Lucene search
+L

205 matches found

snyk
snyk
added 2026/03/12 4:23 p.m.7 views

Malicious Package

Overview babel-compile-templates is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior...

9.8CVSS5.9AI score
Exploits0References3
snyk
snyk
added 2026/03/12 4:23 p.m.8 views

Malicious Package

Overview jsx-dev-runtime is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The...

9.8CVSS5.9AI score
Exploits0References3
snyk
snyk
added 2026/03/12 4:23 p.m.2 views

Malicious Package

Overview reuse-plugin is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The package...

9.8CVSS5.9AI score
Exploits0References3
snyk
snyk
added 2026/03/12 4:23 p.m.4 views

Malicious Package

Overview dazaar-payment is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The packa...

9.8CVSS5.9AI score
Exploits0References3
snyk
snyk
added 2026/03/12 4:23 p.m.5 views

Malicious Package

Overview transform-es2015-shorthand-properties is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it...

9.8CVSS5.9AI score
Exploits0References3
snyk
snyk
added 2026/03/12 4:23 p.m.9 views

Malicious Package

Overview require-in-package is a malicious package. This package was recognized as part of the 'PhantomRaven' supply chain campaign, which involves credential-stealing malware. The package impersonates well-known ecosystem plugins to deceive developers into installing it. Malicious Behavior The...

9.8CVSS5.9AI score
Exploits0References3
osv
osv
added 2026/03/10 6:28 p.m.6 views

GO-2026-4595 Non-recursive certificate listing bypasses per-object authorization and leaks all fingerprints in github.com/canonical/lxd

Non-recursive certificate listing bypasses per-object authorization and leaks all fingerprints in github.com/canonical/lxd...

5.3CVSS5.8AI score0.00141EPSS
Exploits1References3
nessus
nessus
added 2026/03/06 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-3351

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all...

5.3CVSS5.8AI score0.00141EPSS
Exploits1References2
euvd
euvd
added 2026/03/04 8:18 p.m.4 views

EUVD-2026-9286

lxd's non-recursive certificate listing bypasses per-object authorization and leaks all fingerprints...

5.3CVSS5.9AI score0.00141EPSS
Exploits1References4
github
github
added 2026/03/04 8:18 p.m.8 views

lxd's non-recursive certificate listing bypasses per-object authorization and leaks all fingerprints

Summary The GET /1.0/certificates endpoint non-recursive mode returns URLs containing fingerprints for all certificates in the trust store, bypassing the per-object canview authorization check that is correctly applied in the recursive path. Any authenticated identity — including restricted,...

5.3CVSS5.8AI score0.00141EPSS
Exploits1References5Affected Software1
redhatcve
redhatcve
added 2026/03/04 1:44 p.m.4 views

CVE-2026-3351

Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd server...

5.3CVSS5.9AI score0.00141EPSS
Exploits1References1
susecve
susecve
added 2026/03/04 12:29 a.m.6 views

SUSE CVE-2026-3351

Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd server...

5.3CVSS5.8AI score0.00141EPSS
Exploits1References4
snyk
snyk
added 2026/03/03 3:44 p.m.2 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the GET /1.0/certificates API endpoint. An attacker can enumerate all certificate fingerprints trusted by the server by sending crafted requests as an authenticated, restricted user. Remediation Upgrade...

5.3CVSS6AI score0.00141EPSS
Exploits1References2
nvd
nvd
added 2026/03/03 1:16 p.m.6 views

CVE-2026-3351

Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd server...

5.3CVSS0.00141EPSS
Exploits1References3
ubuntucve
ubuntucve
added 2026/03/03 1:16 p.m.3 views

CVE-2026-3351

Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd server...

5.3CVSS7.2AI score0.00141EPSS
Exploits1References4
osv
osv
added 2026/03/03 1:16 p.m.6 views

UBUNTU-CVE-2026-3351

Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd server...

5.3CVSS5.8AI score0.00141EPSS
Exploits1References5
attackerkb
attackerkb
added 2026/03/03 12:49 p.m.4 views

CVE-2026-3351

Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd server...

5.3CVSS5.9AI score0.00141EPSS
Exploits1References4Affected Software1
cve
cve
added 2026/03/03 12:49 p.m.20 views

CVE-2026-3351

CVE-2026-3351 : In Canonical LXD 6.6 on Linux, an improper authorization flaw in the API endpoint GET /1.0/certificates lets an authenticated, restricted user enumerate all certificate fingerprints trusted by the LXD server. The CVSS score is 5.3 (Medium); attack vector is network, with low attac...

5.3CVSS5.9AI score0.00141EPSS
Exploits1References3Affected Software1
vulnrichment
vulnrichment
added 2026/03/03 12:49 p.m.4 views

CVE-2026-3351 Authorization Bypass in LXD GET /1.0/certificates Endpoint

Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd server...

5.3CVSS5.9AI score0.00141EPSS
Exploits1References3
cvelist
cvelist
added 2026/03/03 12:49 p.m.25 views

CVE-2026-3351 Authorization Bypass in LXD GET /1.0/certificates Endpoint

Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd server...

5.3CVSS0.00141EPSS
Exploits1References3
Rows per page
Query Builder