Lucene search
K

5 matches found

OSV
OSV
added 2026/03/25 8:16 p.m.5 views

UBUNTU-CVE-2026-33246

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server offers a Nats-Request-Info: message header, providing information about a request. This is supposed to provide enough information to allow for account/user identification, such that NAT...

6.4CVSS5.8AI score0.00143EPSS
Exploits0References4
OSV
OSV
added 2026/03/24 9:50 p.m.2 views

GHSA-55H8-8G96-X4HJ NATS: Leafnode connections allow spoofing of Nats-Request-Info identity headers

Background NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The nats-server allows hub/spoke topologies using "leafnode" connections by other nats-servers. NATS messages can have headers. Problem...

6.4CVSS5.8AI score0.00143EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/21 10:25 p.m.2 views

CVE-2026-23990 Flux Operator Web UI Impersonation Bypass via Empty OIDC Claims

The Flux Operator is a Kubernetes CRD controller that manages the lifecycle of CNCF Flux CD and the ControlPlane enterprise distribution. Starting in version 0.36.0 and prior to version 0.40.0, a privilege escalation vulnerability exists in the Flux Operator Web UI authentication code that allows...

5.3CVSS5.8AI score0.00303EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/01/20 8:55 p.m.11 views

Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment

Summary A vulnerability in Fleet’s Windows MDM enrollment flow could allow an attacker to submit forged authentication tokens that are not properly validated. Because JWT signatures were not verified, Fleet could accept attacker-controlled identity claims, enabling enrollment of unauthorized...

9.8CVSS5.8AI score0.00226EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2018/03/28 5:29 p.m.1 views

CVE-2018-5451

In Philips Alice 6 System version R8.0.2 or prior, when an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers...

9.8CVSS6AI score
Exploits0References2
Rows per page
Query Builder