Lucene search
K

1687 matches found

Wolfi
Wolfi
added 2026/04/11 2:51 a.m.9 views

GHSA-7MR4-XJXG-34G6 vulnerabilities

Vulnerabilities for packages: tkn, argo-events, external-secrets-operator, apko, dataplaneapi, gcsfuse, k3s, argocd-image-updater, otel-cli, pulumi-language-java, rancher, yunikorn-k8shim, k8s-device-plugin, swagger, goreleaser, terraform-provider-tls, certificate-transparency, helm-set-status,...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/10 8:18 p.m.7 views

Step CA affected by an index out of bounds panic in TPM attestation EKU validation

Summary An attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension during TPM device attestation. Details When processing a device-attest-01 ACME challenge using TPM attestation, Step CA...

3.7CVSS5.9AI score0.00181EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/10 8:18 p.m.4 views

GHSA-9QQ8-CGCV-QMC9 Step CA affected by an index out of bounds panic in TPM attestation EKU validation

Summary An attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension during TPM device attestation. Details When processing a device-attest-01 ACME challenge using TPM attestation, Step CA...

3.7CVSS5.9AI score0.00181EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/10 7:23 p.m.2 views

CVE-2026-39569

Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 12 Step Meeting List: from n/a through = 3.19.9...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References1
NVD
NVD
added 2026/04/10 5:17 p.m.11 views

CVE-2026-40097

Step CA is an online certificate authority for secure, automated certificate management for DevOps. From 0.24.0 to before 0.30.0-rc3, an attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension...

3.7CVSS0.00181EPSS
Exploits0References4
CVE
CVE
added 2026/04/10 4:34 p.m.15 views

CVE-2026-40097

CVE-2026-40097 affects Step CA (online CA for secure, automated certificate management). From version 0.24.0 up to before 0.30.0-rc3, an attacker can trigger an index-out-of-bounds panic during TPM device attestation by sending a crafted attestation key certificate with an empty EKU extension. Sp...

3.7CVSS5.9AI score0.00181EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/10 4:34 p.m.3 views

CVE-2026-40097 Step CA affected by an index out of bounds panic in TPM attestation EKU validation

Step CA is an online certificate authority for secure, automated certificate management for DevOps. From 0.24.0 to before 0.30.0-rc3, an attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension...

3.7CVSS5.9AI score0.00181EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/10 4:34 p.m.6 views

CVE-2026-40097

Step CA is an online certificate authority for secure, automated certificate management for DevOps. From 0.24.0 to before 0.30.0-rc3, an attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension...

3.7CVSS5.9AI score0.00181EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.3 views

PT-2026-31991

Name of the Vulnerable Software and Affected Versions Step CA versions 0.24.0 through 0.30.0-rc3 Description An attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension during TPM device...

3.7CVSS5.9AI score0.00181EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.6 views

Smallstep step-ca 输入验证错误漏洞

Smallstep step-ca is an online certificate authority for DevOps security and automated certificate management provided by the Smallstep company in the United States. Versions of Smallstep step-ca prior to 0.30.0-rc3 contained a vulnerability related to input validation errors. This vulnerability...

3.7CVSS5.8AI score0.00181EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/08 9:31 a.m.6 views

EUVD-2026-20217

Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Retrieve Embedded Sensitive Data.This issue affects 12 Step Meeting List: from n/a through = 3.19.9...

5.9AI score0.0024EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/08 9:31 a.m.3 views

EUVD-2026-20215

Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 12 Step Meeting List: from n/a through = 3.19.9...

5.9AI score0.0027EPSS
Exploits0References2
NVD
NVD
added 2026/04/08 9:16 a.m.3 views

CVE-2026-39570

Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Retrieve Embedded Sensitive Data.This issue affects 12 Step Meeting List: from n/a through = 3.19.9...

5.3CVSS0.0024EPSS
Exploits0References1
NVD
NVD
added 2026/04/08 9:16 a.m.7 views

CVE-2026-39569

Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 12 Step Meeting List: from n/a through = 3.19.9...

6.5CVSS0.0027EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 8:30 a.m.28 views

CVE-2026-39570 WordPress 12 Step Meeting List plugin <= 3.19.9 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Retrieve Embedded Sensitive Data.This issue affects 12 Step Meeting List: from n/a through = 3.19.9...

5.3CVSS0.0024EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:30 a.m.2 views

CVE-2026-39570

Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Retrieve Embedded Sensitive Data.This issue affects 12 Step Meeting List: from n/a through = 3.19.9...

5.9AI score0.0024EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/08 8:30 a.m.1 views

CVE-2026-39570 WordPress 12 Step Meeting List plugin <= 3.19.9 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Retrieve Embedded Sensitive Data.This issue affects 12 Step Meeting List: from n/a through = 3.19.9...

5.8AI score0.0024EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 8:30 a.m.13 views

CVE-2026-39570

CVE-2026-39570 affects the WordPress plugin 12-Step Meeting List (versions ≤ 3.19.9). The issue is described as Insertion of Sensitive Information Into Sent Data, allowing retrieval of embedded sensitive data from 12-step-meeting-list. Concrete details provided in connected sources indicate affec...

5.3CVSS5.9AI score0.0024EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 8:30 a.m.2 views

CVE-2026-39569 WordPress 12 Step Meeting List plugin <= 3.19.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 12 Step Meeting List: from n/a through = 3.19.9...

6.5CVSS5.8AI score0.0027EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:30 a.m.3 views

CVE-2026-39569

Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 12 Step Meeting List: from n/a through = 3.19.9...

5.9AI score0.0027EPSS
Exploits0References2
Rows per page
Query Builder