Lucene search
K

2363 matches found

ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-10055

In Eclipse Theia since version 1.26.0, the backend /services/request-service RPC accepts an attacker-controlled URL from any client connected to the standard /services messaging endpoint, performs the HTTP request server-side, and returns the full response body to the caller. Because the...

8.5CVSS6AI score
Exploits0References3Affected Software1
NVD
NVD
added 2 days ago7 views

CVE-2026-44935

Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants...

9.9CVSS0.00572EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-44935

Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants...

9.9CVSS5.8AI score0.00572EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2 days ago9 views

CVE-2026-44935

The vulnerability (CVE-2026-44935) affects SUSE Rancher Fleet’s Helm Deployer where missing validation of valuesFrom references enables cross-tenant access to fleet credentials stored in secrets/config maps on downstream clusters. Affected versions include Fleet 0.15.x before 0.15.2, 0.14.x befor...

9.9CVSS5.8AI score0.00572EPSS
Exploits0References1
NVD
NVD
added 2 days ago7 views

CVE-2026-58653

PraisonAI before 0.1.7 fails to validate that projectid in issue create and update request bodies belongs to the URL workspace. An attacker can create issues referencing projects from other workspaces, causing cross-tenant data pollution in project statistics aggregation without workspace...

5.3CVSS0.00158EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-41367

PraisonAI before 0.1.7 fails to validate that projectid in issue create and update request bodies belongs to the URL workspace. An attacker can create issues referencing projects from other workspaces, causing cross-tenant data pollution in project statistics aggregation without workspace...

5.3CVSS5.8AI score0.00158EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-58653

PraisonAI before 0.1.7 fails to validate that projectid in issue create and update request bodies belongs to the URL workspace. An attacker can create issues referencing projects from other workspaces, causing cross-tenant data pollution in project statistics aggregation without workspace...

5.3CVSS5.8AI score0.00158EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-41210

A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to...

9.4CVSS6.5AI score0.00601EPSS
Exploits0References2
NVD
NVD
added 3 days ago6 views

CVE-2026-14439

A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to...

9.4CVSS0.00601EPSS
Exploits0References1
CVE
CVE
added 3 days ago10 views

CVE-2026-14439

CVE-2026-14439 describes a path-traversal in the Git Service shared by Altium Enterprise Server and Altium 365. The vulnerability arises from a post-clone file-manipulation primitive that accepts user-supplied paths without validation, enabling an authenticated user with basic git access to move ...

9.4CVSS6.5AI score0.00601EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago21 views

CVE-2026-14439 Path Traversal in Altium Git Service Allows Remote Code Execution

A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to...

9.4CVSS0.00601EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago3 views

CVE-2026-14439

A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to...

9.4CVSS6.5AI score0.00601EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 3 days ago3 views

foreman: Foreman: Information disclosure via improper validation of nested request parameters

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.7AI score0.00247EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 3 days ago4 views

foreman: foreman: Cross-tenant private SSH key disclosure via taxonomy scoping bypass

A flaw was found in foreman. Authenticated users with 'viewkeypairs' permission can bypass taxonomy scoping, allowing them to download private SSH Secure Shell keys from other organizations by directly querying key pair IDs. This vulnerability leads to cross-tenant data exposure in multi-tenant...

6.5CVSS5.7AI score0.0027EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 3 days ago5 views

foreman: Foreman: Information disclosure via improper validation of nested request parameters

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.7AI score0.00247EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 3 days ago5 views

foreman: foreman: Cross-tenant private SSH key disclosure via taxonomy scoping bypass

A flaw was found in foreman. Authenticated users with 'viewkeypairs' permission can bypass taxonomy scoping, allowing them to download private SSH Secure Shell keys from other organizations by directly querying key pair IDs. This vulnerability leads to cross-tenant data exposure in multi-tenant...

6.5CVSS5.7AI score0.0027EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 3 days ago6 views

Important: Red Hat Security Advisory: Satellite 6.18.7 Async Update

A new release is now available for Red Hat Satellite 6.18 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

8.8CVSS6.8AI score0.00671EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 3 days ago6 views

foreman: foreman: Cross-tenant private SSH key disclosure via taxonomy scoping bypass

A flaw was found in foreman. Authenticated users with 'viewkeypairs' permission can bypass taxonomy scoping, allowing them to download private SSH Secure Shell keys from other organizations by directly querying key pair IDs. This vulnerability leads to cross-tenant data exposure in multi-tenant...

6.5CVSS5.7AI score0.0027EPSS
Exploits0References4
NVD
NVD
added 3 days ago7 views

CVE-2026-5142

A flaw was found in foreman. Authenticated users with 'viewkeypairs' permission can bypass taxonomy scoping, allowing them to download private SSH Secure Shell keys from other organizations by directly querying key pair IDs. This vulnerability leads to cross-tenant data exposure in multi-tenant...

6.5CVSS0.0027EPSS
Exploits0References6
NVD
NVD
added 3 days ago6 views

CVE-2026-5138

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS0.00247EPSS
Exploits0References6
Rows per page
Query Builder