Lucene search
K

68 matches found

NVD
NVD
added 11 hours ago6 views

CVE-2026-49086

Improper Input Validation, Unintended Proxy or Intermediary 'Confused Deputy' vulnerability in Apache Camel DAPR component. The camel-dapr Dapr Pub/Sub consumer DaprPubSubConsumer copied two fields from each inbound CloudEvent - its Pub/Sub component name and its topic - into the...

6.5CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 12 hours ago3 views

CVE-2026-49086

Improper Input Validation, Unintended Proxy or Intermediary 'Confused Deputy' vulnerability in Apache Camel DAPR component. The camel-dapr Dapr Pub/Sub consumer DaprPubSubConsumer copied two fields from each inbound CloudEvent - its Pub/Sub component name and its topic - into the...

6AI score
Exploits0References2Affected Software1
CVE
CVE
added 12 hours ago6 views

CVE-2026-49086

Improper Input Validation, Unintended Proxy or Intermediary 'Confused Deputy' vulnerability in Apache Camel DAPR component. The camel-dapr Dapr Pub/Sub consumer DaprPubSubConsumer copied two fields from each inbound CloudEvent - its Pub/Sub component name and its topic - into the...

6AI score
Exploits0References2
Cvelist
Cvelist
added 2026/05/20 1:35 p.m.44 views

CVE-2026-47068 Cross-session PubSub topic injection via URL parameter in phoenix_storybook

Authorization Bypass Through User-Controlled Key vulnerability in phenixdigital phoenixstorybook allows cross-session PubSub topic injection via a URL query parameter. 'Elixir.PhoenixStorybook.Story.ComponentIframeLive':handleparams/3 in lib/phoenixstorybook/live/story/componentiframelive.ex read...

2.3CVSS0.00449EPSS
Exploits0References4
Fedora
Fedora
added 2026/05/18 1:24 a.m.20 views

[SECURITY] Fedora 42 Update: valkey-8.0.9-1.fc42

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

8.8CVSS5.8AI score0.02995EPSS
Exploits4
Fedora
Fedora
added 2026/05/18 12:59 a.m.24 views

[SECURITY] Fedora 43 Update: valkey-8.1.7-1.fc43

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

8.8CVSS5.8AI score0.02995EPSS
Exploits4
EUVD
EUVD
added 2026/04/10 8:18 p.m.4 views

EUVD-2026-21150

Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering...

3.1CVSS5.8AI score0.00127EPSS
Exploits0References4
NVD
NVD
added 2026/04/09 9:16 p.m.3 views

CVE-2026-40109

Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any...

3.1CVSS0.00127EPSS
Exploits0References3
CVE
CVE
added 2026/04/09 9:6 p.m.8 views

CVE-2026-40109

CVE-2026-40109 affects Flux notification-controller (GitOps Toolkit) prior to version 1.8.3. The vulnerability lies in the gcr Receiver type not validating the email claim of Google OIDC tokens used for Pub/Sub push authentication, allowing any valid Google-issued token to authenticate against th...

3.1CVSS5.9AI score0.00127EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:28 a.m.9 views

SUSE CVE-2026-24004

Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet's Android MDM Pub/Sub handling could allow unauthenticated requests to trigger device unenrollment events. This may result in unauthorized removal of individual Android devices from Fleet...

6.3CVSS6.1AI score0.00262EPSS
Exploits0References3
Fedora
Fedora
added 2026/03/07 12:33 a.m.8 views

[SECURITY] Fedora 44 Update: valkey-9.0.3-1.fc44

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

8.5CVSS5.8AI score0.00586EPSS
Exploits0
Fedora
Fedora
added 2026/03/05 1:13 a.m.5 views

[SECURITY] Fedora 42 Update: valkey-8.0.7-1.fc42

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

8.5CVSS6AI score0.00586EPSS
Exploits0
Fedora
Fedora
added 2026/03/05 12:57 a.m.4 views

[SECURITY] Fedora 43 Update: valkey-8.1.6-1.fc43

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

8.5CVSS6AI score0.00586EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/02/27 4:13 a.m.4 views

CVE-2026-24004

Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s Android MDM Pub/Sub handling could allow unauthenticated requests to trigger device unenrollment events. This may result in unauthorized removal of individual Android devices from Fleet...

6.3CVSS5.5AI score0.00262EPSS
Exploits0References1
OSV
OSV
added 2026/02/27 2:17 a.m.6 views

GO-2026-4563 Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint in github.com/fleetdm/fleet

Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint in github.com/fleetdm/fleet...

6.3CVSS5.8AI score0.00262EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/02/26 7:38 p.m.10 views

Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint

Summary A vulnerability in Fleet’s Android MDM Pub/Sub handling could allow unauthenticated requests to trigger device unenrollment events. This may result in unauthorized removal of individual Android devices from Fleet management. Impact If Android MDM is enabled, an attacker could send a craft...

6.3CVSS5.6AI score0.00262EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/02/26 7:38 p.m.4 views

GHSA-9PM7-6G36-6J78 Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint

Summary A vulnerability in Fleet’s Android MDM Pub/Sub handling could allow unauthenticated requests to trigger device unenrollment events. This may result in unauthorized removal of individual Android devices from Fleet management. Impact If Android MDM is enabled, an attacker could send a craft...

6.3CVSS5.7AI score0.00262EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/26 6:18 a.m.1 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the Pub/Sub endpoint. An attacker can cause unauthorized removal of Android devices from management by sending crafted unauthenticated requests. Remediation Upgrade...

6.9CVSS6AI score0.00262EPSS
Exploits0References2
NVD
NVD
added 2026/02/26 3:16 a.m.7 views

CVE-2026-24004

Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s Android MDM Pub/Sub handling could allow unauthenticated requests to trigger device unenrollment events. This may result in unauthorized removal of individual Android devices from Fleet...

6.3CVSS0.00262EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/26 2:43 a.m.21 views

CVE-2026-24004 Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint

Fleet is open source device management software. In versions prior to 4.80.1, a vulnerability in Fleet’s Android MDM Pub/Sub handling could allow unauthenticated requests to trigger device unenrollment events. This may result in unauthorized removal of individual Android devices from Fleet...

6.3CVSS0.00262EPSS
Exploits0References1
Rows per page
Query Builder