Lucene search
K

323 matches found

Fedora
Fedora
added 2026/05/01 3:12 a.m.6 views

[SECURITY] Fedora 44 Update: openbao-2.5.3-1.fc44

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

7.5CVSS5.4AI score0.00651EPSS
Exploits1
The Hacker News
The Hacker News
added 2026/04/30 12:36 p.m.21 views

New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials

Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEPDOOR that comes with capabilities to establish persistent access and harvest a wide range of sensitive information from compromised hosts. "The intrusion chain begins with execution of a batc...

6.2AI score
Exploits0
OSV
OSV
added 2026/04/29 8:0 a.m.4 views

MAL-2026-3157 Malicious code in apple-internal-auth-v3 (npm)

Malicious npm package published by threat actor "raya4321" as part of a coordinated typosquatting campaign impersonating Apple internal infrastructure services authentication, PKI, telemetry, CloudKit, and cloud infrastructure. All packages in this campaign execute credential-theft payloads durin...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/04/28 9:39 p.m.10 views

MAL-2026-3135 Malicious code in sf-th-requests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3a4508be29963ffe0a2d8b245449cf80873bdd6037c226e94ff99d9937566c7d During import package exfiltrates the environment variables and cloud credentials/tokens to a hardcoded location. --- Category: MALICIOUS - The campaign has...

5.4AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/28 9:39 p.m.13 views

Malicious code in sf-th-requests (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3a4508be29963ffe0a2d8b245449cf80873bdd6037c226e94ff99d9937566c7d During import package exfiltrates the environment variables and cloud credentials/tokens to a hardcoded location. --- Category: MALICIOUS - The campaign has...

5.3AI score
Exploits0References1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.11 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from environmental variable cleanup issues, where GITTEMPLATEDIR and AWSCONFIGFILE were not protected...

5.8CVSS6AI score0.00105EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/10 9:0 p.m.9 views

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the CloudSpec method on the Controller facade. An attacker can obtain sensitive cloud credentials by making an authenticated API call with only basic login permissions, without requiring elevated privileges...

9.9CVSS5.8AI score0.00445EPSS
Exploits1References2
OSV
OSV
added 2026/04/10 9:0 p.m.4 views

GHSA-W5FQ-8965-C969 Juju: CloudSpec method leaking cloud credentials

Impact If a user has login permission to a controller and knows the controller model UUID, they can call the CloudSpec method on the Controller facade and get cloud credentials used to bootstrap the controller. The CloudSpec API is called by workers running in the controller to maintain connectio...

9.9CVSS5.6AI score0.00445EPSS
Exploits1References5
EUVD
EUVD
added 2026/04/10 9:0 p.m.6 views

EUVD-2026-21364

Juju: CloudSpec method leaking cloud credentials...

9.9CVSS5.8AI score0.00445EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/10 9:0 p.m.10 views

Juju: CloudSpec method leaking cloud credentials

Impact If a user has login permission to a controller and knows the controller model UUID, they can call the CloudSpec method on the Controller facade and get cloud credentials used to bootstrap the controller. The CloudSpec API is called by workers running in the controller to maintain connectio...

9.9CVSS5.6AI score0.00445EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/04/10 1:16 p.m.11 views

CVE-2026-5412

In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This...

9.9CVSS0.00445EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/04/10 1:16 p.m.5 views

CVE-2026-5412

In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This...

9.9CVSS5.8AI score0.00445EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/04/10 12:22 p.m.3 views

CVE-2026-5412 Juju CloudSpec API could leak senstive information

In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This...

9.9CVSS5.8AI score0.00445EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/10 12:22 p.m.28 views

CVE-2026-5412 Juju CloudSpec API could leak senstive information

In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privileged user to access sensitive credentials. This...

9.9CVSS0.00445EPSS
Exploits1References3
OSV
OSV
added 2026/04/10 3:16 a.m.9 views

PYSEC-2026-202

An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...

5.3CVSS5.5AI score0.0022EPSS
Exploits1References4
OSV
OSV
added 2026/04/10 3:16 a.m.3 views

UBUNTU-CVE-2026-33551

An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...

5.3CVSS5.8AI score0.0022EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2026/04/10 3:16 a.m.11 views

CVE-2026-33551

An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...

3.5CVSS5.8AI score0.0022EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.12 views

PT-2026-31912

Name of the Vulnerable Software and Affected Versions Juju versions prior to 2.9.57 and 3.6.21 Description Juju versions prior to 2.9.57 and 3.6.21 contain an authorization issue in the Controller facade. An authenticated user can call the CloudSpec API method to extract cloud credentials used fo...

9.9CVSS5.8AI score0.00445EPSS
Exploits1References20
CVE
CVE
added 2026/04/10 12:0 a.m.40 views

CVE-2026-33551

OpenStack Keystone vulnerability CVE-2026-33551 allows an authenticated user with only a reader role to obtain EC2/S3 credentials via restricted application credentials when using the EC2/S3 compatibility API (swift3/s3api). Affected products/versions: Keystone 14 through 26 before 26.1.1, 27.0.0...

5.3CVSS5.9AI score0.0022EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/09 7:23 p.m.5 views

CVE-2026-35516

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update and CheckLinksCommand::checkLink do not check for private IPs. An authenticated user can read responses from internal services AWS IMDSv1, cloud metadata, internal APIs by creating a link with a publ...

5CVSS5.9AI score0.00274EPSS
Exploits1References1
Rows per page
Query Builder