88 matches found
CVE-2026-45178 Idira Secrets Manager Self-Hosted: Improper Access Control in Internal Cluster Endpoints
Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could leverage these endpoints to potentially retrieve unauthorized secrets or cause a denial ...
PT-2026-48704
Name of the Vulnerable Software and Affected Versions Idira Secrets Manager Self-Hosted versions 13.8.0 and earlier Description Improper access control exists within internal cluster endpoints. A remote, authenticated attacker with standard node-level credentials can exploit these endpoints to...
PT-2026-48703
Name of the Vulnerable Software and Affected Versions Idira Secrets Manager SaaS Edge versions prior to 1.8 Description Improper access control within internal authentication components allows a remote, unauthenticated attacker to submit a specially crafted request. This can lead to the...
CyberArk Idira Secrets Manager SaaS Edge 访问控制错误漏洞
CyberArk Idira Secrets Manager SaaS Edge is a distributed confidential access node component offered by the American company CyberArk. Versions of CyberArk Idira Secrets Manager SaaS Edge prior to version 1.8 contained an access control vulnerability. This vulnerability stemmed from improper acce...
CyberArk Idira Secrets Manager Self-Hosted 访问控制错误漏洞
CyberArk Idira Secrets Manager Self-Hosted is an enterprise-level confidential information management platform developed by the CyberArk company. Versions of CyberArk Idira Secrets Manager Self-Hosted prior to 13.8.0 contained a access control vulnerability. This vulnerability stemmed from improp...
CVE-2026-42526
In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...
CVE-2026-40981
A flaw was found in Spring Cloud Config. When utilizing Google Secrets Manager as a backend, a remote client can craft a specific request to the config server. This action may lead to the unintended exposure of secrets from other Google Cloud Platform GCP projects, resulting in sensitive...
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit
An unknown threat actor has been observed using a large language model LLM agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability. "The attacker compromised an...
Insertion of Sensitive Information Into Sent Data
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the TESTCONNECTION workflow for a Database Service. An attacker can obtain sensitive credentials and authentication tokens by triggering the workflow and inspecting the HTTP response...
PT-2026-42613
This is not applicable if an application is configuring the Secrets Store to store credentials. Please make sure to follow the best practices when deploying in production In OpenMetadata 1.12.1, a non-admin SSO user can trigger a TEST CONNECTION workflow for a Database Service and receive, in the...
GHSA-G9QC-QF28-HHQX Apache Airflow Amazon provider: Prevent unauthorized access to team-scoped secrets in AWS Secrets Manager and SSM Parameter Store backends
In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...
PYSEC-2026-595
In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...
CVE-2026-42526
In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...
CVE-2026-42526
The CVE-2026-42526 vulnerability affects apache-airflow-providers-amazon backends for AWS Secrets Manager and SSM Parameter Store prior to 9.28.0. The team-scoping logic could resolve a conn_id containing a slash (for example a_team/conn) to the same path as another team’s secret when the caller ...
CVE-2026-42526 Apache Airflow Amazon provider: Prevent unauthorized access to team-scoped secrets in AWS Secrets Manager and SSM Parameter Store backends
In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...
CVE-2026-42526 Apache Airflow Amazon provider: Prevent unauthorized access to team-scoped secrets in AWS Secrets Manager and SSM Parameter Store backends
In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...
EUVD-2026-30974
In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...
PT-2026-42004
Name of the Vulnerable Software and Affected Versions apache-airflow-providers-amazon versions prior to 9.28.0 Description In the AWS Secrets Manager and SSM Parameter Store secrets backends, the team-scoping logic could resolve a conn id containing a / for example, "my team/conn" to the same pat...
Information Exposure
Spring Cloud Config is vulnerable to Information Exposure. The vulnerability is due to improper validation of requests when using Google Secrets Manager as a backend, which allows an attacker to craft requests that expose secrets from unintended GCP projects...
GHSA-2MH5-3CW6-HRRQ Spring Cloud Config has an Authorization Bypass Through User-Controlled Key
When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater...