Lucene search
K

325 matches found

EUVD
EUVD
added 2026/07/01 5:50 p.m.8 views

EUVD-2022-49108

Open Babel has out-of-bounds write in ORCA nAtoms parser second variant...

9.8CVSS7.2AI score0.00816EPSS
Exploits1References5
OSV
OSV
added 2026/07/01 5:50 p.m.2 views

GHSA-5RFF-8F7C-8JMW Open Babel has out-of-bounds write in ORCA nAtoms parser (second variant)

Summary A memory-safety vulnerability in Open Babel's ORCA parser allowed an out-of-bounds write when reading a crafted input file. Details A second variant of the nAtoms out-of-bounds write in the ORCA reader: a different malformed-input path produced the same class of write past the end of the...

7.8CVSS7.1AI score0.00816EPSS
Exploits1References6
OSV
OSV
added 2026/07/01 5:49 p.m.3 views

GHSA-RJ4C-R689-CM87 Open Babel has out-of-bounds write in ORCA nAtoms parser

Summary A memory-safety vulnerability in Open Babel's ORCA parser allowed an out-of-bounds write when reading a crafted input file. Details The flaw was in the nAtoms handling of the ORCA reader. A malformed input caused the parser to write past the end of its destination buffer. Impact Open Babe...

7.8CVSS7.1AI score0.00816EPSS
Exploits1References6
Snyk
Snyk
added 2026/06/22 8:43 p.m.3 views

Deserialization of Untrusted Data

Overview io.spinnaker.orca:orca-clouddriver is a Spinnaker Orca Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the YAML processing. An attacker can execute arbitrary code by supplying crafted YAML input that triggers unsafe class loading during operations...

8.8CVSS6.2AI score0.01001EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.12 views

CVE-2026-25599

Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...

6.3CVSS5.6AI score0.00114EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 11:16 a.m.15 views

CVE-2026-25599

Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...

6.3CVSS0.00114EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 9:17 a.m.9 views

CVE-2026-25599 Missing authentication and clear‑text data transmission affecting Orca heat pumps

Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...

6.3CVSS5.9AI score0.00114EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:17 a.m.12 views

CVE-2026-25599

Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...

6.3CVSS5.9AI score0.00114EPSS
Exploits0References2
CVE
CVE
added 2026/06/01 9:17 a.m.24 views

CVE-2026-25599

CVE-2026-25599 involves Orca heat pump devices communicating with the Orca server over unencrypted HTTP, with missing authentication and input validation on aggregated data. This combination enables stored XSS in the heat pump web control interface and potential cookie theft, as well as attacker ...

6.3CVSS5.9AI score0.00114EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/01 9:17 a.m.32 views

CVE-2026-25599 Missing authentication and clear‑text data transmission affecting Orca heat pumps

Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...

6.3CVSS0.00114EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 9:17 a.m.14 views

EUVD-2026-33617

Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...

6.3CVSS5.9AI score0.00114EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.19 views

PT-2026-45397

Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...

6.3CVSS5.9AI score0.00114EPSS
Exploits0References2
OSV
OSV
added 2026/05/22 7:36 p.m.9 views

MAL-2026-4632 Malicious code in orca-website (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c52f7fe46d56cb45880942f5266494a2654d9d330914a6c3c99f02045eacd1dc On require/import, index.js collects host identifiers os.hostname, os.userInfo.username, os.platform, os.arch, process.cwd, process.pid, timestamp an...

5.8AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.12 views

CVE-2026-25534

Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the previous CVE CVE-2025-61916 through the use of carefully...

9.1CVSS5.7AI score0.00246EPSS
Exploits0References1
NVD
NVD
added 2026/03/17 6:16 p.m.7 views

CVE-2026-25534

Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the previous CVE CVE-2025-61916 through the use of carefully...

9.1CVSS0.00246EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/17 5:27 p.m.8 views

CVE-2026-25534 Spinnaker clouddriver and orca URL validation bypass via underscores in hostnames

Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the previous CVE CVE-2025-61916 through the use of carefully...

9.1CVSS5.7AI score0.00246EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/17 5:27 p.m.31 views

CVE-2026-25534 Spinnaker clouddriver and orca URL validation bypass via underscores in hostnames

Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the previous CVE CVE-2025-61916 through the use of carefully...

9.1CVSS0.00246EPSS
Exploits0References3
CVE
CVE
added 2026/03/17 5:27 p.m.32 views

CVE-2026-25534

CVE-2026-25534 affects Spinnaker clouddriver and Orca URL validation, where underscores in hostnames were not properly handled by Java URL parsing, bypassing prior URL validation checks. Public sources (NVD/Red Hat/Snyk/OSV) confirm the impact and note that patches have been merged to be released...

9.1CVSS5.7AI score0.00246EPSS
Exploits0References3
OSV
OSV
added 2026/03/17 5:27 p.m.6 views

CVE-2026-25534 Spinnaker clouddriver and orca URL validation bypass via underscores in hostnames

Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the previous CVE CVE-2025-61916 through the use of carefully...

9.1CVSS5.8AI score0.00246EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/16 3:15 p.m.10 views

Spinnaker clouddriver and orca URL validation bypass via underscores in hostnames

Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the previous CVE CVE-2025-61916 through the use of carefully...

9.1CVSS5.7AI score0.00246EPSS
Exploits0References5Affected Software2
Rows per page
Query Builder