Lucene search
K

7587 matches found

CVE
CVE
added yesterday7 views

CVE-2026-10816

CVE-2026-10816 affects NetScaler ADC and NetScaler Gateway. The issue is an Arbitrary File Read that is unauthenticated when access to NSIP, Cluster Management IP or SNIP with management access is enabled. According to the sources, the vulnerability allows read access to files, impacting confiden...

7.1CVSS5.8AI score
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-40310

Arbitrary File Read Unauthenticated in NetScaler ADC and NetScaler Gateway if the access to NSIP, Cluster Management IP or SNIP with management access is enabled...

7.1CVSS5.8AI score
Exploits0References1
Nuclei
Nuclei
added yesterday42 views

Cluster Control CMON API - Directory Traversal

Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780 allows a remote attacker to include and display file content in an HTTP request via the CMON API. id: CVE-2024-41628 info: name: Cluster Control CMON API...

7.5CVSS7.4AI score0.06464EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday42 views

KubePi JwtSigKey - Admin Authentication Bypass

KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermor...

9.8CVSS7.2AI score0.69667EPSS
Exploits1References5
OSV
OSV
added 2 days ago4 views

DEBIAN-CVE-2026-55955

Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.13 through 9.0.18, from 8.5.38 through 8.5.100, fro...

6.5CVSS5.7AI score0.00141EPSS
Exploits0References1
NVD
NVD
added 2 days ago7 views

CVE-2026-55955

Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.13 through 9.0.18, from 8.5.38 through 8.5.100, fro...

6.5CVSS0.00141EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago25 views

CVE-2026-55955 Apache Tomcat: EncryptInterceptor not protected against replay attacks

Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.13 through 9.0.18, from 8.5.38 through 8.5.100, fro...

0.00141EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2 days ago3 views

CVE-2026-55955

Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.13 through 9.0.18, from 8.5.38 through 8.5.100, fro...

6.5CVSS5.7AI score0.00141EPSS
Exploits0
CVE
CVE
added 2 days ago14 views

CVE-2026-55955

CVE-2026-55955 describes an improper authentication flaw in Apache Tomcat’s EncryptionInterceptor for Tribes clustering, allowing a replay attack. Affected versions include Tomcat 11.0.0-M1–11.0.22, 10.1.0-M1–10.1.55, 9.0.13–9.0.18, 8.5.38–8.5.100, and 7.0.100–7.0.109. Remediation is to upgrade t...

6.5CVSS5.7AI score0.00141EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago5 views

PT-2026-53744

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.22 Apache Tomcat versions 10.1.0-M1 through 10.1.55 Apache Tomcat versions 9.0.13 through 9.0.18 Apache Tomcat versions 8.5.38 through 8.5.100 Apache Tomcat versions 7.0.100 through 7.0.109...

5.8AI score0.00141EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 3 days ago9 views

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management for Kubernetes v2.13.9 security update

Red Hat Advanced Cluster Management for Kubernetes 2.13 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. Red Hat Advanced Cluster Management for Kubernetes 2.13 images Red Hat Advanced Cluster Management for Kubernetes provides...

10CVSS6.7AI score0.01041EPSS
Exploits6References16
Wolfi
Wolfi
added 5 days ago6 views

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: policy-controller, wolfictl, fulcio, trivy-operator, ko, atlantis, hcloud, age, cosign, kubernetes-dashboard, kargo, gptscript, guac, docker-cli-buildx, tekton-chains, nfpm, terragrunt, containerd, cloud-provider-aws, step-kms-plugin, kubescape, kaf,...

5.8AI score
Exploits0
NVD
NVD
added 5 days ago6 views

CVE-2026-55838

RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.7 and earlier, the real-time metrics endpoint at /rustfs/admin/v3/metrics is accessible to any valid IAM user regardless of their assigned policy. Every other admin handler in the codebase calls validateadminrequest to...

4.3CVSS0.00162EPSS
Exploits0References1
OSV
OSV
added 5 days ago2 views

DEBIAN-CVE-2026-53309

In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: fix off-by-one in dlmmatchregions region comparison The local-vs-remote region comparison loop uses '=' instead of '', causing it to read one entry past the valid range of qrregions. The other loops in the same functio...

9.8CVSS5.7AI score0.00404EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-55838

RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.7 and earlier, the real-time metrics endpoint at /rustfs/admin/v3/metrics is accessible to any valid IAM user regardless of their assigned policy. Every other admin handler in the codebase calls validateadminrequest to...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References2Affected Software1
CVE
CVE
added 5 days ago6 views

CVE-2026-55838

CVE-2026-55838 (RustFS) : In versions up to 1.0.0-beta.7, the real-time metrics endpoint /rustfs/admin/v3/metrics is accessible to any valid IAM user, because MetricsHandler skips the admin-request validation that other admin handlers perform. As a result, a user whose policy allows only their ow...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References1
Debian CVE
Debian CVE
added 5 days ago5 views

CVE-2026-53309

In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: fix off-by-one in dlmmatchregions region comparison The local-vs-remote region comparison loop uses '=' instead of '', causing it to read one entry past the valid range of qrregions. The other loops in the same functio...

9.8CVSS5.7AI score0.00404EPSS
Exploits0
Nuclei
Nuclei
added 5 days ago99 views

MinIO Cluster Deployment - Information Disclosure

MinIO is susceptible to information disclosure. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIOSECRETKEY and MINIOROOTPASSWORD. An attacker can potentially obtain sensitive...

7.5CVSS7.5AI score0.83957EPSS
Exploits13References5
RedhatCVE
RedhatCVE
added 5 days ago10 views

CVE-2026-53040

A flaw was found in the Oracle Cluster File System Release 2 OCFS2 in the Linux kernel. A local attacker with the ability to craft a malicious OCFS2 filesystem could trigger a use-after-free vulnerability. This occurs when the OCFS2IOCINFO ioctl is issued with the OCFS2INFOFLNONCOHERENT flag,...

7.1CVSS5.8AI score0.00122EPSS
Exploits0References4
CVE
CVE
added 5 days ago12 views

CVE-2026-13325

The CVE-2026-13325 issue affects KubeVirt’s migration proxy. When spec.configuration.migrations.disableTLS is set to true, the target virt-handler binds a plain TCP listener on all interfaces (0.0.0.0/::) on a random port with no authentication, peer allow-list, or handshake token. This listener ...

8.5CVSS5.8AI score0.00172EPSS
Exploits0References2
Rows per page
Query Builder