Lucene search
+L

12 matches found

EUVD
EUVD
added 2026/07/07 2:56 a.m.5 views

EUVD-2026-41982

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, log drain secret and environment values were interpolated into shell commands without sufficient encoding, allowing an authenticated user to inject commands executed on the...

8.8CVSS6AI score0.0034EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 1:38 p.m.19 views

CVE-2026-6673

Mattermost Jira plugin (CVE-2026-6673) authenticates poorly during Atlassian Connect install. Affected Mattermost versions (11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x

6.4CVSS6AI score0.00177EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/22 1:38 p.m.2 views

CVE-2026-6673 Mattermost Jira plugin had unauthenticated {{/ac/installed}} lifecycle callback during pending Jira Cloud install

Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 fail to authenticate Atlassian Connect installed callbacks, allowing a remote unauthenticated attacker to inject a rogue sharedSecret and disrupt the Jira integration via POST to /ac/installed during the...

6.4CVSS6AI score0.00177EPSS
Exploits0References3
NVD
NVD
added 2026/05/11 8:25 p.m.27 views

CVE-2026-42876

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.1, a user who only has permission to create ExternalSecret resources can cause the operator to create a Secret that Kubernetes will automatically populat...

4.9CVSS0.00214EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/19 12:0 a.m.4 views

openSUSE 16 Security Update : docker (openSUSE-SU-2026:20057-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20057-1 advisory. Changes in docker: - Update to Docker 28.5.1-ce. See upstream changelog online at - Update to Docker 28.5.0-ce. See upstream changelog online at - Updat...

5.1CVSS6.1AI score0.00215EPSS
Exploits0References6
SUSE Linux
SUSE Linux
added 2025/10/11 1:21 a.m.6 views

Security update for docker-stable

This update for docker-stable fixes the following issues: Note this update contains a already fixed references mostly. Remove git-core recommends on SLE to avoid pulling it in unnecessary. bsc1250508 This feature is mostly intended for developers "docker build git://" so most users already have t...

9.9CVSS8.4AI score0.66252EPSS
Exploits14References488
OSV
OSV
added 2025/09/10 4:9 p.m.6 views

SUSE-SU-2025:20743-1 Security update for docker

This update for docker fixes the following issues: Update to docker-buildx v0.28.0. See upstream changelog: Update to Docker 28.4.0-ce. See upstream changelog: - Update warnings and errors related to "docker buildx ..." so that they reference our openSUSE docker-buildx packages. - Enable building...

5.1CVSS6.7AI score0.00215EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/03/14 9:17 p.m.27 views

Insecure Variable Substitution in Vela

Impact Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string manipulation — can bypass log masking and expose secrets without the use of the commands block...

7.7CVSS7.3AI score0.00716EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2024/03/12 12:0 a.m.4 views

Vela Security Breach

Github Vela is an application open-sourced by Github in the United States. It provides an automation framework. A security vulnerability exists in Vela 0.23.1 and earlier versions, which stems from a vulnerability that allows an attacker to replace variables to bypass log masking and inject secre...

7.7CVSS6.7AI score0.00716EPSS
Exploits0References4
OSV
OSV
added 2022/09/28 10:15 p.m.8 views

UBUNTU-CVE-2022-39264

nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect against this issue. As a workaround, one may apply th...

8.6CVSS5.8AI score0.00641EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/09/28 12:0 a.m.4 views

PT-2022-24854 · Nheko · Nheko

Name of the Vulnerable Software and Affected Versions: nheko versions prior to 0.10.2 Description: nheko is a desktop client for the Matrix communication application. The issue allows homeservers to insert malicious secrets, which could lead to man-in-the-middle attacks. Recommendations: For...

8.6CVSS6.6AI score0.00641EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2021/11/15 5:35 p.m.27 views

Privilege escalation to cluster admin on multi-tenant environments

Users that can create Kubernetes Secrets, Service Accounts and Flux Kustomization objects, could execute commands inside the kustomize-controller container by embedding a shell script in a Kubernetes Secret. This can be used to run kubectl commands under the Service Account of kustomize-controlle...

9CVSS1.9AI score0.01766EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder