217 matches found
CVE-2026-44917
OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxetemplate...
CVE-2026-44917
OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxetemplate...
EUVD-2026-34202
OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxetemplate...
PT-2026-46138
Name of the Vulnerable Software and Affected Versions OpenStack Ironic versions prior to 35.0.2 Description An authenticated project admin or manager can read local files on the Ironic conductor by exploiting the pxe template variable. Recommendations Update to version 35.0.2 or later...
CVE-2026-44917
OpenStack Ironic (prior to 35.0.2) is vulnerable to an information-disclosure issue where a malicious authenticated project admin or manager can read local files on the Ironic conductor via a pxe_template. This CVE is documented across multiple sources (OpenStack Ironic, Debian tracker, CVE lists...
OpenStack Ironic 安全漏洞
OpenStack Ironic is an integrated OpenStack application. It is used to configure bare machines rather than virtual machines. Versions of OpenStack Ironic prior to 35.0.2 contained a security vulnerability. This vulnerability stemmed from allowing malicious project administrators or managers to re...
CVE-2026-41253
In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 data, if the working directory contains a malicious file whose name is valid output from the conductor encoding path, such as a pathname with an initial ace/c+ substring, aka "hypothetical in-band...
CVE-2026-41253
In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 data, if the working directory contains a malicious file whose name is valid output from the conductor encoding path, such as a pathname with an initial ace/c+ substring, aka "hypothetical in-band...
CVE-2026-41253
Affected software: iTerm2 versions up to 3.6.9 (with notes in Red Hat and EU sources also referencing iTerm2 < 3.6.10 and
CVE-2026-41253
In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 data, if the working directory contains a malicious file whose name is valid output from the conductor encoding path, such as a pathname with an initial ace/c+ substring, aka "hypothetical in-band...
EUVD-2026-23656
In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 data, if the working directory contains a malicious file whose name is valid output from the conductor encoding path, such as a pathname with an initial ace/c+ substring, aka "hypothetical in-band...
CVE-2026-41253
In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 data, if the working directory contains a malicious file whose name is valid output from the conductor encoding path, such as a pathname with an initial ace/c+ substring, aka "hypothetical in-band...
CVE-2026-41253
In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 data, if the working directory contains a malicious file whose name is valid output from the conductor encoding path, such as a pathname with an initial ace/c+ substring, aka "hypothetical in-band...
PT-2026-33591
In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 data, if the working directory contains a malicious file whose name is valid output from the conductor encoding path, such as a pathname with an initial ace/c+ substring, aka "hypothetical in-band...
com.embabel.agent:embabel-agent-bedrock-autoconfigure (>=0.3.0 <=0.3.4), com.embabel.agent:embabel-agent-starter-bedrock (>=0.3.0 <=0.3.4) +4 more potentially affected by CVE-2026-22742 via org.springframework.ai:spring-ai-bedrock-converse (>=1.1.0-M1 <=1.1.3)
org.springframework.ai:spring-ai-bedrock-converse MAVEN version =1.1.0-M1, =0.3.0, =0.3.0, =.30.0.rc1, =.30.0.rc1, =.30.0.rc1, =1.1.0, =1.1.3 Source cves: CVE-2026-22742 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-15791534...
com.embabel.agent:embabel-agent-bedrock-autoconfigure (>=0.3.0 <=0.3.4), com.embabel.agent:embabel-agent-starter-bedrock (>=0.3.0 <=0.3.4) +4 more potentially affected by CVE-2026-22742 via org.springframework.ai:spring-ai-bedrock-converse (>=1.1.0-M1 <=1.1.3)
org.springframework.ai:spring-ai-bedrock-converse MAVEN version =1.1.0-M1, =0.3.0, =0.3.0, =.30.0.rc1, =.30.0.rc1, =.30.0.rc1, =1.1.0, =1.1.3 Source cves: CVE-2026-22742 Source advisory: OSV:GHSA-MHRG-94VW-45C5...
Malicious code in conductor-managed-airflow-environment (npm)
The package exfiltrates system data to remote server. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5f29800aadc2ebe943dd6adcc062837b02d670ffa617e03508fa7d6c7366494 The package conductor-managed-airflow-environment was found to contain malicious code. Source:...
MAL-2026-1385 Malicious code in conductor-managed-airflow-environment (npm)
The package exfiltrates system data to remote server. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5f29800aadc2ebe943dd6adcc062837b02d670ffa617e03508fa7d6c7366494 The package conductor-managed-airflow-environment was found to contain malicious code. Source:...
CVE-2025-21589
An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authentication and take administrative control of the device. This issue affects Session Smart Router: from 5.6.7 before 5.6.17, from...
CVE-2025-21589 Session Smart Router, Session Smart Conductor, WAN Assurance Router: API Authentication Bypass vulnerability
An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authentication and take administrative control of the device. This issue affects Session Smart Router: from 5.6.7 before 5.6.17, from...