Lucene search
K

7646 matches found

Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-14904 RES Auth.GetUserPrivateKey Arbitrary File Read

AWS Research and Engineering Studio RES is an open-source solution that enables researchers and engineers to create and manage secure virtual desktops and computing resources on AWS. Improper link resolution before file access issue CWE-59 in the Auth.GetUserPrivateKey API. An authenticated remot...

7.1CVSS0.00381EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-14904

AWS Research and Engineering Studio RES is an open-source solution that enables researchers and engineers to create and manage secure virtual desktops and computing resources on AWS. Improper link resolution before file access issue CWE-59 in the Auth.GetUserPrivateKey API. An authenticated remot...

7.1CVSS6.2AI score0.00381EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 4 days ago15 views

Important: Red Hat Security Advisory: RHACS 4.9.9 security and bug fix update

Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...

9.4CVSS6.8AI score0.00813EPSS
Exploits0References19
RedHat Linux
RedHat Linux
added 4 days ago5 views

Important: Red Hat Security Advisory: RHACS 4.11.1 security and bug fix update

Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...

10CVSS5.9AI score0.00813EPSS
Exploits1References14
RedHat Linux
RedHat Linux
added 4 days ago6 views

Important: Red Hat Security Advisory: Assisted Installer RHEL 8 components for Multicluster Engine for Kubernetes 2.6.12

Assisted installer RHEL 8 components for the multicluster engine for Kubernetes 2.6.12 General Availability release, with updates to container images. Assisted Installer RHEL 8 integrates components for the general multicluster engine for Kubernetes 2.6.12 release that simplify the process of...

9.6CVSS6AI score0.00478EPSS
Exploits0References4
NVD
NVD
added 5 days ago14 views

CVE-2026-9165

A flaw was found in Red Hat Advanced Cluster Security for Kubernetes RHACS. Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central...

7.7CVSS0.00319EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 5 days ago6 views

CVE-2026-9165 Stackrox: stackrox: unbounded graphql query depth allows authenticated denial of service

A flaw was found in Red Hat Advanced Cluster Security for Kubernetes RHACS. Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central...

7.7CVSS5.9AI score0.00319EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-9165

A flaw was found in Red Hat Advanced Cluster Security for Kubernetes RHACS. Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central...

7.7CVSS5.9AI score0.00319EPSS
Exploits0References6
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-41859

A flaw was found in Red Hat Advanced Cluster Security for Kubernetes RHACS. Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central...

7.7CVSS5.9AI score0.00319EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-56056

Name of the Vulnerable Software and Affected Versions Cilium versions 1.19.0 through 1.19.3 Cilium versions 1.18.2 through 1.18.9 Cilium versions prior to 1.17.16 Description Users capable of creating CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs using the addressMatcher parameter...

6.9CVSS6AI score0.00341EPSS
Exploits0References17
OSV
OSV
added 2026/07/02 8:44 p.m.3 views

GHSA-2V8P-FQPX-2Q3W jxl-oxide: integer subtraction overflow panic in cluster_from_table via crafted JXL input (DoS)

Summary Logic bug in decodesimpletableslow may cause integer arithmetic overflow when decoding Modular image with certain kind of MA tree, which may panic with overflow-checks enabled. Impact Denial of service: any application passing untrusted JXL data to JxlImage::renderframe or equivalent can ...

6.2CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2026/07/01 8:57 p.m.5 views

GHSA-VX8H-4PRV-G744 Rancher has Privilege Escalation from Project Owner to Host

Impact A vulnerability has been identified in Rancher Manager that allows users assigned the Project Owner role to modify Pod Security Admission PSA labels on namespaces within their projects. Under the default role configuration, an attacker with the following access pattern can exploit this...

9.4CVSS5.8AI score0.00319EPSS
Exploits0References5
OSV
OSV
added 2026/07/01 8:45 p.m.3 views

GHSA-XR65-5CPM-G36X Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer

Impact A vulnerability in Fleet for Rancher Manager affects multi-tenancy environments where different tenants share the same downstream clusters e.g., different privileged or untrusted teams inside the same organization. On unpatched versions, tenants could bypass restrictions to access any conf...

9.9CVSS5.8AI score0.00585EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/01 4:16 p.m.6 views

Important: Red Hat Security Advisory: Logging for Red Hat OpenShift - 6.4.6

Logging for Red Hat OpenShift - 6.4.6 Red Hat OpenShift Logging 6.4.6 is a cluster-wide logging solution for OpenShift that collects and manages applications, infrastructure, and audit logs...

9.6CVSS6.7AI score0.01557EPSS
Exploits2References11
NVD
NVD
added 2026/07/01 3:17 p.m.9 views

CVE-2026-6686

FatFs R0.16 and earlier contains an uninitialized cluster exposure when flseek extends files beyond EOF without zero-filling newly allocated clusters. This maps to CWE-908 Use of Uninitialized Resource. Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 4.6, Medium. The...

4.6CVSS0.00177EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2026/07/01 2:36 p.m.12 views

Critical: Red Hat Security Advisory: Cluster Observability Operator 1.5.0

The Cluster Observability Operator COO is a Red Hat OpenShift Container Platform Operator that you can deploy to manage observability component stacks by using custom resource descriptions CRDs. The 1.5 release of COO...

9.8CVSS6.7AI score0.03732EPSS
Exploits18References44
OSV
OSV
added 2026/06/30 6:18 p.m.3 views

GHSA-WMGG-3P4H-48X7 Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover

Summary A stronger framing of the same root cause as GHSA-gx55-f84r-v3r7: the Environment.spec.runtime.podSpec / spec.builder.podSpec passthrough lacked validation, and MergePodSpec propagated dangerous fields into the generated pods. Details Three independent flaws compounded: 1. Validate gap...

9.9CVSS5.8AI score0.003EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/30 3:57 p.m.39 views

CVE-2026-58371 SeaweedFS < 4.30 - Cross-Origin Information Disclosure via Unvalidated JSONP callback Parameter

SeaweedFS before 4.30 reflects the callback query parameter verbatim into responses served with Content-Type application/javascript in the shared writeJson helper weed/server/common.go, with no callback-name validation, no X-Content-Type-Options: nosniff header, and no CORS allow-list. Every JSON...

3.1CVSS0.0021EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/30 12:52 p.m.7 views

EUVD-2026-40310

Arbitrary File Read Unauthenticated in NetScaler ADC and NetScaler Gateway if the access to NSIP, Cluster Management IP or SNIP with management access is enabled...

7.1CVSS5.8AI score0.00415EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 12:52 p.m.32 views

CVE-2026-10816

CVE-2026-10816 affects NetScaler ADC and NetScaler Gateway. The issue is an Arbitrary File Read that is unauthenticated when access to NSIP, Cluster Management IP or SNIP with management access is enabled. According to the sources, the vulnerability allows read access to files, impacting confiden...

7.5CVSS5.8AI score0.00415EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder