Lucene search
K

226 matches found

EUVD
EUVD
added last week5 views

EUVD-2026-42024

The Config API in Apache Airflow surfaced per-key secrets-backend overrides environment variables like AIRFLOWSECRETSBACKENDKWARGSECRETID and AIRFLOWWORKERSSECRETSBACKENDKWARGSECRETID as synthetic config options whose option names were not in sensitiveconfigvalues, so the masker did not redact...

6.5CVSS6AI score0.00664EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/01 7:33 p.m.6 views

github.com/prometheus/prometheus: Prometheus: Information disclosure of Azure OAuth client secret via config API

A flaw was found in Prometheus, an open-source monitoring system. The clientsecret field within the Azure Active Directory AD remote write OAuth configuration was incorrectly handled as a plain string instead of a secure Secret type. This misconfiguration allowed any user or process with access t...

7.5CVSS5.8AI score0.00326EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/06/11 2:38 p.m.19 views

Important: Red Hat Security Advisory: multicluster engine for Kubernetes v2.11.0 General Availability

The multicluster engine for Kubernetes 2.11 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. The multicluster engine for Kubernetes v2.11 images The multicluster engine for Kubernetes provides the foundational components that a...

10CVSS7.6AI score0.00808EPSS
Exploits7References10
Cvelist
Cvelist
added 2026/05/20 8:7 p.m.31 views

CVE-2026-9144 Taiko AG1000-01A Rev 7.3/8 Stored XSS via Web Configuration Interface

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web configuration interface that allows authenticated attackers to execute persistent JavaScript by fragmenting malicious payloads across multiple administrative form fields...

8.4CVSS0.00441EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/05/07 8:3 a.m.9 views

Prometheus Azure AD remote write OAuth client secret exposed via config API

...

7.5CVSS5.8AI score0.00326EPSS
Exploits0
NVD
NVD
added 2026/04/28 11:16 a.m.6 views

CVE-2026-3323

An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes...

7.5CVSS0.00405EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/28 10:24 a.m.3 views

CVE-2026-3323 VEGA: Privilege escalation through unsecured configuration interface in VEGAPULS devices

An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes...

7.5CVSS5.3AI score0.00405EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/28 10:24 a.m.32 views

CVE-2026-3323 VEGA: Privilege escalation through unsecured configuration interface in VEGAPULS devices

An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes...

7.5CVSS0.00405EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/28 10:24 a.m.10 views

CVE-2026-3323

An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes...

7.5CVSS5.3AI score0.00405EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.7 views

PT-2026-35708

An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes...

7.5CVSS5.3AI score0.00405EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/15 8:22 p.m.4 views

Exposure of Private Personal Information to an Unauthorized Actor

Overview Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor via the configuration API when type protection is missing for sensitive fields. An attacker can obtain confidential credentials by sending requests directly to the API...

9.3CVSS5.4AI score0.00406EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/08 12:12 a.m.8 views

Emissary has a Path Traversal via Blacklist Bypass in Configuration API

Summary The configuration API endpoint /api/configuration/name validated configuration names using a blacklist approach that checked for , /, .., and trailing .. This could potentially be bypassed using URL-encoded variants, double-encoding, or Unicode normalization to achieve path traversal and...

5.3CVSS6AI score0.0032EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/07 3:57 p.m.2 views

CVE-2026-35583 Emissary has a Path Traversal via Blacklist Bypass in Configuration API

Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, the configuration API endpoint /api/configuration/name validated configuration names using a blacklist approach that checked for , /, .., and trailing .. This could potentially be bypassed using URL-encoded variants,...

5.3CVSS5.9AI score0.0032EPSS
Exploits1References1
CVE
CVE
added 2026/04/07 3:57 p.m.10 views

CVE-2026-35583

Emissary (configuration API) vulnerability: A path traversal could be achieved in /api/configuration/{name} due to a blacklist-based validation that blocked , /, .., and trailing ... The check can be bypassed via URL-encoded variants, double-encoding, or Unicode normalization, allowing access to ...

5.3CVSS5.9AI score0.0032EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:18 p.m.5 views

CVE-2026-30695

A Cross-Site Scripting XSS vulnerability exists in the web-based configuration interface of Zucchetti Axess access control devices, including XA4, X3/X3BIO, X4, X7, and XIO / i-door / i-door+. The vulnerability is caused by improper sanitization of user-supplied input in the dirBrowse parameter o...

6.1CVSS5.8AI score0.00179EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:13 p.m.5 views

CVE-2025-33216

NVIDIA SNAP-4 Container contains a vulnerability in the configuration interface where an attacker on a VM may cause an incorrect calculation of buffer size by sending crafted configurations. A successful exploit of this vulnerability may lead to crash of the SNAP service, causing denial of servic...

6.8CVSS6AI score0.00251EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/25 12:0 a.m.3 views

CVE-2024-51347

A buffer overflow vulnerability in the dgiot binary in LSC Smart Indoor IP Camera V7.6.32. The flaw exists in the handling of the Time Zone TZ parameter within the ONVIF configuration interface. The time zone TZ parameter does not have its length properly validated before being copied into a...

6AI score0.00325EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/24 9:31 p.m.4 views

EUVD-2025-208966

NVIDIA SNAP-4 Container contains a vulnerability in the configuration interface where an attacker on a VM may cause an incorrect calculation of buffer size by sending crafted configurations. A successful exploit of this vulnerability may lead to crash of the SNAP service, causing denial of servic...

6.8CVSS6AI score0.00251EPSS
Exploits0References3
CVE
CVE
added 2026/03/24 8:21 p.m.9 views

CVE-2025-33216

NVIDIA SNAP-4 Container vulnerability CVE-2025-33216 resides in the configuration interface, where crafted configurations can cause an incorrect buffer size calculation, potentially crashing the SNAP service and denying storage access to the host. Affected products: SNAP-4 Container (BlueField-3 ...

6.8CVSS6AI score0.00251EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/24 8:21 p.m.3 views

CVE-2025-33216

NVIDIA SNAP-4 Container contains a vulnerability in the configuration interface where an attacker on a VM may cause an incorrect calculation of buffer size by sending crafted configurations. A successful exploit of this vulnerability may lead to crash of the SNAP service, causing denial of servic...

6.8CVSS6AI score0.00251EPSS
Exploits0References3
Rows per page
Query Builder