207 matches found
EUVD-2026-41660
A vulnerability has been found in FederatedAI FATE up to 2.2.0. This affects the function QueuePushReqStreamObserver.initEggroll of the file java/osx/osx-broker/src/main/java/org/fedai/osx/broker/grpc/QueuePushReqStreamObserver.java of the component OSX Broker. Such manipulation of the argument...
CVE-2026-14621
CVE-2026-14621 affects FederatedAI FATE (OSX Broker) up to 2.2.0. The vulnerability resides in QueuePushReqStreamObserver.initEggroll (file path java/osx/osx-broker/src/main/java/org/fedai/osx/broker/grpc/QueuePushReqStreamObserver.java) where manipulation of rollSiteSessionId, dstRole, or dstPar...
CVE-2026-14621
A vulnerability has been found in FederatedAI FATE up to 2.2.0. This affects the function QueuePushReqStreamObserver.initEggroll of the file java/osx/osx-broker/src/main/java/org/fedai/osx/broker/grpc/QueuePushReqStreamObserver.java of the component OSX Broker. Such manipulation of the argument...
CVE-2026-58379
creationtimestamp| type| source ---|---|--- 2026-07-03 19:39:24+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mprceilsjt24 2026-07-03 22:01:58+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mprkdhbnlb2f 2026-07-03 22:30:00+00:00| seen|...
CVE-2026-4629
creationtimestamp| type| source ---|---|--- 2026-07-01 20:57:52+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mpmfsxv4b524 2026-07-02 12:26:59+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpnzqezxyr2d...
CVE-2026-50229
creationtimestamp| type| source ---|---|--- 2026-06-29 21:40:40+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mphhbocbak2p 2026-06-29 22:19:25+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mphjgx4ff32q 2026-06-29 23:32:51+00:00| seen|...
CVE-2026-55957
creationtimestamp| type| source ---|---|--- 2026-06-29 21:36:56+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mphh2yd4ic23 2026-06-29 22:43:44+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mphksgifwx23 2026-06-29 22:51:37+00:00| seen|...
CVE-2026-57341
creationtimestamp| type| source ---|---|--- 2026-06-29 16:01:47+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mpgudozghx2b 2026-06-29 20:22:37+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mphcw47xbf22...
CVE-2026-13513
creationtimestamp| type| source ---|---|--- 2026-06-29 00:28:28+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mpfa6sd5lg2m 2026-06-29 02:13:37+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpfg2pst3i2w...
CVE-2026-13516
creationtimestamp| type| source ---|---|--- 2026-06-29 00:25:58+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mpfa2crs3e25 2026-06-29 04:58:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpfpbuujq62j 2026-06-29 06:00:27+00:00| seen|...
CVE-2026-13508
creationtimestamp| type| source ---|---|--- 2026-06-28 23:39:58+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mpf5i3ikuf2s 2026-06-29 02:08:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpffrrfccn2x...
CVE-2026-50767
creationtimestamp| type| source ---|---|--- 2026-06-26 22:47:01+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mp7zljs7au2o 2026-06-29 17:33:46+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpgzi6wa632w...
GHSA-X4QR-QW6H-WVXQ Fleet: Observer-level enrollment secret extraction via ORDER BY oracle on Apple MDM commands endpoint
Summary A vulnerability in Fleet's Apple MDM commands listing endpoint allowed authenticated users with the lowest-privilege Observer role to extract sensitive values from joined database tables — including host enrollment secrets and Apple Push Notification Service APNS tokens — through a...
Fleet has observer-level enrollment secret extraction via ORDER BY oracle on labels host-listing endpoint
Summary A vulnerability in Fleet's labels host-listing endpoint allowed authenticated users with the lowest-privilege Observer role to extract host enrollment secrets nodekey, orbitnodekey through a cursor-based binary search oracle. The endpoint accepted a user-supplied orderkey parameter that w...
GHSA-VXM7-9X8V-8GM4 Fleet has observer-level enrollment secret extraction via ORDER BY oracle on labels host-listing endpoint
Summary A vulnerability in Fleet's labels host-listing endpoint allowed authenticated users with the lowest-privilege Observer role to extract host enrollment secrets nodekey, orbitnodekey through a cursor-based binary search oracle. The endpoint accepted a user-supplied orderkey parameter that w...
PT-2026-49056
Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.85.0 Description Authenticated users with the lowest-privilege Observer role can extract host enrollment secrets, specifically node key and orbit node key, using a cursor-based binary search oracle. The issue exists i...
PT-2026-49057
Name of the Vulnerable Software and Affected Versions Fleet affected versions not specified Description An issue in the Apple MDM commands listing endpoint allows authenticated users with the Observer role to extract sensitive data from joined database tables, such as host enrollment secrets and...
SUSE CVE-2026-46026
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum number of lookups Current code does no bound checking on the number of lookups a client can perform. Though the code restricts the lookups to local clients, there is still a possibility of a...
EUVD-2026-32407
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum number of lookups Current code does no bound checking on the number of lookups a client can perform. Though the code restricts the lookups to local clients, there is still a possibility of a...
Linux Distros Unpatched Vulnerability : CVE-2026-46026
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: qrtr: ns: Limit the maximum number of lookups Current code does no bound checking on the number of lookups a client can perform. Though the code restricts...