Lucene search
K

432 matches found

RedHat Linux
RedHat Linux
added 6 days ago7 views

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.10.2 release.

Red Hat Developer Hub 1.10.2 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

10CVSS7AI score0.01186EPSS
Exploits11References39
NVD
NVD
added 6 days ago11 views

CVE-2026-9842

The Backstage - Customizer Demo Access plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.2. This is due to the plugin assigning the manageoptions capability to the backstagecustomizeruser demo role, which is more permissive than necessary for...

7.5CVSS0.00256EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42160

The Backstage - Customizer Demo Access plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.2. This is due to the plugin assigning the manageoptions capability to the backstagecustomizeruser demo role, which is more permissive than necessary for...

7.5CVSS6AI score0.00256EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-9842 Backstage <= 1.4.2 - Unauthenticated Privilege Escalation via Permissive Demo Role Capabilities

The Backstage - Customizer Demo Access plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.2. This is due to the plugin assigning the manageoptions capability to the backstagecustomizeruser demo role, which is more permissive than necessary for...

7.5CVSS0.00256EPSS
Exploits0References3
CVE
CVE
added 6 days ago13 views

CVE-2026-9842

The CVE-2026-9842 entry concerns the Backstage - Customizer Demo Access plugin for WordPress (up to version 1.4.2). The root cause is that the plugin assigns the manage_options capability to the backstage_customizer_user demo role, which is more permissive than required for a Demo Access/Customiz...

7.5CVSS6AI score0.00256EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/30 3:0 p.m.10 views

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.9.6 release.

Red Hat Developer Hub 1.9.6 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

10CVSS6.7AI score0.01041EPSS
Exploits16References69
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:50 p.m.8 views

Malicious code in @live-backstage-im/communication-chat (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ad217e6f53767b755ad267a2052b4bc35add8ba6cdb6532dfec034c83e3d3426 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/06/26 3:42 p.m.8 views

MAL-2026-6528 Malicious code in @immobiliarelabs/backstage-plugin-ldap-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e447b204a3dbe39ad2390ad721dfc14f32b64e2c27d8b4efaf99a27e9cde7b92 The package ships a binding.gyp at the tarball root that contains GYP command-expansion syntax !... / !@... in its sources/targets configuration...

6.5AI score
Exploits0References5
OSV
OSV
added 2026/06/26 3:42 p.m.16 views

MAL-2026-6526 Malicious code in @immobiliarelabs/backstage-plugin-gitlab (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 00eb86df154a9532085ad285ee63cd4c4f9a95a6fe983b9930cd059dfb4cb3f5 The package ships a binding.gyp at the package root whose targets/sources fields contain GYP command-expansion syntax !... at line 6. npm implicitly...

5.8AI score
Exploits0References7
OSV
OSV
added 2026/06/25 10:36 a.m.11 views

ROOT-APP-NPM-CVE-2026-32236 CVE-2026-32236 in @rootio/backstage__plugin-auth-backend - Patched by Root

Root has patched CVE-2026-32236 in the @rootio/backstageplugin-auth-backend package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.00292EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/16 9:33 a.m.11 views

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.9.5 release.

Red Hat Developer Hub 1.9.5 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

10CVSS7.1AI score0.01186EPSS
Exploits15References29
RedhatCVE
RedhatCVE
added 2026/06/04 3:48 p.m.15 views

CVE-2026-44374

A flaw was found in Backstage, an open framework for building developer portals. The system's unprocessed entity endpoints lack proper authorization checks. This allows any authenticated user to access sensitive entity records they should not have access to, leading to unauthorized information...

4.3CVSS5.8AI score0.0017EPSS
Exploits0References4
OSV
OSV
added 2026/06/04 1:45 p.m.10 views

ROOT-APP-NPM-CVE-2026-24046 CVE-2026-24046 in @rootio/backstage__backend-defaults - Patched by Root

Root has patched CVE-2026-24046 in the @rootio/backstagebackend-defaults package for Root:npm. Multiple fixed versions available...

9.1CVSS5.8AI score0.00478EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/05/27 1:41 p.m.22 views

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.8.7 release.

Red Hat Developer Hub 1.8.7 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

10CVSS5.8AI score0.00808EPSS
Exploits8References32
NVD
NVD
added 2026/05/14 3:16 p.m.13 views

CVE-2026-44374

Backstage is an open framework for building developer portals. Prior to 0.6.11, the unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permission authorization checks. Any authenticated user can access unprocessed entity records regardless o...

4.3CVSS0.0017EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 2:30 p.m.41 views

CVE-2026-44374 Backstage: Catalog unprocessed read endpoints allow authenticated cross-owner data access without permission checks

Backstage is an open framework for building developer portals. Prior to 0.6.11, the unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permission authorization checks. Any authenticated user can access unprocessed entity records regardless o...

4.3CVSS0.0017EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 2:30 p.m.7 views

CVE-2026-44374 Backstage: Catalog unprocessed read endpoints allow authenticated cross-owner data access without permission checks

Backstage is an open framework for building developer portals. Prior to 0.6.11, the unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permission authorization checks. Any authenticated user can access unprocessed entity records regardless o...

4.3CVSS5.8AI score0.0017EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/14 2:30 p.m.14 views

EUVD-2026-30295

Backstage is an open framework for building developer portals. Prior to 0.6.11, the unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permission authorization checks. Any authenticated user can access unprocessed entity records regardless o...

4.3CVSS5.8AI score0.0017EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 2:30 p.m.8 views

CVE-2026-44374

Backstage is an open framework for building developer portals. Prior to 0.6.11, the unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permission authorization checks. Any authenticated user can access unprocessed entity records regardless o...

4.3CVSS5.8AI score0.0017EPSS
Exploits0References2Affected Software3
CVE
CVE
added 2026/05/14 2:30 p.m.13 views

CVE-2026-44374

CVE-2026-44374 affects Backstage when using the unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed. Prior to version 0.6.11, these endpoints do not enforce permission checks, enabling any authenticated user to access unprocessed entity records regardless o...

4.3CVSS5.8AI score0.0017EPSS
Exploits0References1Affected Software3
Rows per page
Query Builder