Lucene search
K

17 matches found

CNNVD
CNNVD
added 2026/04/10 12:0 a.m.6 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.24 contained security vulnerabilities. These vulnerabilities stemmed from the /allowlist command not revalidating the gateway client scope for internal callers. This could allow...

7.1CVSS5.8AI score0.00264EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.5 views

PT-2026-20563

A security vulnerability has been discovered in how the input.parsed path field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as authority components, and therefore dropping them from the parsed path. Th...

7.1CVSS5.5AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/15 12:6 p.m.7 views

CVE-2026-0976

A flaw was found in Keycloak. This improper input validation vulnerability occurs because Keycloak accepts RFC-compliant matrix parameters in URL path segments, while common reverse proxy configurations may ignore or mishandle them. A remote attacker can craft requests to mask path segments,...

3.7CVSS6.7AI score0.00354EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 12:34 p.m.11 views

CVE-2023-45822

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which a default unsafe rego built-in was allowed to be used when...

5.3CVSS7AI score0.00519EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2007-0432

Malware in sbrugna...

7.5CVSS6.4AI score0.01398EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2023-2711

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00519EPSS
Exploits0References6
Prion
Prion
added 2023/10/19 9:15 p.m.20 views

Authorization

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which a default unsafe rego built-in was allowed to be used when...

5CVSS5.4AI score0.00519EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/19 8:53 p.m.13 views

CVE-2023-45822 Unsafe rego built-in allowed in Artifact Hub

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which a default unsafe rego built-in was allowed to be used when...

3.7CVSS7AI score0.00519EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/10/19 8:53 p.m.21 views

CVE-2023-45822 Unsafe rego built-in allowed in Artifact Hub

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which a default unsafe rego built-in was allowed to be used when...

3.7CVSS5.6AI score0.00519EPSS
Exploits0References4
OSV
OSV
added 2023/10/19 5:5 p.m.26 views

GHSA-9PC8-M4VP-GGVF Artifact Hub allows unsafe rego built-in

Impact During a security audit of Artifact Hub's code base, a security researcher at OffSec identified a bug in which a default unsafe rego built-in was allowed to be used when defining authorization policies. Artifact Hub includes a fine-grained authorization mechanism that allows organizations ...

3.7CVSS4.8AI score0.00519EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2023/10/19 5:5 p.m.31 views

Artifact Hub allows unsafe rego built-in

Impact During a security audit of Artifact Hub's code base, a security researcher at OffSec identified a bug in which a default unsafe rego built-in was allowed to be used when defining authorization policies. Artifact Hub includes a fine-grained authorization mechanism that allows organizations ...

5.3CVSS7AI score0.00519EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2023/10/19 12:0 a.m.5 views

Artifact Hub Code Issue Vulnerability

Artifact Hub is a web-based application that finds, installs, and distributes packages and configurations for CNCF projects. A security vulnerability exists in Artifact Hub that stems from allowing the use of default insecure rego built-ins when defining authorization policies...

5.3CVSS6.8AI score0.00519EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/08/25 9:37 a.m.58 views

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 1.1.17.1 security update

An update for servicemesh and servicemesh-proxy is now available for OpenShift Service Mesh 1.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

8.6CVSS7.1AI score0.03325EPSS
Exploits0References6
Prion
Prion
added 2021/08/24 11:15 p.m.20 views

Path traversal

Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio 1.11.0, 1.10.3 and below, and 1.9.7 and below contain a remotely exploitable vulnerability where an HTTP request...

5CVSS7.5AI score0.01099EPSS
Exploits0References2Affected Software1
Akamai Blog
Akamai Blog
added 2018/09/25 2:7 p.m.67 views

Zero Trust Security Architectures - Software Defined Perimeter

By Jano van Deventer and Andrew Terranova This is Part 3 of a 5 part blog series. Jump to Part 1: Introduction Jump to Part 2: Network Micro-Segmentation Jump to Part 4: Identity Aware Proxy Jump to Part 5: Akamai's Approach to Zero Trust Introduction In the first part of this blog series, we...

0.1AI score
Exploits0
Cvelist
Cvelist
added 2018/05/18 3:0 p.m.26 views

CVE-2018-5256

CoreOS Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before 1.8.4-tectonic.3 mounts a direct proxy to the kubernetes cluster at /api/kubernetes/ which is accessible without authentication to Tectonic and allows an attacker to directly connect to the kubernetes API server. Unauthenticated users...

7.8AI score0.01671EPSS
Exploits0References2
NVD
NVD
added 2007/01/23 2:28 a.m.10 views

CVE-2007-0432

BEA AquaLogic Service Bus 2.0, 2.1, and 2.5 does not properly reject malformed request messages to a proxy service, which might allow remote attackers to bypass authorization policies and route requests to back-end services or conduct other unauthorized activities...

7.5CVSS6.8AI score0.01398EPSS
Exploits0References5
Rows per page
Query Builder