368 matches found
CVE-2026-33540
CVE-2026-33540 affects the Distribution toolkit. In prior releases (before 3.1.0) and in pull-through cache mode, it parses WWW-Authenticate challenges to discover token auth endpoints, taking the realm URL from a bearer challenge without validating it against the upstream host. An attacker-contr...
CVE-2026-33540 Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm
Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges returned by the configured upstream registry. The realm URL from a bearer challenge is used...
PT-2026-30630
Distribution versions prior to 3.1.0 are affected by an issue where the software incorrectly handles token authentication endpoints. Specifically, when operating in pull-through cache mode, the software parses WWW-Authenticate challenges from the upstream registry without validating the realm URL...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection in the Apple MDM profile delivery pipeline. An attacker can access or modify sensitive database contents, such as user credentials, API tokens, and device enrollment secrets, by sending a malicious UDID during the MDM...
SUSE CVE-2025-59032
ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed...
CVE-2025-59032
ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed...
CVE-2025-59032
ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed...
CVE-2025-59032
ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed...
CVE-2025-59032
ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed...
UBUNTU-CVE-2025-59032
ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed...
CVE-2026-3022
Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/hospitalization/generate-hospitalization-summary'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose o...
CVE-2026-3192
A security vulnerability has been detected in Chia Blockchain 2.1.0. This issue affects the function authenticate of the file rpcserverbase.py of the component RPC Credential Handler. The manipulation leads to improper authentication. The attack is possible to be carried out remotely. The attack ...
CVE-2026-3192
A security vulnerability has been detected in Chia Blockchain 2.1.0. This issue affects the function authenticate of the file rpcserverbase.py of the component RPC Credential Handler. The manipulation leads to improper authentication. The attack is possible to be carried out remotely. The attack ...
PT-2026-21945
Name of the Vulnerable Software and Affected Versions Chia Blockchain version 2.1.0 Description A security issue has been identified in Chia Blockchain that results in improper authentication. This is due to manipulation within the authenticate function located in the rpc server base.py file of t...
chia-blockchain 授权问题漏洞
ChiaBlockchain is a Python library for Chia Network’s open-source project. Version 2.1.0 of ChiaBlockchain contains an authorization vulnerability. This vulnerability stems from improper authentication practices in the authenticate function within the rpcserverbase.py file of the component’s RPC...
Information Exposure
Overview @vendure/core is an A modern, headless ecommerce framework Affected versions of this package are vulnerable to Information Exposure via the authenticate function. An attacker can determine valid usernames by measuring response times during authentication attempts. Remediation Upgrade...
EUVD-2026-4945
malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 0.10.0 and prior to version 1.20.3, malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI image reference. malcontent uses...
CVE-2026-24845
malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 0.10.0 and prior to version 1.20.3, malcontent could be made to expose Docker registry credentials if it scanned a specially crafted OCI image reference. malcontent uses...
CVE-2026-1050
A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can lead to sql injection. The attack can be...
Injection
Overview Affected versions of this package are vulnerable to Injection via the REST Authenticate Endpoint in the Y9PlatformUtil.java file. An attacker can access, modify, or disrupt sensitive data by sending specially crafted requests to the affected endpoint. Remediation There is no fixed versio...