Lucene search
K

2129 matches found

Cvelist
Cvelist
added 2026/06/01 4:13 p.m.34 views

CVE-2026-45132 CloudPirates Open Source Helm Charts: GitHub Actions workflow leaks PAT and SSH signing key via unsafe credential handling

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow generate-schema.yaml exposes sensitive credentials Personal Access Token and SSH signing key to fork-controlled code due to unsafe checkout and credential handling practices. Th...

10CVSS0.0026EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/01 4:13 p.m.11 views

CVE-2026-45132 CloudPirates Open Source Helm Charts: GitHub Actions workflow leaks PAT and SSH signing key via unsafe credential handling

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow generate-schema.yaml exposes sensitive credentials Personal Access Token and SSH signing key to fork-controlled code due to unsafe checkout and credential handling practices. Th...

10CVSS5.8AI score0.0026EPSS
Exploits0References2
CVE
CVE
added 2026/06/01 4:13 p.m.24 views

CVE-2026-45132

CVE-2026-45132 concerns CloudPirates Open Source Helm Charts. Prior to commit fcf9302, a GitHub Actions workflow (generate-schema.yaml) exposed sensitive credentials—Personal Access Token and an SSH signing key —to fork-controlled code due to unsafe checkout and credential handling practices. The...

10CVSS5.8AI score0.0026EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 12:3 p.m.15 views

BIT-GITLAB-2026-9807 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed a blocked Project Access Token to continue accessing private resources due to incorrect authorization...

4.3CVSS5.8AI score0.00193EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.24 views

PT-2026-45468

Name of the Vulnerable Software and Affected Versions CloudPirates Open Source Helm Charts versions prior to commit fcf9302 Description A GitHub Actions workflow named 'generate-schema.yaml' exposes sensitive credentials, specifically a Personal Access Token and an SSH signing key, to code...

10CVSS5.3AI score0.0026EPSS
Exploits0References8
CVE
CVE
added 2026/05/29 1:32 p.m.80 views

CVE-2026-44698

CVE-2026-44698 affects the Home Assistant Companion apps for Android and iOS, where a JavaScript bridge exposed to in-app WebView could be reached by all frames. The root cause is the bridge exposure along with unsanitized interpolation of the JavaScript callback identifier, allowing a cross-orig...

8.3CVSS6.1AI score0.00136EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.16 views

Linux Distros Unpatched Vulnerability : CVE-2026-9807

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain...

4.3CVSS5.8AI score0.00193EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.10 views

GitLab 18.9 < 18.10.7 / 18.11 < 18.11.4 / 19.0 < 19.0.1 (CVE-2026-9807)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed a blocked...

4.3CVSS5.9AI score0.00193EPSS
Exploits0References5
NVD
NVD
added 2026/05/28 9:16 a.m.18 views

CVE-2026-9807

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed a blocked Project Access Token to continue accessing private resources due to incorrect authorization...

4.3CVSS0.00193EPSS
Exploits0References3
OSV
OSV
added 2026/05/28 9:16 a.m.24 views

UBUNTU-CVE-2026-9807

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed a blocked Project Access Token to continue accessing private resources due to incorrect authorization...

4.3CVSS5.8AI score0.00193EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/28 7:34 a.m.8 views

CVE-2026-9807

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed a blocked Project Access Token to continue accessing private resources due to incorrect authorization...

4.3CVSS5.8AI score0.00193EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/28 7:34 a.m.9 views

CVE-2026-9807 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed a blocked Project Access Token to continue accessing private resources due to incorrect authorization...

4.3CVSS5.8AI score0.00193EPSS
Exploits0References3
CVE
CVE
added 2026/05/28 7:34 a.m.79 views

CVE-2026-9807

GitLab has remediated an authorization flaw in GitLab CE/EE across versions 18.9 up to 18.10.7, 18.11 up to 18.11.4, and 19.0 up to 19.0.1. Under certain conditions, a blocked Project Access Token could continue to access private resources due to incorrect authorization enforcement. The issue’s C...

4.3CVSS5.8AI score0.00193EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/27 5:27 p.m.43 views

CVE-2026-42553 Cinny: Access token disclosure via invalidated emoji pack avatar URL in service worker

Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim...

7.1CVSS0.00302EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/27 5:27 p.m.10 views

EUVD-2026-32612

Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim...

7.1CVSS5.9AI score0.00302EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/27 5:27 p.m.10 views

CVE-2026-42553 Cinny: Access token disclosure via invalidated emoji pack avatar URL in service worker

Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim...

7.1CVSS5.9AI score0.00302EPSS
Exploits0References2
CVE
CVE
added 2026/05/27 5:27 p.m.40 views

CVE-2026-42553

Cinny (Matrix client) before version 4.10.3 is affected by a token-disclosure vulnerability in two parts: (1) EmojiBoard fallback uses an untrusted pack.meta.avatar as a MXC URL, enabling an attacker-controlled HTTP(S) URL in a malicious emote pack; (2) the service worker attaches the user’s Auth...

7.1CVSS5.9AI score0.00302EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 3:16 p.m.15 views

CVE-2026-42280

Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0...

7.1CVSS0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 2:39 p.m.46 views

CVE-2026-42280 Improper Permission Checking in Auth.js SDK

Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0...

7.1CVSS0.00211EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 2:39 p.m.9 views

CVE-2026-42280

Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0...

7.1CVSS5.8AI score0.00211EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder