291 matches found
Migration Planner UI SQL注入漏洞
The Migration Planner UI is an open-source migration planning front-end tool developed by KubeV2V. The Migration Planner UI has a SQL injection vulnerability. This vulnerability arises when a remotely authenticated attacker uploads a specially crafted RVTools .xlsx file. Due to improper input...
CVE-2026-39910
STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT...
CVE-2026-39910
STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT...
EUVD-2026-35128
STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT...
CVE-2026-39910
STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT...
CVE-2026-39910 STACKIT IaaS API Privilege Escalation via Service Account Attachment
STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT...
STACKIT IaaS API 安全漏洞
THE STACKIT IaaS API is a cloud infrastructure management interface provided by the German company STACKIT. There is a security vulnerability in THE STACKIT IaaS API. This vulnerability stems from the lack of authorization checks, which may allow authenticated, low-privilege attackers to elevate...
PT-2026-47345
Name of the Vulnerable Software and Affected Versions STACKIT IaaS API affected versions not specified Description A missing authorization check allows authenticated, low-privileged attackers to escalate privileges to full organization compromise. By exploiting the unvalidated 'PUT servers...
CVE-2026-49385
In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts...
CVE-2026-42876
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.1, a user who only has permission to create ExternalSecret resources can cause the operator to create a Secret that Kubernetes will automatically populat...
CVE-2026-42296
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod...
Malicious code in @redhat-cloud-services/tsc-transform-imports (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
Malicious code in @redhat-cloud-services/compliance-client (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
MAL-2026-5143 Malicious code in @redhat-cloud-services/javascript-clients-shared (npm)
Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...
CVE-2026-49385
In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts...
CVE-2026-49385
In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts...
CVE-2026-49385
In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts...
CVE-2026-49385
In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts...
CVE-2026-49385
JetBrains YouTrack is affected by CVE-2026-49385 in versions before 2026.1.13570, due to improper access control that allows low-privileged users to modify service accounts. The exposed component is YouTrack’s service account management, with an underlying cause described as access control failur...
EUVD-2026-33393
In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts...