Lucene search
+L

55 matches found

nvd
nvd
added 2026/07/01 8:17 p.m.7 views

CVE-2026-14265

Deserialization of untrusted data in the RemoteQueryCachePlugin in Amazon Web Services AWS Advanced JDBC Wrapper 3.3.0 through 4.0.0 might allow an actor with write access to the shared cache infrastructure to execute arbitrary code on application servers that read cached query results via a...

8.8CVSS0.00416EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/06/05 7:32 p.m.15 views

CVE-2026-45773

Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14, Turborepo's self-hosted login and SSO browser flows did not validate a CSRF state value on the localhost callback. While the CLI was waiting for authentication, a malicious web page could send a...

6.5CVSS5.5AI score0.00124EPSS
Exploits0References1
snyk
snyk
added 2026/05/27 10:57 p.m.8 views

Directory Traversal

Overview compliance-trestle is a Tools to manage & autogenerate python objects representing the OSCAL layers/models Affected versions of this package are vulnerable to Directory Traversal through remote cache fetching. An attacker can write arbitrary files to locations outside the intended cache...

8.8CVSS6.3AI score0.00047EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/05/27 12:0 a.m.13 views

PT-2026-44160

Name of the Vulnerable Software and Affected Versions compliance-trestle version 4.0.2 Description The remote fetching cache mechanism in the HTTPSFetcher and SFTPFetcher classes fails to sanitize path traversal sequences ../ when constructing local cache file paths from URL path components. An...

7.1CVSS6.3AI score0.00047EPSS
Exploits0References9
nvd
nvd
added 2026/05/15 4:16 p.m.27 views

CVE-2026-45773

Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14, Turborepo's self-hosted login and SSO browser flows did not validate a CSRF state value on the localhost callback. While the CLI was waiting for authentication, a malicious web page could send a...

6.5CVSS0.00124EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/15 3:51 p.m.59 views

CVE-2026-45773 Turborepo: Login callback CSRF/session fixation

Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14, Turborepo's self-hosted login and SSO browser flows did not validate a CSRF state value on the localhost callback. While the CLI was waiting for authentication, a malicious web page could send a...

5.1CVSS0.00124EPSS
Exploits0References1
osv
osv
added 2026/04/27 9:38 a.m.2 views

CVE-2026-40858 Apache Camel: Camel-Infinispan: Unsafe Deserialization in Remote Aggregation Repository

The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using java.io.ObjectInputStream without applying any ObjectInputFilter. An attacker who can write to the Infinispan cache used by a Camel application can inject a...

8.8CVSS7.8AI score0.00711EPSS
Exploits2References9
susecve
susecve
added 2026/03/31 11:27 p.m.5 views

SUSE CVE-2026-34042

act is a project which allows for local running of github actions. Prior to version 0.2.86, act's built in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it including someone anywhere on the internet to create caches with arbitrary keys and...

8.2CVSS6.4AI score0.00459EPSS
Exploits0References5
osv
osv
added 2026/03/31 1:46 a.m.6 views

CVE-2026-34042 act: actions/cache server allows malicious cache injection

act is a project which allows for local running of github actions. Prior to version 0.2.86, act's built in actions/cache server listens to connections on all interfaces and allows anyone who can connect to it including someone anywhere on the internet to create caches with arbitrary keys and...

8.2CVSS6.4AI score0.00459EPSS
Exploits0References6
cve
cve
added 2026/03/31 1:46 a.m.42 views

CVE-2026-34042

act: The CVE-2026-34042 flaw in the act project’s actions/cache server lets connections from any interface create caches with arbitrary keys and read existing caches, potentially enabling arbitrary remote code execution inside the local Docker container. The issue stems from listening on all inte...

