Lucene search
+L

8 matches found

EUVD
EUVD
added yesterday4 views

EUVD-2026-45293

IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 and IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 could allow an attacker with read-only privileges to make unauthorized...

6.5CVSS5.3AI score
Exploits0References1
NVD
NVD
added 2026/06/29 9:16 p.m.9 views

CVE-2026-41896

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the HMAC key is the application's manualwebhooksecretgithub field, which is used by Coolify's webhook endpoints to validate incoming requests, is nullable with no default —...

7.5CVSS0.00231EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/29 8:16 p.m.7 views

CVE-2026-41896

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the HMAC key is the application's manualwebhooksecretgithub field, which is used by Coolify's webhook endpoints to validate incoming requests, is nullable with no default —...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/09/12 11:43 a.m.6 views

BIT-KYVERNO-2025-29778 Kyverno ignores subjectRegExp and IssuerRegExp

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by...

8CVSS5.4AI score0.00317EPSS
Exploits1References6
Snyk
Snyk
added 2025/03/24 7:7 p.m.4 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the matchSignatures function in cosign.go, which does not check for subjectRegExp or issuerRegExp values during artifact signature verification. An attacker can deploy unauthorized...

8CVSS6.9AI score0.00317EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2025/03/24 7:7 p.m.20 views

Kyverno ignores subjectRegExp and IssuerRegExp

Summary Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by unexpected certificate. Details Kyverno checks only subject and issuer fields when verifying an...

8CVSS7.4AI score0.00317EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2021/08/23 7:34 p.m.28 views

CVE-2021-22253

Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously had the necessary access to trigger deployments to protected environments under specific conditions after the access has been removed...

4.9CVSS5.3AI score0.00818EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2021/08/23 7:34 p.m.46 views

CVE-2021-22253

Removed by vendor...

5.4CVSS6AI score0.00818EPSS
Exploits0
Rows per page
Query Builder