3176 matches found
GHSA-89GR-R52H-F8RX vulnerabilities
Vulnerabilities for packages: vitess, crossplane-provider-azure-network, eksctl, crossplane-provider-azure-purview, ollama-fips, prometheus-podman-exporter-fips, flux-operator-fips, witness, elastic-agent-fips, drone, crossplane-provider-azure-storagesync, frankenphp-8.3, cert-manager, packer-fip...
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: vitess, crossplane-provider-azure-network, eksctl, crossplane-provider-azure-purview, ollama-fips, prometheus-podman-exporter-fips, flux-operator-fips, witness, elastic-agent-fips, drone, crossplane-provider-azure-storagesync, frankenphp-8.3, cert-manager, packer-fip...
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: tflint, mattermost, osv-scanner, k8sgpt, flux-source-controller, vitess, splunk-otel-collector, k3s, crossplane-provider-family-azure, kyverno, age, eksctl, rancher-machine, step-issuer, teleport, apko, gomplate, cert-manager, zarf, spire-server, buildkitd, zot, ksop...
CVE-2026-11807
A missing authorization vulnerability was found in the Event-Driven Ansible EDA websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker messages. Any authenticated user can send a forged message with an arbitrary activationid to receive...
EUVD-2026-38598
A missing authorization vulnerability was found in the Event-Driven Ansible EDA websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker messages. Any authenticated user can send a forged message with an arbitrary activationid to receive...
CVE-2026-11807
CVE-2026-11807 affects Event-Driven Ansible (EDA) websocket API. The /api/eda/ws/ansible-rulebook endpoint fails to verify permissions when processing Worker messages, permitting any authenticated user to forge a message with an arbitrary activation_id and access plaintext credentials tied to tha...
Astra Linux – Vulnerability in Ansible
A flaw was discovered in Ansible Engine, affecting versions 2.7.x before 2.7.17, 2.8.x before 2.8.11, 2.9.x before 2.9.7, as well as Ansible Tower in versions 3.4.5, 3.5.5, and 3.6.3. This issue occurs when using modules that decrypt vault files, such as assemble, script, unarchive, wincopy, awss...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: thermal/int340xthermal: handles datavault when the value is ZEROSIZEPTR. In some cases, GDDV returns a packet with a buffer of zero length. This causes kmemdup to return ZEROSIZEPTR 0x10. As a result, datavaultread encounters a...
Astra Linux – Vulnerability in Ansible
A flaw was discovered in Ansible Engine when using Ansible Vault to edit encrypted files. When a user executes “ansible-vault edit”, another user on the same computer can read the old and new secrets. This occurs because the secrets are created in a temporary file using mkstemp, and after the fil...
EUVD-2026-37202
Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to enumerate social login entry metadata to which they are not authorized via a crafted API request...
CVE-2026-12117
Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to enumerate social login entry metadata to which they are not authorized via a crafted API request...
CVE-2026-12117
Improper access control in the social login connection endpoint in Devolutions Server 2026.2.5 allows an authenticated vault member to enumerate social login entry metadata to which they are not authorized via a crafted API request...
CVE-2026-12117
CVE-2026-12117 affects Devolutions Server 2026.2.5: improper access control in the social login connection endpoint allows an authenticated vault member to enumerate social login entry metadata they are not authorized to access via a crafted API request. CVSSv3.1 base score is 4.3 (Medium). The p...
Malicious code in vault-strategies (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b7037d9efc65a0885cc000a92c46ea9bed2097d02c8fb2883ceaa3eb2fd5eeb On npm install, the package's preinstall hook preinstall: node postinstall.js || true executes postinstall.js, which enumerates process.env and filte...
MAL-2026-5783 Malicious code in vault-strategies (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6b7037d9efc65a0885cc000a92c46ea9bed2097d02c8fb2883ceaa3eb2fd5eeb On npm install, the package's preinstall hook preinstall: node postinstall.js || true executes postinstall.js, which enumerates process.env and filte...
CVE-2026-45169
Idira Privileged Access Manager PAM Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenarios, processing unexpected input could potentially lead to an unexpected service termination, resulti...
CVE-2026-45169 Idira Privileged Access Manager (PAM) Self-Hosted Vault: Denial of Service due to Unexpected Input Processing
Idira Privileged Access Manager PAM Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenarios, processing unexpected input could potentially lead to an unexpected service termination, resulti...
CVE-2026-45169
Idira Privileged Access Manager (PAM) Self-Hosted Vault is affected in versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8. The issue is a validation vulnerability where processing unexpected input under certain configurations can cause an unexpected service termination, leading to a localized D...
CVE-2026-45169 Idira Privileged Access Manager (PAM) Self-Hosted Vault: Denial of Service due to Unexpected Input Processing
Idira Privileged Access Manager PAM Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenarios, processing unexpected input could potentially lead to an unexpected service termination, resulti...
EUVD-2026-36385
Idira Privileged Access Manager PAM Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenarios, processing unexpected input could potentially lead to an unexpected service termination, resulti...