Lucene search
+L

35 matches found

euvd
euvd
added 2026/06/26 12:32 a.m.7 views

EUVD-2026-39596

A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored cross-site scripting XSS payload into cluster objects such as ClusterVersion...

6.9CVSS5.7AI score0.00176EPSS
Exploits0References3
nvd
nvd
added 2026/06/26 12:16 a.m.8 views

CVE-2026-13083

A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored cross-site scripting XSS payload into cluster objects such as ClusterVersion...

6.9CVSS0.00176EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/25 11:23 p.m.6 views

CVE-2026-13083 Pen-drive: pen-drive: stored xss via unescaped cluster data in html report

A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored cross-site scripting XSS payload into cluster objects such as ClusterVersion...

6.9CVSS5.6AI score0.00176EPSS
Exploits0References2
cve
cve
added 2026/06/25 11:23 p.m.19 views

CVE-2026-13083

CVE-2026-13083 concerns the Pen Drive report generator, where cluster-sourced data is rendered into HTML reports without proper escaping or sanitization, enabling stored XSS. An attacker with cluster administrator privileges can inject XSS payloads into cluster objects (e.g., ClusterVersion spec....

6.9CVSS5.7AI score0.00176EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2026/06/25 11:23 p.m.45 views

CVE-2026-13083 Pen-drive: pen-drive: stored xss via unescaped cluster data in html report

A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored cross-site scripting XSS payload into cluster objects such as ClusterVersion...

6.9CVSS0.00176EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/04/28 1:6 p.m.7 views

CVE-2026-5944

An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible within the network scope of the deployment environment without authentication. An unauthenticated...

8.8CVSS5.3AI score0.00533EPSS
Exploits0References4Affected Software1
cve
cve
added 2026/04/28 1:6 p.m.49 views

CVE-2026-5944

Cisco Intersight Device Connector for Nutanix Prism Central exposes an unauthenticated API passthrough on TCP 7373. An unauthenticated network attacker can query the endpoint to enumerate cluster metadata (VM information and cluster configuration). The API is primarily read-only, but some cluster...

8.8CVSS5.4AI score0.00533EPSS
Exploits0References3Affected Software1
snyk
snyk
added 2026/03/20 8:48 p.m.3 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in multiple functions in the gRPC API layer, including MemberList and Compact. An attacker can gain unauthorized access to sensitive cluster operations and information, such as viewing cluster topology, disrupting...

8.8CVSS5.8AI score0.00249EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/10/25 12:0 a.m.4 views

Karmada Dashboard 安全漏洞

Karmada Dashboard is a web user interface from karmada-io open source. A security vulnerability exists in versions of Karmada Dashboard prior to 0.2.0 that stems from a back-end API endpoint that does not enforce authentication, which could lead to unauthenticated users accessing sensitive cluste...

8.7CVSS6.3AI score0.00607EPSS
Exploits0References1
snyk
snyk
added 2025/10/24 3:27 p.m.3 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the /api/v1/secret, and /api/v1/service endpoints. An attacker can retrieve sensitive cluster information by sending unauthenticated requests directly to exposed API paths. Workaround Thi...

8.7CVSS6.8AI score0.00607EPSS
Exploits0References3
susecve
susecve
added 2025/10/22 11:24 p.m.5 views

SUSE CVE-2025-54470

This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server. In affected versions, NeuVector does not enforce TLS certificate verification when...

8.6CVSS6.6AI score0.00179EPSS
Exploits0References4
osv
osv
added 2025/10/21 4:15 p.m.6 views

CVE-2025-62250

Improper Authentication in Liferay Portal 7.4.0 through 7.4.3.132, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to send malicious data to the Lifer...

6.5CVSS7AI score0.00164EPSS
Exploits0References1
snyk
snyk
added 2025/04/15 9:19 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via Service Call functionality. A user with sufficient privileges to create Kyverno policies can expose all data from a Kubernetes cluster using a malicious Kyverno policy that makes external service cal...

7.1CVSS6.9AI score
Exploits0References2
snyk
snyk
added 2025/04/15 9:19 p.m.1 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via Service Call functionality. A user with sufficient privileges to create Kyverno policies can expose all data from a Kubernetes cluster using a malicious Kyverno policy that makes external service cal...

7.1CVSS6.9AI score
Exploits0References2
snyk
snyk
added 2025/04/15 9:19 p.m.2 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via Service Call functionality. A user with sufficient privileges to create Kyverno policies can expose all data from a Kubernetes cluster using a malicious Kyverno policy that makes external service cal...

7.1CVSS6.9AI score
Exploits0References2
snyk
snyk
added 2025/04/15 9:19 p.m.2 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via Service Call functionality. A user with sufficient privileges to create Kyverno policies can expose all data from a Kubernetes cluster using a malicious Kyverno policy that makes external service cal...

7.1CVSS6.9AI score
Exploits0References2
susecve
susecve
added 2025/01/30 3:47 a.m.3 views

SUSE CVE-2025-23047

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An insecure default Access-Control-Allow-Origin header value could lead to sensitive data exposure for users of Cilium versions 1.14.0 through 1.14.7, 1.15.0 through 1.15.11, and 1.16.0 through 1.16.4 who...

6.5CVSS6.5AI score0.00481EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2024/04/03 12:0 a.m.8 views

PT-2024-3859 · Cisco · Cisco Nexus Dashboard

Name of the Vulnerable Software and Affected Versions: Cisco Nexus Dashboard affected versions not specified Description: The issue is related to insufficient access controls on a specific API endpoint, allowing a remote attacker to gain unauthorized access to protected information by sending...

4.3CVSS7.3AI score0.00407EPSS
Exploits0References3
attackerkb
attackerkb
added 2024/02/28 10:15 p.m.2 views

CVE-2023-45859

In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster...

7.6CVSS7.1AI score0.00503EPSS
Exploits0References3
cnnvd
cnnvd
added 2024/02/28 12:0 a.m.30 views

Hazelcast Security Breach

Hazelcast Hazelcast IMDG is a set of scalable open source data distribution platform of the U.S. Hazelcast company . The platform supports a variety of distributed data structures, supports distributed caching and other features. Hazelcast has a security vulnerability that stems from the inabilit...

7.6CVSS6.5AI score0.00503EPSS
Exploits0References4
Rows per page
Query Builder