Lucene search
+L

71 matches found

nvd
nvd
added 6 days ago7 views

CVE-2026-44795

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to 2026.1.0, 2026.0.3, 2025.4.4, and 2025.3.3, unsafe YAML processing bypasses safe deserialization when using CloudFormation deployments or CloudFoundry baking. The use of a non-safe constructor allows arbitrary loading...

8.8CVSS0.01001EPSS
Exploits0References4
cvelist
cvelist
added 6 days ago33 views

CVE-2026-44795 Spinnaker: Non-safe yaml deserialization allowing RCE when using specific types

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to 2026.1.0, 2026.0.3, 2025.4.4, and 2025.3.3, unsafe YAML processing bypasses safe deserialization when using CloudFormation deployments or CloudFoundry baking. The use of a non-safe constructor allows arbitrary loading...

8.8CVSS0.01001EPSS
Exploits0References4
cve
cve
added 6 days ago23 views

CVE-2026-44795

CVE-2026-44795 affects Spinnaker (Cloud deployments/baking paths) where unsafe YAML processing bypasses safe deserialization via a non-safe constructor, enabling arbitrary Java class loading and remote code execution. Affected versions precede fixed releases and include 2026.1.0, 2026.0.3, 2025.4...

8.8CVSS6.3AI score0.01001EPSS
Exploits0References4
osv
osv
added 6 days ago3 views

CVE-2026-44795 Spinnaker: Non-safe yaml deserialization allowing RCE when using specific types

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to 2026.1.0, 2026.0.3, 2025.4.4, and 2025.3.3, unsafe YAML processing bypasses safe deserialization when using CloudFormation deployments or CloudFoundry baking. The use of a non-safe constructor allows arbitrary loading...

8.8CVSS6.3AI score0.01001EPSS
Exploits0References6
github
github
added 2026/06/22 8:43 p.m.7 views

Spinnaker has uon-safe yaml deserialization, allowing RCE when using specific types

Impact There's an unsafe YAML processing vulnerability that bypasses safe deserialization. This impacts users when when performing: CloudFormation deployments CloudFoundry Baking The usage of a non-safe constructor use allows arbitrary loading of Java classes leading to RCE. Patches 2025.3.3,...

8.8CVSS6AI score0.01001EPSS
Exploits0References2Affected Software2
snyk
snyk
added 2026/06/22 8:43 p.m.3 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the YAML processing. An attacker can execute arbitrary code by supplying crafted YAML input that triggers unsafe class loading during operations such as CloudFormation deployments or CloudFoundry...

8.8CVSS6.2AI score0.01001EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/22 12:0 a.m.15 views

PT-2026-51444

Name of the Vulnerable Software and Affected Versions Spinnaker versions prior to 2026.1.0 Spinnaker versions prior to 2026.0.3 Spinnaker versions prior to 2025.4.4 Spinnaker versions prior to 2025.3.3 Description Unsafe YAML processing bypasses safe deserialization during CloudFormation...

8.8CVSS6.6AI score0.01001EPSS
Exploits0References7
redhatcve
redhatcve
added 2026/06/05 7:21 p.m.10 views

CVE-2026-47358

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates v...

9.2CVSS5.5AI score0.00479EPSS
Exploits0References1
nvd
nvd
added 2026/05/19 5:16 p.m.16 views

CVE-2026-47358

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates v...

9.2CVSS0.00479EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/19 3:53 p.m.43 views

CVE-2026-47358

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates v...

9.2CVSS0.00479EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/19 3:53 p.m.11 views

CVE-2026-47358

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates v...

9.2CVSS5.8AI score0.00479EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/19 3:53 p.m.11 views

CVE-2026-47358

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates v...

9.2CVSS5.8AI score0.00479EPSS
Exploits0References2
cve
cve
added 2026/05/19 3:53 p.m.19 views

CVE-2026-47358

CVE-2026-47358 affects Terrascan v1.18.3 and earlier. In server mode, Terrascan parses uploaded ARM/CloudFormation templates and resolves external URLs via hashicorp/go-getter with default detectors (including FileDetector), enabling an unauthenticated attacker to upload templates containing atta...

9.2CVSS5.8AI score0.00479EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2026/05/19 12:0 a.m.18 views

PT-2026-41954

Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery SSRF via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced within those templates v...

9.2CVSS5.8AI score0.00479EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/19 12:0 a.m.11 views

terrascan 安全漏洞

Trenescan is an open-source infrastructure code static security analysis tool developed by Tenable. Versions of Trenescan 1.18.3 and earlier contain security vulnerabilities. These vulnerabilities stem from server-side request forgeing vulnerabilities in the external URL parsing of uploaded IaC...

9.2CVSS5.9AI score0.00479EPSS
Exploits0References1
vulnersosv
vulnersosv
added 2026/04/24 3:59 p.m.8 views

aws-encryption-sdk-cli (>=2.1.0 <=3.1.0), cloudformation-cli-python-lib (>=2.1.9 <=2.1.16) +4 more potentially affected by CVE-2026-6550 via aws-encryption-sdk (>=2.0.0 <=3.3.0)

aws-encryption-sdk PYPI version =2.0.0, =2.1.0, =2.1.9, =1.0.0, =1.0.1, =0.4.8, =25.11.0, =25.14.1 Source cves: CVE-2026-6550 Source advisory: OSV:GHSA-V638-38FC-RHFV...

5.7CVSS5.4AI score0.00096EPSS
Exploits0
vulnersosv
vulnersosv
added 2026/04/20 8:12 p.m.9 views

cloudformation-cli-python-lib (>=2.1.12 <=2.1.16), core-aws (>=1.0.0 <=1.0.4) +3 more potentially affected by CVE-2026-6550 via aws-encryption-sdk (>=3.1.0 <=3.3.0)

aws-encryption-sdk PYPI version =3.1.0, =2.1.12, =1.0.0, =1.0.1, =0.4.8, =25.11.0, =25.14.1 Source cves: CVE-2026-6550 Source advisory: SNYK:PYTHON-AWSENCRYPTIONSDK-16115497...

5.7CVSS5.4AI score0.00096EPSS
Exploits0
vulnersosv
vulnersosv
added 2026/01/08 9:46 p.m.4 views

aware (>=0.0.12 <=0.0.30), aws-manager (>=0.0.1 <=0.21.2) +3 more potentially affected by unknown CVE via aws-sdk-cloudformation (>=0.10.1 <=0.9.0)

aws-sdk-cloudformation CARGO version =0.10.1, =0.0.12, =0.0.1, =0.0.0, =0.2.0, =0.5.0 - nitor-vault =0.1.0 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

5.5AI score
Exploits0
euvd
euvd
added 2025/10/07 12:30 a.m.9 views

EUVD-2017-18383

Malware in sbrugna...

7.8CVSS7.6AI score0.00376EPSS
Exploits2References6
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2013-6238

Malware in sbrugna...

4CVSS6.1AI score0.0103EPSS
Exploits2References8
Rows per page
Query Builder