Lucene search
K

118 matches found

NVD
NVD
added yesterday5 views

CVE-2026-62948

OpenWrt is a Linux operating system targeting embedded devices. Prior to 25.12.5, odhcpd writes a DHCPv6 client FQDN option 39 hostname into /tmp/odhcpd.leases through src/statefiles.c statefileswritestate6 and statefileswritestate4 without escaping, allowing newline injection of forged lease lin...

9.6CVSS
Exploits0References5
CVE
CVE
added yesterday8 views

CVE-2026-62948

OpenWrt odhcpd/LuCI vulnerability CVE-2026-62948: Before 25.12.5, the DHCPv6 client FQDN option 39 hostname is written into /tmp/odhcpd.leases without escaping, allowing newline injection of forged lease lines. LuCI displays these lines in the Active DHCPv6 Leases page via rpcd-mod-luci getDHCPLe...

9.6CVSS6.1AI score
Exploits0References5
EUVD
EUVD
added yesterday5 views

EUVD-2026-44748

OpenWrt is a Linux operating system targeting embedded devices. Prior to 25.12.5, odhcpd writes a DHCPv6 client FQDN option 39 hostname into /tmp/odhcpd.leases through src/statefiles.c statefileswritestate6 and statefileswritestate4 without escaping, allowing newline injection of forged lease lin...

9.6CVSS6.1AI score
Exploits0References5
OSV
OSV
added 2026/06/25 6:43 p.m.5 views

GO-2026-5304 OpenBao: Cross-namespace lease revocation/renewal via canonical sys/leases/{revoke,renew} — incomplete fix of CVE-2026-45808 in github.com/openbao/openbao

OpenBao: Cross-namespace lease revocation/renewal via canonical sys/leases/revoke,renew — incomplete fix of CVE-2026-45808 in github.com/openbao/openbao...

5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-51109

Summary OpenBao users with access to the sys/leases/revoke/:lease id endpoint in any namespace can revoke leases in any other namespace as long as the lease identifier is known to them, bypassing ACLs that should apply for cross-namespace revocations. Impact OpenBao's namespaces provide...

2.1CVSS5.8AI score
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.11 views

CVE-2026-42186

A flaw was found in OpenBao. When the initial deletion of a namespace fails, subsequent attempts to remove it do not fully clear all associated data before the namespace is marked as deleted. This can result in residual data, such as outstanding leases and unrelated storage entries, not being...

7.5CVSS5.2AI score0.00248EPSS
Exploits0References2
OSV
OSV
added 2026/05/18 5:39 a.m.18 views

BIT-ETCD-2026-44283 etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checks

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user...

4.3CVSS5.8AI score0.00225EPSS
Exploits0References2
Veracode
Veracode
added 2026/05/16 5:34 a.m.11 views

Improper Cleanup Of Namespace Data

OpenBao is vulnerable to improper cleanup of namespace data.The vulnerability is due to incomplete cleanup when retries occur after an initial namespace deletion failure, which allows an attacker to potentially retain access to outstanding leases or leave residual storage entries that should have...

7.5CVSS5.8AI score0.00248EPSS
Exploits0References3Affected Software1
Fedora
Fedora
added 2026/05/15 8:57 p.m.16 views

[SECURITY] Fedora 44 Update: dnsmasq-2.92rel2-9.fc44

Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with...

8.8CVSS5.8AI score0.07237EPSS
Exploits4
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.11 views

SUSE CVE-2026-42186

OpenBao is an open source identity-based secrets management system. Prior to 2.5.3, when OpenBao's initial namespace deletion fails, subsequent retries fail to properly remove all data before marking the namespace as deleted. This can affect any outstanding leases as well as potentially leaving...

7.5CVSS5.8AI score0.00248EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/14 5:1 p.m.9 views

CVE-2026-44283

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user...

5.8AI score0.00225EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/14 3:16 p.m.10 views

CVE-2026-42186

OpenBao is an open source identity-based secrets management system. Prior to 2.5.3, when OpenBao's initial namespace deletion fails, subsequent retries fail to properly remove all data before marking the namespace as deleted. This can affect any outstanding leases as well as potentially leaving...

7.5CVSS0.00248EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/14 2:36 p.m.9 views

EUVD-2026-30298

OpenBao is an open source identity-based secrets management system. Prior to 2.5.3, when OpenBao's initial namespace deletion fails, subsequent retries fail to properly remove all data before marking the namespace as deleted. This can affect any outstanding leases as well as potentially leaving...

2.3CVSS5.8AI score0.00248EPSS
Exploits0References3
CVE
CVE
added 2026/05/14 2:36 p.m.16 views

CVE-2026-42186

OpenBao vulnerability CVE-2026-42186 affects the OpenBao identity-based secrets manager where, before v2.5.3, if the initial namespace deletion fails, subsequent retries do not fully remove data before marking the namespace deleted. This can leave outstanding leases and unrelated storage entries....

7.5CVSS5.8AI score0.00248EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/14 2:36 p.m.41 views

CVE-2026-42186 OpenBao's Namespace Deletion May Not Delete Data Properly

OpenBao is an open source identity-based secrets management system. Prior to 2.5.3, when OpenBao's initial namespace deletion fails, subsequent retries fail to properly remove all data before marking the namespace as deleted. This can affect any outstanding leases as well as potentially leaving...

2.3CVSS0.00248EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/14 2:36 p.m.11 views

CVE-2026-42186 OpenBao's Namespace Deletion May Not Delete Data Properly

OpenBao is an open source identity-based secrets management system. Prior to 2.5.3, when OpenBao's initial namespace deletion fails, subsequent retries fail to properly remove all data before marking the namespace as deleted. This can affect any outstanding leases as well as potentially leaving...

2.3CVSS5.8AI score0.00248EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/14 2:36 p.m.7 views

CVE-2026-42186

OpenBao is an open source identity-based secrets management system. Prior to 2.5.3, when OpenBao's initial namespace deletion fails, subsequent retries fail to properly remove all data before marking the namespace as deleted. This can affect any outstanding leases as well as potentially leaving...

2.3CVSS5.8AI score0.00248EPSS
Exploits0References4Affected Software1
AlpineLinux
AlpineLinux
added 2026/05/14 2:36 p.m.11 views

CVE-2026-42186

OpenBao is an open source identity-based secrets management system. Prior to 2.5.3, when OpenBao's initial namespace deletion fails, subsequent retries fail to properly remove all data before marking the namespace as deleted. This can affect any outstanding leases as well as potentially leaving...

7.5CVSS5.8AI score0.00248EPSS
Exploits0References3
OSV
OSV
added 2026/05/14 2:36 p.m.4 views

CVE-2026-42186 OpenBao's Namespace Deletion May Not Delete Data Properly

OpenBao is an open source identity-based secrets management system. Prior to 2.5.3, when OpenBao's initial namespace deletion fails, subsequent retries fail to properly remove all data before marking the namespace as deleted. This can affect any outstanding leases as well as potentially leaving...

2.3CVSS6AI score0.00248EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.21 views

PT-2026-41030

Crabbox prior to v0.12.0 contains a privilege escalation vulnerability that allows users with shared visibility-only access to obtain Code, WebVNC, and Egress agent tickets by sending POST requests to ticket endpoints. Attackers can exploit insufficient access control checks on the...

8.6CVSS5.8AI score0.00338EPSS
Exploits0References5
Rows per page
Query Builder