Lucene search
K

612 matches found

EUVD
EUVD
added 2026/06/17 8:4 p.m.9 views

EUVD-2026-37792

When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition CRD access log format...

8.6CVSS5.6AI score0.00492EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 8:4 p.m.77 views

CVE-2026-50107

CVE-2026-50107 : Affects NGINX Plus or NGINX Open Source used as the data plane for NGINX Gateway Fabric. The vulnerability lies in the configuration generator component: user-supplied values from the NginxProxy CRD access log format setting are rendered directly into NGINX configuration template...

8.6CVSS5.7AI score0.00492EPSS
Exploits0References1Affected Software1
F5 Networks
F5 Networks
added 2026/06/17 7:46 p.m.14 views

K000161785: NGINX Gateway Fabric vulnerability CVE-2026-50107

Security Advisory Description When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource...

8.6CVSS5.5AI score0.00492EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2026/06/17 7:45 p.m.11 views

K000161786: NGINX Gateway Fabric vulnerability CVE-2026-32682

Security Advisory Description When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with permission to create or modify GRPCRoute resources can cause the NGINX Gateway Fabric control plane to terminate by sending undisclosed GRPCRoute configurations containin...

7.1CVSS5.3AI score0.00292EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/17 3:16 p.m.11 views

CVE-2026-11311

When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens field and the...

8.6CVSS0.00567EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 2:4 p.m.22 views

CVE-2026-11311 NGINX Gateway Fabric vulnerability

When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens field and the...

8.6CVSS0.00567EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2026/06/17 1:43 p.m.11 views

K000161611: NGINX Gateway Fabric vulnerability CVE-2026-11311

Security Advisory Description When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens...

8.6CVSS5.5AI score0.00567EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50533

Name of the Vulnerable Software and Affected Versions NGINX Gateway Fabric affected versions not specified Description When configured using GRPCRoutes, an authenticated remote attacker with permissions to create or modify GRPCRoute resources can cause the control plane to terminate. This occurs ...

7.1CVSS5.9AI score0.00292EPSS
Exploits0References5
NVD
NVD
added 2026/06/12 7:16 p.m.17 views

CVE-2026-28742

Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is recovered from any device, an attacker can generate valid signatures for arbitrary device or account operations due to the absence of per-device keys,...

9.8CVSS0.0033EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 6:3 p.m.11 views

EUVD-2026-36525

Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is recovered from any device, an attacker can generate valid signatures for arbitrary device or account operations due to the absence of per-device keys,...

9.8CVSS5.4AI score0.0033EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 6:3 p.m.10 views

CVE-2026-28742 Naxclow IoT Platform Use of hard-coded cryptographic key

Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is recovered from any device, an attacker can generate valid signatures for arbitrary device or account operations due to the absence of per-device keys,...

9.8CVSS5.5AI score0.0033EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 6:3 p.m.22 views

CVE-2026-28742

CVE-2026-28742 relates to Naxclow IoT Platform devices using a uniform, hard-coded platform-wide salt for request signing embedded in firmware. The lack of per‑device keys, server-side nonce tracking, or replay protections allows recovered salts to enable valid signatures for arbitrary device or ...

9.8CVSS5.4AI score0.0033EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.28 views

PT-2026-48951

Name of the Vulnerable Software and Affected Versions Naxclow Smart Doorbell X3 affected versions not specified Naxclow devices affected versions not specified Description Naxclow devices utilize a uniform request-signing scheme that relies on a hard-coded, platform-wide salt embedded in every...

9.8CVSS5.4AI score0.0033EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/06 2:46 a.m.7 views

SUSE CVE-2026-44393

An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when connecting to the message broker. When sslcafile is configured, the driver enables certificate chain validation but does not pass the expect...

7.4CVSS5.4AI score0.0016EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.11 views

CVE-2025-8873

On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane may detect this condition, and attempt to reset the IPsec processing pipeline. After reset traffic may not resume being...

8.7CVSS5.5AI score0.00386EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.9 views

CVE-2026-42296

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod...

8.1CVSS5.4AI score0.00424EPSS
Exploits2References1
EUVD
EUVD
added 2026/06/05 12:31 a.m.11 views

EUVD-2025-210068

On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane may detect this condition, and attempt to reset the IPsec processing pipeline. After reset traffic may not resume being...

8.7CVSS5.8AI score0.00386EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.18 views

PT-2026-47086

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description A low-privilege MCP token holder with knowledge of an attachment path can read any file in shared storage, including attachments from other bases and workspaces. This occurs because the MCP...

2.3CVSS5.9AI score0.00209EPSS
Exploits0References10
NVD
NVD
added 2026/06/04 11:16 p.m.9 views

CVE-2025-8873

On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane may detect this condition, and attempt to reset the IPsec processing pipeline. After reset traffic may not resume being...

8.7CVSS0.00386EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 11:4 p.m.10 views

CVE-2025-8873

CVE-2025-8873 affects Arista EOS with IPsec enabled: a specially crafted packet can stop dataplane processing of all IPsec traffic, with control plane detecting and resetting the IPsec pipeline; after reset, IPsec traffic may not resume. Non-IPsec traffic is unaffected. Affected EOS releases incl...

8.7CVSS5.8AI score0.00386EPSS
Exploits0References1
Rows per page
Query Builder