Lucene search
K

10 matches found

EUVD
EUVD
•added 2026/07/03 7:40 a.m.•8 views

EUVD-2026-41516

Puppet resourceapi shipped in Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x does not preserve the sensitive flag on parameters defined via the resource-api, causing values such as passwords to be stored in cleartext in the agent's local transaction state cache. Affected versions of th...

6.7CVSS5.9AI score0.00082EPSS
Exploits0References1
Cvelist
Cvelist
•added 2026/07/03 7:40 a.m.•43 views

CVE-2026-8804 Cleartext Storage of Sensitive Information for Puppet Resource API

Puppet resourceapi shipped in Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x does not preserve the sensitive flag on parameters defined via the resource-api, causing values such as passwords to be stored in cleartext in the agent's local transaction state cache. Affected versions of th...

6.7CVSS0.00082EPSS
Exploits0References1
NVD
NVD
•added 2026/05/12 8:16 p.m.•28 views

CVE-2026-7474

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability CVE-2026-7474 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

8.8CVSS0.06892EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/05/12 6:59 p.m.•9 views

CVE-2026-6959 Nomad vulnerable to arbitrary file read/write on client host through symlink attack

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

6CVSS5.9AI score0.00169EPSS
Exploits0References1
NVD
NVD
•added 2026/05/07 2:16 p.m.•18 views

CVE-2026-41589

Wish is an SSH server with defaults and a collection of middlewares. From version 2.0.0 to before version 2.0.1, the SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A malicious SCP client can read arbitrary files from the server, write arbitrary files to the server,...

9.6CVSS0.00393EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
•added 2026/03/20 9:41 a.m.•3 views

CVE-2026-33129

H3 is a minimal HTTP framework. Versions 2.0.1-beta.0 through 2.0.0-rc.8 contain a Timing Side-Channel vulnerability in the requireBasicAuth function due to the use of unsafe string comparison !==. This allows an attacker to deduce the valid password character-by-character by measuring the server...

5.9CVSS5.8AI score0.00319EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
•added 2026/03/20 9:41 a.m.•24 views

CVE-2026-33129 h3 has an observable timing discrepancy in basic auth utils

H3 is a minimal HTTP framework. Versions 2.0.1-beta.0 through 2.0.0-rc.8 contain a Timing Side-Channel vulnerability in the requireBasicAuth function due to the use of unsafe string comparison !==. This allows an attacker to deduce the valid password character-by-character by measuring the server...

5.9CVSS0.00319EPSS
Exploits1References3
CVE
CVE
•added 2026/03/20 9:41 a.m.•19 views

CVE-2026-33129

The CVE-2026-33129 issue affects the H3 minimal HTTP framework. A Timing Side-Channel exists in the requireBasicAuth function due to unsafe string comparison (!==), enabling an attacker to deduce the valid password character-by-character by measuring response times and bypass password protections...

5.9CVSS5.8AI score0.00319EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
•added 2025/12/15 11:0 p.m.•8 views

WordPress CC Child Pages plugin <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'child_pages' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'childpages' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin CC Child Pages versions = 2.0.0...

6.4CVSS5.6AI score0.00155EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
•added 2025/08/20 12:0 a.m.•6 views

WordPress JobZilla - Job Board WordPress Theme Theme <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software JobZilla - Job Board WordPress Theme Type Theme Vulnerable versions = 2.0 Fixed in 2.0.1 OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2025-49382 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 33cb80ce3eab Credi...

8.8CVSS6.6AI score0.00168EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder