Lucene search
K

158552 matches found

EUVD
EUVD
added 2026/06/22 3:43 p.m.7 views

EUVD-2026-38297

An issue was discovered in Canonical ADSys upstream versions through v0.16.2. During Active Directory Certificate Services AD CS certificate auto-enrollment via the vendored Samba client script internal/policies/certificate/python/vendorsamba/gp/gpcertautoenrollext.py, ADSys utilizes a plaintext...

9.5CVSS6AI score0.00111EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 3:43 p.m.22 views

CVE-2026-12249

Canonical ADSys upstream versions up to v0.16.2 expose a flaw in AD CS auto-enrollment where the vendored Samba client uses plaintext HTTP (GETCACert) to fetch the CA certificate, enabling a network attacker in a MITM position to supply an attacker-controlled Root CA. This leads to automatic enro...

9.5CVSS6AI score0.00111EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 2:17 p.m.12 views

CVE-2026-54099

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A...

8.8CVSS0.00073EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/22 12:46 p.m.10 views

CVE-2026-54099 Windows-machine-config-operator: windows-machine-config-operator: wicd csr extra-organization allows privilege escalation to system:masters

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A...

8.8CVSS5.8AI score0.00073EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 12:46 p.m.30 views

CVE-2026-54099 Windows-machine-config-operator: windows-machine-config-operator: wicd csr extra-organization allows privilege escalation to system:masters

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A...

8.8CVSS0.00073EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 12:46 p.m.7 views

EUVD-2026-38233

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A...

8.8CVSS5.8AI score0.00073EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 12:46 p.m.12 views

CVE-2026-54099

The CVE-2026-54099 entry describes a vulnerability in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift. The WICD CSR auto-approver only checks that a CSR’s organization includes system:wicd-nodes and does not reject extra organization values such as system:masters. A compromised W...

8.8CVSS5.8AI score0.00073EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/22 12:46 p.m.4 views

CVE-2026-54099

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A...

8.8CVSS5.8AI score0.00073EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/22 12:45 p.m.13 views

CVE-2026-54099

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A...

8.8CVSS5.8AI score0.00073EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.10 views

PT-2026-51305

Name of the Vulnerable Software and Affected Versions Red Hat OpenShift Container Platform 4 affected versions not specified Description A flaw exists in the Windows Machine Config Operator WMCO where the WICD CSR auto-approver validates that a Certificate Signing Request contains the organizatio...

8.8CVSS5.9AI score0.00073EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.16 views

PT-2026-51429

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description When ENABLE REVERSE PROXY AUTHENTICATION is enabled, Gogs accepts the configured authentication header default: X-WEBAUTH-USER directly from client requests without validating that the request originat...

8.7CVSS6AI score0.00864EPSS
Exploits0References10
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: misc: tifpc202: fixed a potential memory leak in the probe function. Used “foreachchildofnodescoped” to simplify the code and ensure that the device node reference is automatically released when the loop scope ends...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 12:31 a.m.9 views

EUVD-2026-37959

PraisonAI before 4.5.128 contains an arbitrary shell command execution vulnerability where the UI modules hardcode approvalmode to auto, overriding administrator configuration from PRAISONAPPROVALMODE environment variable. Authenticated attackers can instruct the LLM agent to execute arbitrary...

8.8CVSS6AI score0.00476EPSS
Exploits0References3
NVD
NVD
added 2026/06/18 11:16 p.m.12 views

CVE-2026-56075

PraisonAI before 4.5.128 contains an arbitrary shell command execution vulnerability where the UI modules hardcode approvalmode to auto, overriding administrator configuration from PRAISONAPPROVALMODE environment variable. Authenticated attackers can instruct the LLM agent to execute arbitrary...

8.8CVSS0.00476EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 4:20 p.m.17 views

CVE-2025-32437

CVE-2025-32437 affects AutoGPT prior to 0.6.63, specifically the MediaDurationBlock. The issue arises because MediaDurationBlock downloads and stores videos in a temporary directory without proper deletion, and StepThroughItemsBlock can iterate MediaDurationBlock multiple times, with no limit on ...

8.7CVSS5.3AI score0.00276EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.10 views

PT-2026-50806

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.128 Description An arbitrary shell command execution issue exists where UI modules hardcode approval mode to auto, which overrides the administrator configuration set in the PRAISON APPROVAL MODE environment...

8.8CVSS6.3AI score0.00476EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37651

Unauthenticated Cross Site Scripting XSS in Auto Repair = 22.6 versions...

7.1CVSS5.1AI score0.00244EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.6 views

CVE-2026-22331

Unauthenticated Local File Inclusion in AutoParts = 1.5.8 versions...

8.1CVSS0.00363EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.6 views

CVE-2026-22328

Unauthenticated Cross Site Scripting XSS in Auto Repair = 22.6 versions...

7.1CVSS0.00244EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:50 a.m.27 views

CVE-2026-22328 WordPress Auto Repair theme <= 22.6 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Auto Repair = 22.6 versions...

7.1CVSS0.00244EPSS
Exploits0References1
Rows per page
Query Builder