Lucene search
+L

43 matches found

nvd
nvd
added 2026/06/22 2:17 p.m.14 views

CVE-2026-54099

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A...

8.8CVSS0.00075EPSS
Exploits0References3
nvd
nvd
added 2026/06/22 2:17 p.m.12 views

CVE-2026-54100

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH session can capture...

8.3CVSS0.00181EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/06/22 12:46 p.m.2 views

CVE-2026-54100

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH session can capture...

8.3CVSS5.9AI score0.00181EPSS
Exploits0References3
cve
cve
added 2026/06/22 12:46 p.m.18 views

CVE-2026-54100

CVE-2026-54100 affects the Windows Machine Config Operator (WMCO) used with Red Hat OpenShift Container Platform. The flaw is that WMCO establishes SSH connections to Windows worker nodes without verifying the remote host key, enabling an adjacent-network attacker who can intercept or redirect WM...

8.3CVSS5.9AI score0.00181EPSS
Exploits0References3Affected Software2
vulnrichment
vulnrichment
added 2026/06/22 12:46 p.m.6 views

CVE-2026-54100 Windows-machine-config-operator: windows-machine-config-operator: ssh host key not verified enables credential theft

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH session can capture...

8.3CVSS5.9AI score0.00181EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/22 12:46 p.m.46 views

CVE-2026-54100 Windows-machine-config-operator: windows-machine-config-operator: ssh host key not verified enables credential theft

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH session can capture...

8.3CVSS0.00181EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/22 12:46 p.m.37 views

CVE-2026-54099 Windows-machine-config-operator: windows-machine-config-operator: wicd csr extra-organization allows privilege escalation to system:masters

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A...

8.8CVSS0.00075EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/22 12:46 p.m.11 views

CVE-2026-54099 Windows-machine-config-operator: windows-machine-config-operator: wicd csr extra-organization allows privilege escalation to system:masters

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A...

8.8CVSS5.8AI score0.00075EPSS
Exploits0References2
cve
cve
added 2026/06/22 12:46 p.m.17 views

CVE-2026-54099

The CVE-2026-54099 entry describes a vulnerability in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift. The WICD CSR auto-approver only checks that a CSR’s organization includes system:wicd-nodes and does not reject extra organization values such as system:masters. A compromised W...

8.8CVSS5.8AI score0.00075EPSS
Exploits0References3Affected Software2
redhatcve
redhatcve
added 2026/06/22 12:46 p.m.9 views

CVE-2026-54100

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. WMCO establishes SSH connections to Windows worker nodes without verifying the remote server host key. An adjacent-network attacker who can intercept or redirect WMCO's SSH session can capture...

8.3CVSS5.9AI score0.00181EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/06/22 12:45 p.m.14 views

CVE-2026-54099

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A...

8.8CVSS5.8AI score0.00075EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/22 12:0 a.m.14 views

PT-2026-51305

Name of the Vulnerable Software and Affected Versions Red Hat OpenShift Container Platform 4 affected versions not specified Description A flaw exists in the Windows Machine Config Operator WMCO where the WICD CSR auto-approver validates that a Certificate Signing Request contains the organizatio...

8.8CVSS5.9AI score0.00075EPSS
Exploits0References12
ptsecurity
ptsecurity
added 2026/06/22 12:0 a.m.12 views

PT-2026-51306

Name of the Vulnerable Software and Affected Versions Red Hat OpenShift Container Platform 4 affected versions not specified Description A flaw exists in the Windows Machine Config Operator WMCO where SSH connections to Windows worker nodes are established without verifying the remote server host...

8.3CVSS6AI score0.00181EPSS
Exploits0References10
ptsecurity
ptsecurity
added 2025/11/03 12:0 a.m.12 views

PT-2025-44765

Name of the Vulnerable Software and Affected Versions Raspberry Pi Imager version 1.9.6 Description An issue exists in the OS customization feature of Raspberry Pi Imager. The 'public-key authentication' setting unintentionally re-adds a user's id rsa.pub key from their local Windows machine to t...

6.8CVSS6.3AI score0.00161EPSS
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-0079

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.00699EPSS
Exploits0References4
nvd
nvd
added 2025/06/18 10:15 a.m.7 views

CVE-2025-38046

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Exploits0
redhatcve
redhatcve
added 2025/02/05 7:36 p.m.10 views

CVE-2022-39327

Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. T...

9.8CVSS7.3AI score0.03207EPSS
Exploits1References1
veeam
veeam
added 2023/09/21 12:0 a.m.21 views

Rescan of Windows Machine in Protection Group Fails With "The network path was not found."

Article Applicability This article addresses situations in which credential-based authentication is used to add a Windows machine to a Veeam Agent for Microsoft Windows protection group. The troubleshooting steps below address connectivity failures that occur when Veeam Backup & Replication...

6AI score
Exploits0
kitploit
kitploit
added 2023/02/05 11:30 a.m.33 views

Winevt_Logs_Analysis - Searching .Evtx Logs For Remote Connections

Simple script for the purpose of finding remote connections to Windows machine and ideally some public IPs. It checks for some EventIDs regarding remote logins and sessions. You should pip install -r requirements.txt so the script can work and parse some of the .evtx files inside winevt folder. T...

7.5AI score
Exploits0References3
kitploit
kitploit
added 2022/12/18 11:30 a.m.76 views

laZzzy - Shellcode Loader, Developed Using Different Open-Source Libraries, That Demonstrates Different Execution Techniques

laZzzy is a shellcode loader that demonstrates different execution techniques commonly employed by malware. laZzzy was developed using different open-source header-only libraries. Features Direct syscalls and native Nt functions not all functions but most Import Address Table IAT evasion Encrypte...

7.7AI score
Exploits0References11
Rows per page
Query Builder