Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/06/11 6:19 p.m.7 views

CVE-2026-45178 Idira Secrets Manager Self-Hosted: Improper Access Control in Internal Cluster Endpoints

Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could leverage these endpoints to potentially retrieve unauthorized secrets or cause a denial ...

8.4CVSS5.5AI score0.00361EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/24 11:43 p.m.4 views

Improper Isolation or Compartmentalization

Overview Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the Validating Admission Controller feature. An attacker with access to the pod network can execute code, which allows them to access stored secrets. By default, the controller can access al...

9.8CVSS7.4AI score0.99098EPSS
Exploits20References2
ATTACKERKB
ATTACKERKB
added 2023/11/07 8:15 p.m.4 views

CVE-2023-4154

A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This flaw allows RODCs and users possessing the GETCHANGES right to access all attributes, including sensitive...

7.5CVSS6.7AI score0.01151EPSS
Exploits0References6
Veracode
Veracode
added 2021/02/04 4:0 a.m.14 views

Arbitrary Code Execution

github.com/aeraki-framework/aeraki is vulnerable to arbitrary code execution. Workflows triggered on pullrequesttarget have read/write tokens for the base repository and the access to secrets. By explicitly checking out and running the build script from a fork, the untrusted code is running in an...

3.1AI score
Exploits0
Rows per page
Query Builder