8.2CVSS6.4AI score0.00459EPSS
Exploits0References4
rosalinux
rosalinux
added 2026/02/16 12:24 p.m.13 views

Advisory ROSA-SA-2026-3203

Software: unbound 1.16.2 OS: ROSA Virtualization 2.1 unaffected versions = unbound-1.16.2-5.9.rv3 affected versions unbound-1.16.2-5.9.rv3 CVE-ID: CVE-2025-5994 BDU-ID: 2025-12600 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Unbound DNS server is related to the loading of external unreliable...

8.7CVSS6.5AI score0.00188EPSS
Exploits0
rosalinux
rosalinux
added 2026/02/16 7:27 a.m.8 views

Advisory ROSA-SA-2026-3165

Software: unbound 1.16.2 OS: ROSA Virtualization 3.1 unaffected versions = unbound-1.16.2-5.9.rv31 affected versions unbound-1.16.2-5.9.rv31 CVE-ID: CVE-2025-5994 BDU-ID: 2025-12600 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Unbound DNS server is related to the loading of external unreliabl...

8.7CVSS6.4AI score0.00188EPSS
Exploits0
fedora
fedora
added 2026/02/10 1:34 a.m.7 views

[SECURITY] Fedora 43 Update: rust-sccache-0.13.0-3.fc43

Sccache is a ccache-like tool. It is used as a compiler wrapper and avoids compilation when possible. Sccache has the capability to utilize caching in remote storage environments, including various cloud storage options, or alternatively, in local storage...

7.5CVSS5.6AI score0.00443EPSS
Exploits1
osv
osv
added 2025/11/07 12:30 p.m.9 views

OESA-2025-2632 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: SUNRPC: make sure cache entry active before cacheshow The function cshow was called with protection from RCU. This only ensures that cp will not be freed...

7.8CVSS7.6AI score0.00246EPSS
Exploits0References10
euvd
euvd
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-17809

Malicious code in bioql PyPI...

9.4CVSS6.6AI score0.00192EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/06/12 8:22 p.m.9 views

CVE-2025-36852

A critical security vulnerability exists in remote cache extensions for common build systems utilizing bucket-based remote cache such as those using Amazon S3, Google Cloud Storage, or similar object storage that allows any contributor with pull request privileges to inject compromised artifacts...

9.4CVSS6.6AI score0.00192EPSS
Exploits0References1
osv
osv
added 2025/06/10 9:31 p.m.4 views

GHSA-RRR2-JCR8-7Q3X @nx/azure-cache Vulnerable to Build Cache Poisoning via Untrusted Pull Requests

A critical security vulnerability exists in remote cache extensions for common build systems utilizing bucket-based remote cache such as those using Amazon S3, Google Cloud Storage, or similar object storage that allows any contributor with pull request privileges to inject compromised artifacts...

9.4CVSS7AI score0.00192EPSS
Exploits0References5
github
github
added 2025/06/10 9:31 p.m.6 views

@nx/azure-cache Vulnerable to Build Cache Poisoning via Untrusted Pull Requests

A critical security vulnerability exists in remote cache extensions for common build systems utilizing bucket-based remote cache such as those using Amazon S3, Google Cloud Storage, or similar object storage that allows any contributor with pull request privileges to inject compromised artifacts...

9.4CVSS7AI score0.00192EPSS
Exploits0References5Affected Software1
nvd
nvd
added 2025/06/10 8:15 p.m.15 views

CVE-2025-36852

A critical security vulnerability exists in remote cache extensions for common build systems utilizing bucket-based remote cache such as those using Amazon S3, Google Cloud Storage, or similar object storage that allows any contributor with pull request privileges to inject compromised artifacts...

9.4CVSS0.00192EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/06/10 7:23 p.m.5 views

CVE-2025-36852 Build Cache Poisoning via Untrusted Pull Requests

A critical security vulnerability exists in remote cache extensions for common build systems utilizing bucket-based remote cache such as those using Amazon S3, Google Cloud Storage, or similar object storage that allows any contributor with pull request privileges to inject compromised artifacts...

9.4CVSS6.6AI score0.00192EPSS
Exploits0References1
Rows per page
Query Builder