Lucene search
K

1382 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 3:30 p.m.6 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the @appium/support package

Summary Due to the use of the @appium/support package, DevOps Test Performance and Rational Performance Tester contain a potential path traversal vulnerability CVE-2026-30973, Vulnerability Details CVEID:CVE-2026-30973 DESCRIPTION: Appium is an automation framework that provides WebDriver-based...

6.5CVSS6AI score0.00388EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/31 9:44 a.m.7 views

Security Bulletin: Multiple vulnerabilities in IBM DevOps Release

Summary IBM DevOps Release 7.0.0.7 addresses multiple vulnerabilities. Vulnerability Details CVEID:CVE-2025-68161 DESCRIPTION: The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostNam...

9.1CVSS6.9AI score0.00743EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.3 views

CVE-2026-23658

Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network...

8.6CVSS5.8AI score0.00781EPSS
Exploits0References1
Imperva Blog
Imperva Blog
added 2026/03/23 4:58 p.m.6 views

Securing Applications Anywhere: Breaking Down the Wall of Confusion

Application development has changed dramatically. Enterprises now release software faster, operate more digital services, and deploy applications across a mix of public cloud, private cloud, APIs, containers, and on-premises infrastructure. As application delivery has accelerated and architecture...

5.5AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/22 12:23 a.m.3 views

SUSE CVE-2026-30836

Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unauthenticated certificate issuance through the SCEP UpdateReq. This issue has been fixed in version 0.30.0...

10CVSS5.7AI score0.00296EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/19 9:30 p.m.6 views

EUVD-2026-13174

Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network...

8.6CVSS5.8AI score0.00781EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/03/19 9:17 p.m.5 views

CVE-2026-30836

Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unauthenticated certificate issuance through the SCEP UpdateReq. This issue has been fixed in version 0.30.0...

10CVSS6.2AI score0.00296EPSS
Exploits0References4
NVD
NVD
added 2026/03/19 9:16 p.m.10 views

CVE-2026-23658

Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network...

9.8CVSS0.00781EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/19 9:6 p.m.22 views

CVE-2026-23658 Azure DevOps: msazure Elevation of Privilege Vulnerability

...

8.6CVSS0.00781EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/19 9:6 p.m.3 views

CVE-2026-23658 Azure DevOps: msazure Elevation of Privilege Vulnerability

...

8.6CVSS5.8AI score0.00781EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/19 9:6 p.m.3 views

CVE-2026-23658

Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network...

8.6CVSS5.8AI score0.00781EPSS
Exploits0References2
CVE
CVE
added 2026/03/19 9:6 p.m.11 views

CVE-2026-23658

CVE-2026-23658 affects Microsoft Azure DevOps: msazure, with root cause described as insufficiently protected credentials enabling an unauthorized network-based privilege escalation. The description and multiple connected sources confirm impact to Azure DevOps components and privilege elevation, ...

9.8CVSS5.8AI score0.00781EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/19 8:37 p.m.18 views

CVE-2026-30836 Step CA: Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18)

Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unauthenticated certificate issuance through the SCEP UpdateReq. This issue has been fixed in version 0.30.0...

10CVSS0.00296EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/19 8:37 p.m.6 views

CVE-2026-30836 Step CA: Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18)

Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unauthenticated certificate issuance through the SCEP UpdateReq. This issue has been fixed in version 0.30.0...

10CVSS5.7AI score0.00296EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/03/19 8:37 p.m.3 views

CVE-2026-30836

Step CA is an online certificate authority for secure, automated certificate management for DevOps. Versions 0.30.0-rc6 and below do not safeguard against unauthenticated certificate issuance through the SCEP UpdateReq. This issue has been fixed in version 0.30.0...

10CVSS5.7AI score0.00296EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/03/19 2:0 p.m.13 views

Azure DevOps: msazure Elevation of Privilege Vulnerability

Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network...

9.8CVSS5.8AI score0.00781EPSS
Exploits0
Kaspersky
Kaspersky
added 2026/03/19 12:0 a.m.8 views

KLA90946 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Azure Cloud Shell can be exploited remotely to gai...

10CVSS5.8AI score0.00803EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.2 views

PT-2026-26350

Azure DevOps: msazure Elevation of Privilege Vulnerability CVE: CVE-2026-23658 PT-Identifier: PT-2026-26350 Vendor: Microsoft Product: Azure DevOps: msazure CVSS: 8.6 Credits: n/a Description: Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileg...

8.6CVSS5.8AI score0.00781EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/16 8:36 a.m.4 views

Security Bulletin: Due to the use of Underscore.js, IBM DevOps Solution Workbench is affected by a Denial of Service (CVE-2026-27601)

Summary Underscore.js is used internally within IBM DevOps Solution Workbench Vulnerability Details CVEID:CVE-2026-27601 DESCRIPTION: Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specif...

8.2CVSS5.8AI score0.00612EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/10 5:13 a.m.5 views

Security Bulletin: A security vulnerability in spring-expression-5.3.31.jar affects IBM DevOps Code ClearCase [CVE-2024-38808]

Summary A security vulnerability in spring-expression-5.3.31.jar affects IBM DevOps Code ClearCase CVE-2024-38808 Vulnerability Details CVEID:CVE-2024-38808 DESCRIPTION: In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially...

4.3CVSS5.8AI score0.00536EPSS
Exploits0Affected Software1
Rows per page
Query Builder