Lucene search
K

68 matches found

CVE
CVE
added yesterday10 views

CVE-2026-44795

CVE-2026-44795 affects Spinnaker (Cloud deployments/baking paths) where unsafe YAML processing bypasses safe deserialization via a non-safe constructor, enabling arbitrary Java class loading and remote code execution. Affected versions precede fixed releases and include 2026.1.0, 2026.0.3, 2025.4...

8.8CVSS6.3AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/22 8:43 p.m.5 views

Spinnaker has uon-safe yaml deserialization, allowing RCE when using specific types

Impact There's an unsafe YAML processing vulnerability that bypasses safe deserialization. This impacts users when when performing: CloudFormation deployments CloudFoundry Baking The usage of a non-safe constructor use allows arbitrary loading of Java classes leading to RCE. Patches 2025.3.3,...

8.8CVSS6AI score
Exploits0References2Affected Software2
Snyk
Snyk
added 2026/06/22 8:43 p.m.3 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the YAML processing. An attacker can execute arbitrary code by supplying crafted YAML input that triggers unsafe class loading during operations such as CloudFormation deployments or CloudFoundry...

8.8CVSS6.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.11 views

PT-2026-51444

Name of the Vulnerable Software and Affected Versions Spinnaker versions prior to 2026.1.0 Spinnaker versions prior to 2026.0.3 Spinnaker versions prior to 2025.4.4 Spinnaker versions prior to 2025.3.3 Description Unsafe YAML processing bypasses safe deserialization during CloudFormation...

8.8CVSS6.6AI score
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.10 views

CVE-2026-47358

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates v...

9.2CVSS5.5AI score0.00479EPSS
Exploits0References1
NVD
NVD
added 2026/05/19 5:16 p.m.16 views

CVE-2026-47358

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates v...

9.2CVSS0.00479EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/19 3:53 p.m.43 views

CVE-2026-47358

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates v...

9.2CVSS0.00479EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/19 3:53 p.m.11 views

CVE-2026-47358

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates v...

9.2CVSS5.8AI score0.00479EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 3:53 p.m.11 views

CVE-2026-47358

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates v...

9.2CVSS5.8AI score0.00479EPSS
Exploits0References2
CVE
CVE
added 2026/05/19 3:53 p.m.17 views

CVE-2026-47358

CVE-2026-47358 affects Terrascan v1.18.3 and earlier. In server mode, Terrascan parses uploaded ARM/CloudFormation templates and resolves external URLs via hashicorp/go-getter with default detectors (including FileDetector), enabling an unauthenticated attacker to upload templates containing atta...

9.2CVSS5.8AI score0.00479EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.16 views

PT-2026-41954

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates v...

9.2CVSS5.8AI score0.00479EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

terrascan 安全漏洞

Trenescan is an open-source infrastructure code static security analysis tool developed by Tenable. Versions of Trenescan 1.18.3 and earlier contain security vulnerabilities. These vulnerabilities stem from server-side request forgeing vulnerabilities in the external URL parsing of uploaded IaC...

9.2CVSS5.9AI score0.00479EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/04/24 3:59 p.m.8 views

aws-encryption-sdk-cli (>=2.1.0 <=3.1.0), cloudformation-cli-python-lib (>=2.1.9 <=2.1.16) +4 more potentially affected by CVE-2026-6550 via aws-encryption-sdk (>=2.0.0 <=3.3.0)

aws-encryption-sdk PYPI version =2.0.0, =2.1.0, =2.1.9, =1.0.0, =1.0.1, =0.4.8, =25.11.0, =25.14.1 Source cves: CVE-2026-6550 Source advisory: OSV:GHSA-V638-38FC-RHFV...

5.7CVSS5.4AI score0.00096EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/20 8:12 p.m.6 views

cloudformation-cli-python-lib (>=2.1.12 <=2.1.16), core-aws (>=1.0.0 <=1.0.4) +3 more potentially affected by CVE-2026-6550 via aws-encryption-sdk (>=3.1.0 <=3.3.0)

aws-encryption-sdk PYPI version =3.1.0, =2.1.12, =1.0.0, =1.0.1, =0.4.8, =25.11.0, =25.14.1 Source cves: CVE-2026-6550 Source advisory: SNYK:PYTHON-AWSENCRYPTIONSDK-16115497...

5.7CVSS5.4AI score0.00096EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/01/08 9:46 p.m.4 views

aware (>=0.0.12 <=0.0.30), aws-manager (>=0.0.1 <=0.21.2) +3 more potentially affected by unknown CVE via aws-sdk-cloudformation (>=0.10.1 <=0.9.0)

aws-sdk-cloudformation CARGO version =0.10.1, =0.0.12, =0.0.1, =0.0.0, =0.2.0, =0.5.0 - nitor-vault =0.1.0 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

5.5AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2017-18383

Malware in sbrugna...

7.8CVSS7.6AI score0.00376EPSS
Exploits2References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2013-6238

Malware in sbrugna...

4CVSS6.1AI score0.0103EPSS
Exploits2References8
Zero Day Initiative
Zero Day Initiative
added 2025/04/07 12:0 a.m.10 views

Amazon AWS CloudFormation Templates Uncontrolled Search Path Element Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Amazon AWS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of AWS Simple Storage Service. When installed from the official GitHub...

9.8CVSS7.8AI score
Exploits0References1
The Hacker News
The Hacker News
added 2024/10/24 1:0 p.m.21 views

AWS Cloud Development Kit Vulnerability Exposes Users to Potential Account Takeover Risks

Cybersecurity researchers have disclosed a security flaw impacting Amazon Web Services AWS Cloud Development Kit CDK that could have resulted in an account takeover under specific circumstances. "The impact of this issue could, in certain scenarios, allow an attacker to gain administrative access...

7.1AI score
Exploits0
Amazon
Amazon
added 2024/10/16 12:0 a.m.8 views

Medium: aws-cfn-bootstrap

Issue Overview: Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to th...

5.6CVSS6.9AI score0.0034EPSS
Exploits0
Rows per page
Query Builder