Lucene search
K

2024 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/21 12:0 a.m.16 views

F5 Networks BIG-IP : iControl REST and tmsh vulnerability (K000160788)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4 / 21.0.0.1. It is, therefore, affected by a vulnerability as referenced in the K000160788 advisory. When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS...

8.7CVSS5.9AI score0.00235EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/20 5:43 p.m.18 views

EUVD-2026-31142

NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cryptographic identifiers across all similarly provisioned systems enables host impersonation or...

8.1CVSS5.8AI score0.00586EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/20 5:43 p.m.10 views

CVE-2026-24218

NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cryptographic identifiers across all similarly provisioned systems enables host impersonation or...

8.1CVSS5.8AI score0.00586EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/20 5:43 p.m.11 views

CVE-2026-24218

NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cryptographic identifiers across all similarly provisioned systems enables host impersonation or...

8.1CVSS5.8AI score0.00586EPSS
Exploits0References4
CVE
CVE
added 2026/05/20 5:43 p.m.88 views

CVE-2026-24218

CVE-2026-24218 affects NVIDIA DGX OS. The vulnerability arises during factory provisioning: cloning a base image deploys identical SSH host keys across multiple systems, enabling host impersonation or attacker-in-the-middle attacks. Consequences listed include potential code execution, data tampe...

8.1CVSS5.8AI score0.00586EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.15 views

PT-2026-42219

NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cryptographic identifiers across all similarly provisioned systems enables host impersonation or...

8.1CVSS5.8AI score0.00586EPSS
Exploits0References3
Fedora
Fedora
added 2026/05/19 1:33 a.m.14 views

[SECURITY] Fedora 43 Update: mod_md-2.6.11-2.fc43

This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. Certificates will be configured for managed domains and their virtual hosts automatically, including at renewal...

7.3CVSS5.8AI score0.00628EPSS
Exploits0
Fedora
Fedora
added 2026/05/19 1:7 a.m.15 views

[SECURITY] Fedora 44 Update: mod_md-2.6.11-2.fc44

This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. Certificates will be configured for managed domains and their virtual hosts automatically, including at renewal...

7.3CVSS5.8AI score0.00628EPSS
Exploits0
NVD
NVD
added 2026/05/13 4:16 p.m.20 views

CVE-2026-28758

When BIG-IP DNS is provisioned, a vulnerability exists in the gtmadd and bigipadd iControl REST commands that return the ssh-password parameter in cleartext in the iControl REST response and is also logged in the audit log. This may allow a highly privileged, authenticated attacker with access to...

6.7CVSS0.00083EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 2:12 p.m.7 views

CVE-2026-28758 BIG-IP iControl REST vulnerability

When BIG-IP DNS is provisioned, a vulnerability exists in the gtmadd and bigipadd iControl REST commands that return the ssh-password parameter in cleartext in the iControl REST response and is also logged in the audit log. This may allow a highly privileged, authenticated attacker with access to...

6.7CVSS5.8AI score0.00083EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.6 views

PT-2026-36046

Name of the Vulnerable Software and Affected Versions Wireshark versions 4.6.0 through 4.6.4 Wireshark versions 4.4.0 through 4.4.14 Description A crash in the ICMPv6 PvD protocol dissector allows for a denial of service. A dissector is a software component that breaks down network packets into a...

8.8CVSS5.8AI score0.0039EPSS
Exploits43References50
vulnersOsv
vulnersOsv
added 2026/04/27 12:30 p.m.8 views

ai.h2o:sparkling-water-core_2.11 (>=3.46.0.1-1-2.3 <=3.46.0.6-1-2.4), ai.h2o:sparkling-water-core_2.12 (>=3.46.0.1-1-3.0 <=3.46.0.6-1-3.5) +762 more potentially affected by CVE-2026-41409 via org.apache.mina:mina-core (>=2.2.0 <=2.2.5)

org.apache.mina:mina-core MAVEN version =2.2.0, =3.46.0.1-1-2.3, =3.46.0.1-1-3.0, =3.46.0.1-1-2.3, =3.46.0.1-1-3.0, =3.46.0.1-1-2.3, =3.46.0.1-1-3.0, =3.46.0.1-1-2.3, =3.46.0.1-1-3.0, =1.5.4.RELEASE, =0.0.2, =3.0.0, =1.0.9, =1.6.9, =1.2.5, =1.1.7, =1.2.8 and more Source cves: CVE-2026-41409 Sourc...

9.8CVSS6.7AI score0.00451EPSS
Exploits0
Fedora
Fedora
added 2026/04/25 1:52 a.m.4 views

[SECURITY] Fedora 44 Update: openbao-2.5.2-1.fc44

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

9.6CVSS6AI score0.00411EPSS
Exploits0
Snyk
Snyk
added 2026/04/23 3:7 p.m.4 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the /agents/:id update endpoint and adapterConfig.workspaceStrategy.provisionCommand. An attacker can execute arbitrary OS commands by updating their agent’s configuration with a crafted provisionCommand, which is...

8.8CVSS6AI score0.00591EPSS
Exploits1References2
NVD
NVD
added 2026/04/23 2:16 a.m.9 views

CVE-2026-41208

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @paperclipai/server prior to 2026.416.0 contain a privilege escalation vulnerability that allows an attacker with an Agent API key to execute arbitrary OS commands on the Paperclip serv...

8.8CVSS0.00591EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/23 12:47 a.m.2 views

CVE-2026-41208 Paperclip: Privilege Escalation via Agent-Controlled workspaceStrategy.provisionCommand Leading to OS Command Execution

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @paperclipai/server prior to 2026.416.0 contain a privilege escalation vulnerability that allows an attacker with an Agent API key to execute arbitrary OS commands on the Paperclip serv...

8.8CVSS6.8AI score0.00591EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/23 12:47 a.m.4 views

CVE-2026-41208

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @paperclipai/server prior to 2026.416.0 contain a privilege escalation vulnerability that allows an attacker with an Agent API key to execute arbitrary OS commands on the Paperclip serv...

8.8CVSS6.8AI score0.00591EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/04/23 12:47 a.m.8 views

EUVD-2026-25162

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @paperclipai/server prior to 2026.416.0 contain a privilege escalation vulnerability that allows an attacker with an Agent API key to execute arbitrary OS commands on the Paperclip serv...

8.8CVSS6.8AI score0.00591EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.7 views

PT-2026-34600

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @paperclipai/server prior to 2026.416.0 contain a privilege escalation vulnerability that allows an attacker with an Agent API key to execute arbitrary OS commands on the Paperclip serv...

8.8CVSS6.8AI score0.00591EPSS
Exploits1References2
Securelist
Securelist
added 2026/04/20 9:1 a.m.7 views

FakeWallet crypto stealer spreading through iOS apps in the App Store

In March 2026, we uncovered more than twenty phishing apps in the Apple App Store masquerading as popular crypto wallets. Once launched, these apps redirect users to browser pages designed to look similar to the App Store and distributing trojanized versions of legitimate wallets. The infected ap...

5.8AI score
Exploits0
Rows per page
Query Builder