytes by...

5.5CVSS0.00119EPSS
Exploits0References7
OSV
OSV
added 2026/02/14 3:16 p.m.4 views

UBUNTU-CVE-2026-23121

In the Linux kernel, the following vulnerability has been resolved: mISDN: annotate data-race around dev-work dev-work can re read locklessly in mISDNread and mISDNpoll. Add READONCE/WRITEONCE annotations. BUG: KCSAN: data-race in mISDNioctl / mISDNread write to 0xffff88812d848280 of 4 bytes by...

5.5CVSS5.9AI score0.00119EPSS
Exploits0References32
SUSE CVE
SUSE CVE
added 2026/02/13 12:26 a.m.6 views

SUSE CVE-2026-21722

Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange. This did not leak any...

5.3CVSS5.5AI score0.00327EPSS
Exploits0References7
OSV
OSV
added 2026/02/12 9:16 a.m.6 views

CVE-2026-21722

Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange. This did not leak any...

5.3CVSS5.6AI score0.00327EPSS
Exploits0References1
OSV
OSV
added 2026/02/12 9:16 a.m.2 views

UBUNTU-CVE-2026-21722

Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange. This did not leak any...

5.3CVSS5.9AI score0.00327EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/02/12 9:16 a.m.6 views

CVE-2026-21722

Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange. This did not leak any...

5.3CVSS6.6AI score0.00327EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/12 8:49 a.m.6 views

CVE-2026-21722 Public Dashboards time range restriction on annotations can be bypassed

Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange. This did not leak any...

5.3CVSS5.5AI score0.00327EPSS
Exploits0References1
CVE
CVE
added 2026/02/12 8:49 a.m.460 views

CVE-2026-21722

Grafana CVE-2026-21722 affects the public dashboards annotations feature. The vulnerability allows a user to read the entire annotation history visible on a dashboard when timerange locking is disabled, exposing history outside the locked timerange. Root cause is that annotation timeranges were n...

5.3CVSS5.5AI score0.00327EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/02/12 8:49 a.m.6 views

CVE-2026-21722

Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange. This did not leak any...

5.3CVSS5.4AI score0.00327EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/12 8:49 a.m.9 views

CVE-2026-21722

Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange. This did not leak any...

5.3CVSS5.5AI score0.00327EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2026/02/12 8:49 a.m.27 views

CVE-2026-21722 Public Dashboards time range restriction on annotations can be bypassed

Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange. This did not leak any...

5.3CVSS0.00327EPSS
Exploits0References1
Grafana
Grafana
added 2026/02/12 12:0 a.m.11 views

Public Dashboards time range restriction on annotations can be bypassed

Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange. This did not leak any...

5.3CVSS5.8AI score0.00327EPSS
Exploits0
FreeBSD
FreeBSD
added 2026/02/12 12:0 a.m.9 views

Grafana -- Public Dashboards time range restriction on annotations can be bypassed

https://grafana.com/security/security-advisories/cve-2026-21722 reports: Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific...

5.3CVSS7.2AI score0.00327EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/02/10 12:0 a.m.13 views

SecCodePRM: A Process Reward Model for Code Security

Large Language Models are rapidly becoming core components of modern software development workflows, yet ensuring code security remains challenging. Existing vulnerability detection pipelines either rely on static analyzers or use LLM/GNN-based detectors trained with coarse program-level...

5.7AI score
Exploits0
Rows per page
Query Builder