Lucene search
+L

250 matches found

Snyk
Snyk
added 2026/03/30 10:36 p.m.2 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the CEL-based HTTP functions. An attacker can make unauthorized network requests to internal or external resources and exfitrate sensitive information AWS IAM credentials, GCP tokens by crafting...

9.8CVSS5.6AI score0.00705EPSS
Exploits0References2
NVD
NVD
added 2026/03/16 2:19 p.m.8 views

CVE-2026-2462

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to restrict plugin installation on CI test instances with default admin credentials which allows an unauthenticated attacker to achieve remote code execution and exfiltrate sensitive configuration data including AWS and...

6.6CVSS0.00328EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/16 12:0 p.m.5 views

CVE-2026-2462

Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to restrict plugin installation on CI test instances with default admin credentials which allows an unauthenticated attacker to achieve remote code execution and exfiltrate sensitive configuration data including AWS and...

6.6CVSS6.4AI score0.00328EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/16 12:0 p.m.17 views

CVE-2026-2462

Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, and 10.11.x

6.6CVSS6.4AI score0.00328EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/09 8:35 p.m.8 views

Craft CMS: save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host

Summary - The saveimagesAsset graphql mutation allows a user to give a url of an image to download. Url must use a domain, not a raw IP. - Attacker sets up domain attacker.domain with an A record of something like 169.254.169.254 special AWS metadata IP - Attacker invokes saveimagesAsset with url...

6.5CVSS5.7AI score0.00419EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2026/02/09 7:33 p.m.38 views

CVE-2026-25492 Craft has a save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host

Craft CMS is a content management system. In Craft versions 3.5.0 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveimagesAsset GraphQL mutation can be abused to fetch internal URLs by providing a domain name that resolves to an internal IP address, bypassing hostname validation. When a...

5.3CVSS0.00419EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/09 9:14 a.m.6 views

CVE-2022-23506

Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes, and Spinnaker's Rosco microservice produces machine images. Rosco prior to versions 1.29.2, 1.28.4, and 1.27.3 does not property mask secrets generated via packer builds. This can lead to exposur...

7.5CVSS6.6AI score0.00541EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:49 a.m.8 views

CVE-2022-27198

A cross-site request forgery CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

8CVSS6.7AI score0.00503EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:48 a.m.13 views

CVE-2022-27199

A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token...

4.3CVSS6.5AI score0.00732EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/19 12:11 a.m.24 views

CVE-2025-63604

A code injection vulnerability exists in baryhuang/mcp-server-aws-resources-python 0.1.0 that allows remote code execution through insufficient input validation in the executequery method. The vulnerability stems from the exposure of dangerous Python built-in functions import, getattr, hasattr in...

6.5CVSS8.7AI score0.00342EPSS
Exploits1References1
OSV
OSV
added 2025/11/14 2:45 p.m.21 views

HSEC-2023-0013 git-annex plaintext storage of embedded credentials on encrypted remotes

git-annex plaintext storage of embedded credentials on encrypted remotes git-annex had a bug in the S3 and Glacier remotes where if embedcreds=yes was set, and the remote used encryption=pubkey or encryption=hybrid, the embedded AWS credentials were stored in the Git repository in effectively...

7.5CVSS6.2AI score0.00153EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-0028

Malware in sbrugna...

6.1CVSS6.2AI score0.00463EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2014-6160

Malware in sbrugna...

7.5CVSS6.1AI score0.00153EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2012-3395

Malware in sbrugna...

2.1CVSS6.4AI score0.00353EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-28109

Malicious code in bioql PyPI...

8CVSS7.6AI score0.00745EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-1504

Malicious code in bioql PyPI...

8CVSS7.8AI score0.00503EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-23989

Malicious code in bioql PyPI...

7.6CVSS7.6AI score0.00576EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.24 views

EUVD-2022-4452

Malicious code in bioql PyPI...

4.3CVSS5AI score0.00722EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-28634

Malicious code in bioql PyPI...

5.5CVSS5.8AI score0.00266EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-28552

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00541EPSS
Exploits0References2
Rows per page
Query Builder