Lucene search
+L

12 matches found

nvd
nvd
added 2026/05/28 7:16 p.m.22 views

CVE-2026-45044

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the admin router explicitly whitelists /profile/cpu and /profile/memory from the authentication layer, allowing any unauthenticated HTTP client to invoke profiling handlers without credentials. On supported builds...

8.8CVSS0.0031EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/28 6:31 p.m.12 views

CVE-2026-45044 RustFS: Authentication bypass in /profile/cpu and /profile/memory allows unauthenticated access to profiling handlers

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the admin router explicitly whitelists /profile/cpu and /profile/memory from the authentication layer, allowing any unauthenticated HTTP client to invoke profiling handlers without credentials. On supported builds...

8.8CVSS5.8AI score0.0031EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/28 6:31 p.m.12 views

CVE-2026-45044

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the admin router explicitly whitelists /profile/cpu and /profile/memory from the authentication layer, allowing any unauthenticated HTTP client to invoke profiling handlers without credentials. On supported builds...

8.8CVSS5.8AI score0.0031EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2026/05/28 6:31 p.m.31 views

CVE-2026-45044 RustFS: Authentication bypass in /profile/cpu and /profile/memory allows unauthenticated access to profiling handlers

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the admin router explicitly whitelists /profile/cpu and /profile/memory from the authentication layer, allowing any unauthenticated HTTP client to invoke profiling handlers without credentials. On supported builds...

8.8CVSS0.0031EPSS
Exploits0References1
euvd
euvd
added 2026/05/28 6:31 p.m.12 views

EUVD-2026-32994

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the admin router explicitly whitelists /profile/cpu and /profile/memory from the authentication layer, allowing any unauthenticated HTTP client to invoke profiling handlers without credentials. On supported builds...

8.8CVSS5.8AI score0.0031EPSS
Exploits0References1
osv
osv
added 2026/05/28 6:31 p.m.2 views

CVE-2026-45044 RustFS: Authentication bypass in /profile/cpu and /profile/memory allows unauthenticated access to profiling handlers

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the admin router explicitly whitelists /profile/cpu and /profile/memory from the authentication layer, allowing any unauthenticated HTTP client to invoke profiling handlers without credentials. On supported builds...

8.8CVSS6AI score0.0031EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/05/28 12:0 a.m.13 views

PT-2026-44471

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the admin router explicitly whitelists /profile/cpu and /profile/memory from the authentication layer, allowing any unauthenticated HTTP client to invoke profiling handlers without credentials. On supported builds...

8.8CVSS5.8AI score0.0031EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/01/21 9:45 p.m.5 views

CVE-2026-23517 Fleet has an Access Control vulnerability in debug/pprof endpoints

Fleet is open source device management software. A broken access control issue in versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 allowed authenticated users to access debug and profiling endpoints regardless of role. As a result, low-privilege users could view internal server...

8.7CVSS5.5AI score0.00246EPSS
Exploits0References2
osv
osv
added 2025/06/26 8:34 a.m.4 views

SUSE-SU-2025:02121-1 Security update for helm

This update for helm fixes the following issues: Update to version 3.18.3: builddeps: bump golang.org/x/crypto from 0.38.0 to 0.39.0 6838ebc dependabotbot fix: user username password for login 5b9e2f6 Terry Howe Update pkg/registry/transport.go 2782412 Terry Howe Update pkg/registry/transport.go...

6.5CVSS6.8AI score0.00478EPSS
Exploits0References3
fedora
fedora
added 2024/12/10 1:19 a.m.11 views

[SECURITY] Fedora 40 Update: rust-rbspy-0.24.0-3.fc40

Sampling CPU profiler for Ruby...

7.4AI score
Exploits0
zdt
zdt
added 2024/04/12 12:0 a.m.316 views

Ray OS v2.6.3 - Command Injection Exploit

Exploit Title: Ray OS v2.6.3 - Command Injection RCEUnauthorized Description: The Ray Project dashboard contains a CPU profiling page, and the format parameter is not validated before being inserted into a system command executed in a shell, allowing for arbitrary command execution. If the system...

9.8CVSS8.7AI score0.7463EPSS
Exploits15
exploitdb
exploitdb
added 2024/04/12 12:0 a.m.335 views

Ray OS v2.6.3 - Command Injection RCE(Unauthorized)

Exploit Title: Ray OS v2.6.3 - Command Injection RCEUnauthorized Description: The Ray Project dashboard contains a CPU profiling page, and the format parameter is not validated before being inserted into a system command executed in a shell, allowing for arbitrary command execution. If the system...

9.8CVSS8.7AI score0.7463EPSS
Exploits15
Rows per page
Query Builder