Lucene search
K

23 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.10 views

CVE-2026-33712

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the preview chat endpoint POST /api/v1/typebots/typebotId/preview/startChat allows unauthenticated users to achieve Server-Side Request Forgery SSRF by supplying a custom typebot definition with server-side code blocks. The fetch...

10CVSS5.5AI score0.00347EPSS
Exploits1References1
NVD
NVD
added 2026/06/04 12:16 p.m.10 views

CVE-2026-10843

A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive actions rather than being restricted to cluster-owned resources, enabling cross-scope impact after credential compromise...

7.2CVSS0.00328EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/04 12:4 p.m.11 views

CVE-2026-10843

A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive actions rather than being restricted to cluster-owned resources, enabling cross-scope impact after credential compromise...

7.2CVSS5.7AI score0.00328EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/04 12:4 p.m.10 views

EUVD-2026-34249

A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive actions rather than being restricted to cluster-owned resources, enabling cross-scope impact after credential compromise...

7.2CVSS5.7AI score0.00328EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/04 12:4 p.m.9 views

CVE-2026-10843 Cloud-credential-operator: cco mint-mode credentialsrequest manifests grant account-wide iam access beyond cluster scope on aws

A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive actions rather than being restricted to cluster-owned resources, enabling cross-scope impact after credential compromise...

7.2CVSS5.7AI score0.00328EPSS
Exploits0References2
CVE
CVE
added 2026/06/04 12:4 p.m.21 views

CVE-2026-10843

OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS allow operator credentials to have account-wide permissions for destructive actions, rather than being restricted to cluster-owned resources. This enables cross-scope impact after credential compromise. The CVE-2026-10843 entry do...

7.2CVSS5.7AI score0.00328EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/04 12:4 p.m.43 views

CVE-2026-10843 Cloud-credential-operator: cco mint-mode credentialsrequest manifests grant account-wide iam access beyond cluster scope on aws

A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive actions rather than being restricted to cluster-owned resources, enabling cross-scope impact after credential compromise...

7.2CVSS0.00328EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/04 12:4 p.m.11 views

CVE-2026-10843

A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive actions rather than being restricted to cluster-owned resources, enabling cross-scope impact after credential compromise...

7.2CVSS5.8AI score0.00328EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.22 views

PT-2026-46192

Name of the Vulnerable Software and Affected Versions OpenShift Cloud Credential Operator affected versions not specified Description A flaw exists in the Mint-mode IAM policies for AWS within the OpenShift Cloud Credential Operator. Operator credentials are provisioned with account-wide scope fo...

7.2CVSS5.4AI score0.00328EPSS
Exploits0References4
Microsoft Secure
Microsoft Secure
added 2026/05/29 3:4 a.m.25 views

Typosquatted npm packages used to steal cloud and CI/CD secrets

In this article 1. Attack chain overview 1. The lure: typosquats and spoofed metadata 2. Execution: npm lifecycle hook abuse 3. Gen-1 stager: HTTP C2 beacon and payload drop 4. Gen-2 stager: abusing the legitimate Bun runtime as a loader 5. Credential theft 6. Impact and blast radius 2. Mitigatio...

6.3AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/22 4:50 p.m.7 views

CVE-2026-33712 TypeBot: Unauthenticated SSRF via isolated-vm fetch in preview chat endpoint bypasses SSRF controls

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the preview chat endpoint POST /api/v1/typebots/typebotId/preview/startChat allows unauthenticated users to achieve Server-Side Request Forgery SSRF by supplying a custom typebot definition with server-side code blocks. The fetch...

10CVSS5.8AI score0.00347EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/22 4:50 p.m.9 views

CVE-2026-33712

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the preview chat endpoint POST /api/v1/typebots/typebotId/preview/startChat allows unauthenticated users to achieve Server-Side Request Forgery SSRF by supplying a custom typebot definition with server-side code blocks. The fetch...

10CVSS5.8AI score0.00347EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.9 views

PT-2026-33169

🔴 SharePoint CVE-2026-32115 is under active exploitation. Patch now. 🔴 Marimo CVE-2026-29104 targets exposed notebooks for cloud credential theft. 🟡 108 malicious Chrome extensions stole Google and Telegram data. https://t.co/pBWq66uIkZ...

2.7CVSS5.8AI score0.0023EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/04/12 10:12 a.m.275 views

Exploit for CVE-2026-40175

🚨 CVE-2026-40175 - Critical Vulnerability in Axios...

10CVSS5.9AI score0.01815EPSS
Exploits5
Vulnrichment
Vulnrichment
added 2026/03/10 6:46 p.m.7 views

CVE-2026-27826 MCP Atlassian has SSRF via unvalidated X-Atlassian-Jira-Url / X-Atlassian-Confluence-Url headers

MCP Atlassian is a Model Context Protocol MCP server for Atlassian products Confluence and Jira. Prior to version 0.17.0, an unauthenticated attacker who can reach the mcp-atlassian HTTP endpoint can force the server process to make outbound HTTP requests to an arbitrary attacker-controlled URL b...

8.2CVSS5.9AI score0.14958EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2026/02/06 9:30 p.m.208 views

Exploit for Expression Language Injection in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

ButtF - Backend Misconfiguration & Logic Flaw Exploitation Too...

10CVSS5.7AI score0.99999EPSS
Exploits444
The Hacker News
The Hacker News
added 2023/08/23 11:44 a.m.38 views

Agile Approach to Mass Cloud Credential Harvesting and Crypto Mining Sprints Ahead

Developers are not the only people who have adopted the agile methodology for their development processes. From 2023-06-15 to 2023-07-11, Permiso Security's p0 Labs team identified and tracked an attacker developing and deploying eight 8 incremental iterations of their credential harvesting malwa...

7.8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/07/14 10:12 a.m.40 views

TeamTNT's Cloud Credential Stealing Campaign Now Targets Azure and Google Cloud

A malicious actor has been linked to a cloud credential stealing campaign in June 2023 that's focused on Azure and Google Cloud Platform GCP services, marking the adversary's expansion in targeting beyond Amazon Web Services AWS. The findings come from SentinelOne and Permiso, which said the...

6.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 3:58 a.m.2 views

SUSE CVE-2020-12691

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user...

8.8CVSS6.9AI score0.04918EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.5 views

SUSE CVE-2021-25320

A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID. Rancher in this case would attach the requested credentials without further checks This issue affects: Rancher versions prior to...

9.9CVSS8.8AI score0.00832EPSS
Exploits0References6
Rows per page
Query Builder