Lucene search
K

32 matches found

Vulnrichment
Vulnrichment
added 2025/11/13 7:42 p.m.5 views

CVE-2025-64709 Typebot May Expose AWS EKS Credentials via Server Side Request Forgery in Webhook Block

Typebot is an open-source chatbot builder. In versions prior to 3.13.1, a Server-Side Request Forgery SSRF vulnerability in the Typebot webhook block HTTP Request component functionality allows authenticated users to make arbitrary HTTP requests from the server, including access to AWS Instance...

9.6CVSS6.4AI score0.00336EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2025/09/24 7:15 a.m.8 views

Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials

Cloud security company Wiz has revealed that it uncovered in-the-wild exploitation of a security flaw in a Linux utility called Pandoc as part of attacks designed to infiltrate Amazon Web Services AWS Instance Metadata Service IMDS. The vulnerability in question is CVE-2025-51591 CVSS score: 6.5,...

7.2CVSS7.1AI score0.90461EPSS
Exploits4
Wiz blog
Wiz blog
added 2025/09/22 2:50 p.m.6 views

IMDS Abused: Hunting Rare Behaviors to Uncover Exploits

When common processes start asking the wrong questions...

6.9AI score
Exploits0
OSV
OSV
added 2025/02/10 9:48 p.m.3 views

SUSE-SU-2025:20123-1 Security update for cloud-regionsrv-client

This update for cloud-regionsrv-client contains the following fixes: - Update to 10.3.11 bsc1234050 + Send registration code for the extensions, not only base product - Update to 10.3.9: bsc1234050 + Send registration code for the extensions, not only base product - Update to 10.3.8: bsc1233333 +...

5.9AI score
Exploits0References9
OSV
OSV
added 2023/11/29 5:39 p.m.8 views

USN-6519-2 ec2-hibinit-agent update

USN-6519-1 added IMDSv2 support to EC2 hibagent. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: The EC2 hibagent package has been updated to add IMDSv2 support, as IMDSv1 uses an insecure protocol and is no longer recommended...

5.7AI score
Exploits0References2
Rapid7 Blog
Rapid7 Blog
added 2023/08/01 4:8 p.m.6 views

New InsightCloudSec Compliance Pack for CIS AWS Benchmark 2.0.0

The Center for Internet Security CIS recently released version two of their AWS Benchmark. CIS AWS Benchmark 2.0.0 brings two new recommendations and eliminates one from the previous version. The update also includes some minor formatting changes to certain recommendation descriptions. In this...

6.8AI score
Exploits0
CNNVD
CNNVD
added 2022/12/21 12:0 a.m.6 views

AAD Pod Identity 安全漏洞

Microsoft AAD Pod Identity is Microsoft's Assigning Azure Active Directory Identities to Kubernetes Applications. A security vulnerability exists in AAD Pod Identity versions prior to 1.8.13 that stems from the NMI component intercepting and validating token requests based on regular expressions,...

5.3CVSS5.7AI score0.00709EPSS
Exploits0References4
seebug.org
seebug.org
added 2021/05/13 12:0 a.m.129 views

Microsoft Azure Virtual Machine信息泄露漏洞(CVE-2021-27075)

CVE-2021-27075: Microsoft Azure Vulnerability Allows Privilege Escalation and Leak of Private Data Written by Paul Litvak - 11 May 2021 In this post I will explain how the Microsoft Azure Virtual Machine VM extension works and how we found a fatal vulnerability in the extension mechanism affectin...

2.7CVSS0.1AI score0.01343EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2021/01/26 12:0 a.m.12 views

The vulnerability of Microsoft Azure Kubernetes operating system allows a hacker to gain unauthorized access to protected information.

The vulnerability of Microsoft Azure Kubernetes operating system-related to Windows is related to information disclosure. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information through a specially crafted IMDS request...

5.5CVSS5.9AI score0.01133EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2021/01/12 12:0 a.m.8 views

PT-2021-1676 · Microsoft · Azure Active Directory

Name of the Vulnerable Software and Affected Versions: Azure Active Directory affected versions not specified Description: The issue is related to an information disclosure vulnerability in the Azure Active Directory Pod Identity service. It may allow an attacker to gain unauthorized access to...

5.5CVSS6.6AI score0.01133EPSS
Exploits0References7
NCSC
NCSC
added 2021/01/12 12:0 a.m.7 views

Vulnerability fixed in Microsoft Azure Active Directory Pod Identity

There is a vulnerability in Azure Active Directory AAD Pod Identity. The vulnerability allows a malicious person to impersonate another user. The AAD pod identity allows users to assign identities to pods in Kubernetes clusters by querying them with regular Azure Instance Metadata Services IMDS...

5.5CVSS6.5AI score0.01133EPSS
Exploits0
myhack58
myhack58
added 2017/06/28 12:0 a.m.366 views

The AWS metadata service SSRF vulnerability analysis-vulnerability warning-the black bar safety net

One, Foreword Recently I was busy with a small project, to study how the Docker container executing untrusted Python code. According to the project requirements, I need to test more online code execution engine, research them on the various attacks of the reaction. In the research process, I foun...

0.3AI score
Exploits0
Rows per page
Query Builder