Lucene search
+L

691 matches found

redhatcve
redhatcve
added 2026/07/08 3:56 p.m.6 views

CVE-2026-44918

A flaw was found in OpenStack Ironic. An authenticated project manager can change the node associated with Volume Connectors or Volume Target objects, potentially changing the project permitted to access the object. Volume Connectors contain secrets in environments configuring boot from volume wi...

8.7CVSS5.9AI score0.00426EPSS
Exploits0References5
osv
osv
added 2026/07/02 8:31 p.m.3 views

GHSA-Q62H-354G-5R85 Steeltoe's env sanitizer misses connection strings — leaks embedded DB passwords

Summary The Sanitizer component in the Environment actuator redacts configuration values by matching the configuration key name against a suffix list. The default list password, secret, key, token, .credentials., vcapservices does not cover the standard .NET pattern ConnectionStrings: or Steeltoe...

7.5CVSS5.8AI score0.00185EPSS
Exploits0References5
osv
osv
added 2026/06/25 6:43 p.m.4 views

GO-2026-5231 Dex: Token-exchange endpoint is missing AllowedConnectors enforcement in github.com/dexidp/dex

Dex: Token-exchange endpoint is missing AllowedConnectors enforcement in github.com/dexidp/dex...

5.8AI score
Exploits0References2
cisco
cisco
added 2026/06/24 4:0 p.m.202 views

Cisco Advance Notification for Publication of July 1, 2026, Security Advisories

On July 1, 2026, the Cisco Product Security Incident Response Team PSIRT published the following advisories: Cisco Security Advisory CVE-ID Security Impact Rating CVSS Base Score Cisco Catalyst Center Arbitrary File Read Vulnerability...

7.5CVSS5.8AI score0.00756EPSS
Exploits0References1
astralinux
astralinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: The numconnectors field is incorrectly handled. The UCSI specification states that the numconnectors field consists of 7 bits, with the 8th bit reserved and should be set to zero. Some faulty firmware has been...

5.5CVSS5.9AI score0.00123EPSS
Exploits0References3
nvd
nvd
added 2026/06/17 10:40 a.m.10 views

CVE-2026-35294

Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware component: Mainframe Connectors. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

9.9CVSS0.00411EPSS
Exploits0References1
osv
osv
added 2026/06/09 9:59 p.m.8 views

GHSA-7QJX-GP9H-65QJ Dex: Token-exchange endpoint is missing AllowedConnectors enforcement

Summary server/handlers.go::handleTokenExchange lines 1804-1893 does not call isConnectorAllowedclient.AllowedConnectors, connID before issuing tokens, while sibling handlers do. This is a per-client connector ACL gap on the token-exchange endpoint; the redirect-flow paths enforce the same field...

8.7CVSS5.6AI score
Exploits0References3
snyk
snyk
added 2026/06/09 9:59 p.m.11 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the handleTokenExchange function. An attacker can gain unauthorized access to restricted resources by exploiting the lack of enforcement of allowed connectors when exchanging tokens. This is only exploitable i...

8.7CVSS5.4AI score
Exploits0References2
github
github
added 2026/06/09 9:59 p.m.25 views

Dex: Token-exchange endpoint is missing AllowedConnectors enforcement

Summary server/handlers.go::handleTokenExchange lines 1804-1893 does not call isConnectorAllowedclient.AllowedConnectors, connID before issuing tokens, while sibling handlers do. This is a per-client connector ACL gap on the token-exchange endpoint; the redirect-flow paths enforce the same field...

5.6AI score
Exploits0References3Affected Software1
redhatcve
redhatcve
added 2026/06/05 7:11 p.m.16 views

CVE-2026-8654

Improper input validation in Delphix Continuous Data connectors allows an authenticated user to execute arbitrary operating system commands on the staging or target host...

8.7CVSS5.9AI score0.00234EPSS
Exploits0References1
nessus
nessus
added 2026/06/04 12:0 a.m.11 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Apache Tomcat Connectors vulnerability (USN-8369-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8369-1 advisory. It was discovered that Apache Tomcat Connectors used incorrect default permissions for shared memory on Unix-like...

5.9CVSS6.3AI score0.00326EPSS
Exploits0References2
ubuntu
ubuntu
added 2026/06/02 1:16 p.m.12 views

USN-8369-1: Apache Tomcat Connectors vulnerability

It was discovered that Apache Tomcat Connectors used incorrect default permissions for shared memory on Unix-like systems. A local attacker could possibly use this issue to view or modify modjk configuration data in shared memory, resulting in sensitive information exposure or a denial of service...

5.9CVSS6.3AI score0.00326EPSS
Exploits0
snyk
snyk
added 2026/05/31 9:0 p.m.10 views

Malicious Package

Overview @mlspace/connectors is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
cvelist
cvelist
added 2026/05/28 7:51 p.m.32 views

CVE-2026-49093 Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access

Server-Side Request Forgery CWE-918 in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress controls were intended to block...

6.3CVSS0.00199EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/28 7:47 p.m.35 views

CVE-2026-42398 Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access

Server-Side Request Forgery CWE-918 in Kibana allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connector with a crafted target, an attacker can cause Kibana to issue outbound requests to destinations...

7.7CVSS0.003EPSS
Exploits0References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Revert “usb: typec: ucsi: add a common function ucsiunregisterconnectors”. The recent commit 87d0e2f41b8c “usb: typec: ucsi: add a common function ucsiunregisterconnectors” introduced a regression that caused NULL dereferencing...

5.5CVSS6.1AI score0.00179EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Chromium

The use of after free in Device Trust Connectors in Google Chrome before version 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

8.8CVSS7.3AI score0.00829EPSS
Exploits0References2
vulnersosv
vulnersosv
added 2026/05/15 6:30 p.m.8 views

com.datasqrl.flinkrunner:stdlib-json (>=0.9.0-alpha1 <=0.9.0-alpha2), com.datasqrl:sqrl-discovery (>=0.9.0-alpha1 <=0.9.0-alpha2) +14 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-runtime (>=2.1.0 <=2.1.1)

org.apache.flink:flink-table-runtime MAVEN version =2.1.0, =0.9.0-alpha1, =0.9.0-alpha1, =0.9.0-alpha1, =0.9.0-alpha1, =26.0.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.1 and more Source cves: CVE-2026-35194 Source advisory: OSV:GHSA-2F54-V4HM-FX73...

8.1CVSS5.4AI score0.00381EPSS
Exploits0
vulnersosv
vulnersosv
added 2026/05/15 6:30 p.m.7 views

com.datasqrl.flinkrunner:datagen-connectors (=0.10.1), com.datasqrl.flinkrunner:kafka-safe-connector (>=0.9.0 <=0.10.1) +75 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-api-java (=2.2.0)

org.apache.flink:flink-table-api-java MAVEN version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.flink:flink-table-api-java and may be impacted: - com.datasqrl.flinkrunner:datagen-connectors =0.10.1 -...

8.1CVSS5.4AI score0.00381EPSS
Exploits0
nvd
nvd
added 2026/05/15 7:16 a.m.32 views

CVE-2026-8654

Improper input validation in Delphix Continuous Data connectors allows an authenticated user to execute arbitrary operating system commands on the staging or target host...

8.7CVSS0.00234EPSS
Exploits0References1
Rows per page
Query Builder