Lucene search
+L

227 matches found

Cvelist
Cvelist
added 2026/06/18 8:32 a.m.28 views

CVE-2025-10560 Hardcoded cloud credentials in Worksnaps client application binaries expose production cloud resources

Worksnaps before version 1.6.20260201 contains hardcoded cloud credentials and related secret material in the Worksnaps client application binaries. The exposed credentials included AWS access keys, S3 bucket names, and related cloud access information. The originally exposed AWS credentials...

9.3CVSS0.00388EPSS
Exploits1References2
CVE
CVE
added 2026/06/18 8:32 a.m.31 views

CVE-2025-10560

The CVE-CWE entry documents a vulnerability in Worksnaps before version 1.6.20260201 where hardcoded cloud credentials and related secret material were embedded in Worksnaps client binaries. The exposed data included AWS access keys and S3 bucket information, and the credentials authenticated as ...

9.3CVSS5.3AI score0.00388EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/06/16 5:21 p.m.30 views

Important: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.18.24 security, enhancement & bug fix update

Red Hat OpenShift Data Foundation 4.18.24 security, enhancement & bug fix update Red Hat OpenShift Data Foundation 4.18.24 security, enhancement & bug fix update FIXED BUGS: ========== DFBUGS-7107: Backport to 4.18.z CLONE - ODF Console is breaking DFBUGS-7064: RHODF 4.18.24 release DFBUGS-7046:...

9.1CVSS6.6AI score0.01945EPSS
Exploits4References9
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.13 views

CVE-2026-42088

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0-rc3, the Script Runner widget allows users to execute Python and Ruby scripts directly from the openc3-COSMOS-script-runner-api container. Because all the...

9.6CVSS5.6AI score0.00341EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.13 views

CVE-2026-8843

Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...

7.1CVSS5.5AI score0.00235EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 6:17 a.m.43 views

CVE-2026-49193 Publicly Readable AWS S3 Telemetry Buckets

Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...

8.7CVSS0.00245EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 6:17 a.m.11 views

CVE-2026-49193 Publicly Readable AWS S3 Telemetry Buckets

Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...

8.7CVSS5.8AI score0.00245EPSS
Exploits0References1
OSV
OSV
added 2026/05/29 9:21 p.m.11 views

GHSA-HJJ4-HFJM-FMRJ Authelia Missing Username Canonicalization in Basic Auth (LDAP)

Impact CVSSv4 Baseline Score: Moderate 6.3 CVSSv4 Weighted Score: Low 2.9 The full CVSSv4 Vector for this vulnerability is:...

6.3CVSS5.9AI score0.00308EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.14 views

PT-2026-45030

Name of the Vulnerable Software and Affected Versions Authelia versions 4.38.0 through 4.39.19 Description When using the LDAP authentication backend, the authz verification endpoint fails to canonicalize usernames provided via Basic Auth in the Authorization header. Because LDAP treats usernames...

6.3CVSS5.9AI score0.00308EPSS
Exploits0References10
CVE
CVE
added 2026/05/26 9:27 p.m.94 views

CVE-2026-44903

CVE-2026-44903 affects Prometheus servers with the legacy web UI enabled. From 2.49.0 up to before 3.5.3 and 3.11.3, histogram heatmap axis tick labels aren’t escaped when inserting metric label values into HTML, allowing an attacker who can inject crafted metrics to run JavaScript in the browser...

6.1CVSS5.9AI score0.00182EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/26 3:46 p.m.45 views

CVE-2025-13755 IBM® Db2® is vulnerable to credential exposure in db2diag when executing specific testcase buckets

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes DB2 Connect Server stores potentially sensitive information in log files that could be read by a local user...

5.5CVSS0.00108EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: scsi: Message: mptlan: Fixed a use-after-free bug in mptlanremove, due to a race condition. In mptlanprobe, mptregisterlandevice is called, which initializes the &priv-postbucketstask workqueue. A call to...

6AI score0.00185EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: batman-adv: Bypass of empty buckets in batadvpurgeorigref Many syzbot reports point to soft lockups in batadvpurgeorigref 1 The root cause is unknown, but we can avoid spending too much time on this issue and potentially obtain...

5.5CVSS6.4AI score0.00229EPSS
Exploits0References2
NVD
NVD
added 2026/05/18 5:16 p.m.21 views

CVE-2026-8843

Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...

7.1CVSS0.00235EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/18 5:16 p.m.14 views

CVE-2026-8843

Creating a "2dspherebucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryableencryptedrange" indices. This issue affects MongoDB Server...

7.1CVSS5.8AI score0.00235EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/12 7:38 p.m.13 views

CVE-2026-40195

A flaw was found in Incus, a system container and virtual machine manager. An authenticated user with access to the storage bucket feature can exploit a missing validation logic in the storage bucket import process. By providing a malicious or malformed index.yaml file that omits the configuratio...

7.1CVSS5.8AI score0.00398EPSS
Exploits1References2
OSV
OSV
added 2026/05/09 12:32 p.m.12 views

OESA-2026-2236 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: add missing netlink policy validations Hyunwoo Kim reports out-of-bounds access in sctp and ctnetlink. These attributes are used by the...

7.8CVSS5.8AI score0.00169EPSS
Exploits0References9
OSV
OSV
added 2026/05/09 12:32 p.m.7 views

OESA-2026-2235 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: add missing netlink policy validations Hyunwoo Kim reports out-of-bounds access in sctp and ctnetlink. These attributes are used by the...

7.8CVSS5.8AI score0.00169EPSS
Exploits0References9
OSV
OSV
added 2026/05/09 12:32 p.m.18 views

OESA-2026-2232 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, a security vulnerability exists in the IOMMU Shared Virtual Addressing SVA feature. On x86 architecture when CONFIGX86 is set, IOMMU hardware caches kernel page table entries. Due to the lack of notification...

7.8CVSS6.1AI score0.00169EPSS
Exploits0References11
EUVD
EUVD
added 2026/05/08 3:31 p.m.10 views

EUVD-2025-209743

Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, the previous owners can gain unauthorized read and write access to it by using the previously...

8CVSS5.8AI score0.00373EPSS
Exploits0References2
Rows per page
Query Builder