Lucene search
K

22840 matches found

OSV
OSV
added 2026/06/26 4:16 p.m.2 views

DEBIAN-CVE-2026-9640

A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regarding the handling of project-restriction policies during snapshot restoration.. An authenticated project operator in a restricted multi-tenant environment can bypass policy...

7.2CVSS5.8AI score0.00342EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/26 3:50 p.m.42 views

CVE-2026-9640 LXD Snapshot Import Privilege Escalation Vulnerability

A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regarding the handling of project-restriction policies during snapshot restoration.. An authenticated project operator in a restricted multi-tenant environment can bypass policy...

7.2CVSS0.00342EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/06/26 3:50 p.m.6 views

CVE-2026-9640

A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regarding the handling of project-restriction policies during snapshot restoration.. An authenticated project operator in a restricted multi-tenant environment can bypass policy...

7.2CVSS5.8AI score0.00342EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/06/26 3:32 p.m.4 views

EUVD-2026-39778

Mattermost Plugins versions =11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries...

6.8CVSS5.8AI score0.00325EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 2:43 p.m.31 views

CVE-2026-9699 Mattermost Agents plugin logs unsanitized OpenAI API keys on authentication errors

Mattermost Plugins versions =11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries...

6.8CVSS0.00325EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:43 p.m.14 views

CVE-2026-9699

Mattermost Plugins versions

6.8CVSS5.8AI score0.00325EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 2:13 p.m.6 views

MAL-2026-6522 Malicious code in @epsteinlovekids483/crossmint-wallets-sdk-pentest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e43e5a418541bb3e485010eba536ecc9f1483dba866af53ff4a760684409213 Package's main entry dist/index.cjs unconditionally requires dist/shai-hulud.js at module load. On require, the code harvests installer secrets —...

5.9AI score
Exploits0References9
EUVD
EUVD
added 2026/06/26 12:32 a.m.6 views

EUVD-2026-39592

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hardcoded AES keys and initialization vectors. This allows an attacker to decrypt Setracker2 watch traffic...

8.7CVSS5.9AI score0.00232EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 12:16 a.m.8 views

CVE-2026-9220

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hardcoded AES keys and initialization vectors. This allows an attacker to decrypt Setracker2 watch traffic...

8.7CVSS0.00232EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.8 views

PT-2026-52844

Name of the Vulnerable Software and Affected Versions LXD versions 6.0 through 6.8 LXD versions 5.21.0 through 5.21.4 LXD versions 5.0.0 through 5.0.6 Description An issue exists in the handling of project-restriction policies during snapshot restoration. An authenticated project operator in a...

7.2CVSS5.8AI score0.00342EPSS
Exploits1References8
CVE
CVE
added 2026/06/25 11:13 p.m.15 views

CVE-2026-9220

The CVE-2026-9220 entry describes a vulnerability in Setracker2 Android Companion App (package com.tgelec.setracker) affecting versions 3.1.5 and earlier. The underlying issue is that requests between the wearable and backend are encrypted with static, hardcoded AES keys and initialization vector...

8.7CVSS5.9AI score0.00232EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 11:13 p.m.37 views

CVE-2026-9220 Setracker2 Children's Smartwatch Ecosystem Use of hard-coded cryptographic key

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hardcoded AES keys and initialization vectors. This allows an attacker to decrypt Setracker2 watch traffic...

8.7CVSS0.00232EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/25 10:58 p.m.6 views

CVE-2026-50221

A flaw was found in OpenStack Swift's proxy-server. Internal container update routing headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device are not stripped from client requests before being forwarded to object-servers. An authenticated user with write access can inje...

6.4CVSS5.9AI score0.00146EPSS
Exploits1References6
OSV
OSV
added 2026/06/25 10:21 p.m.4 views

GHSA-89GR-R52H-F8RX golang.org/x/crypto/ssh: FIDO/U2F security key physical presence check can be bypassed

The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...

9.1CVSS5.8AI score0.00373EPSS
Exploits0References6
OSV
OSV
added 2026/06/25 10:18 p.m.2 views

GHSA-W879-237Q-WC7R golang.org/x/crypto/ssh: Invoking pathological RSA/DSA parameters may cause DoS

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

7.5CVSS5.8AI score0.004EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2026/06/25 10:18 p.m.8 views

golang.org/x/crypto/ssh: Invoking pathological RSA/DSA parameters may cause DoS

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

7.5CVSS5.8AI score0.004EPSS
Exploits0References13Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/25 10:14 p.m.8 views

golang.org/x/crypto/ssh/agent doesn't drop invoking agent constraints when forwarding keys

When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...

9.1CVSS5.9AI score0.00338EPSS
Exploits0References9Affected Software1
EUVD
EUVD
added 2026/06/25 9:22 p.m.7 views

EUVD-2026-38383

MessagePack-CSharp: DynamicUnionResolver-generated deserializers miss depth enforcement...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 8:40 p.m.8 views

MAL-2026-6474 Malicious code in ref-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e1ef3e785cf6cb007c0b33be2ed43ebe49d64f476bb4fb3a66b914b06def5e1 On npm install, the package's postinstall hook runs node test.js which invokes index.js to perform multi-stage installer compromise. 1 Credential...

5.8AI score
Exploits0References2
NVD
NVD
added 2026/06/25 8:17 p.m.6 views

CVE-2026-57522

Bitwarden Server before 2026.5.0 contains a JSON injection vulnerability in IntegrationTemplateProcessor.ReplaceTokens, which substitutes user-controlled values into event-integration templates without JSON encoding. When an organization has configured an event integration whose template referenc...

5CVSS0.00262EPSS
Exploits1References5
Rows per page
Query Builder