Lucene search
K

4 matches found

OSV
OSV
added 2026/06/10 5:19 p.m.3 views

CVE-2026-46612 Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all function archives

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, the Fission storagesvc component registers archive CRUD handlers /v1/archive GET / POST / DELETE and /v1/archives list directly on...

8.8CVSS6AI score0.00344EPSS
Exploits0References6
CVE
CVE
added 2026/04/22 7:43 p.m.25 views

CVE-2026-34064

The CVE-2026-34064 issue affects Nimiq-account’s VestingContract in the Rust implementation. Before v1.3.0, VestingContract::can_change_balance can produce AccountError::InsufficientFunds and builds the error with balance = self.balance - min_cap; if min_cap > balance, Coin::sub underflows and...

8.2CVSS5.7AI score0.00275EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 7:20 p.m.12 views

nimiq-transaction: Panic via `HistoryTreeProof` length mismatch

Impact HistoryTreeProof::verify panics on a malformed proof where history.len != positions.len due to asserteq!history.len, positions.len. The proof object is derived from untrusted p2p responses ResponseTransactionsProof.proof and is therefore attacker-controlled at the network boundary until...

6.5CVSS5.8AI score0.00318EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/02/03 9:12 p.m.5 views

CVE-2026-25150 Prototype Pollution via FormData Processing in Qwik City

Qwik is a performance focused javascript framework. Prior to version 1.19.0, a prototype pollution vulnerability exists in the formToObj function within @builder.io/qwik-city middleware. The function processes form field names with dot notation e.g., user.name to create nested objects, but fails ...

9.3CVSS5.4AI score0.00624EPSS
Exploits0References4
Rows per page
Query Builder