Lucene search
K

2360 matches found

IBM Security Bulletins
IBM Security Bulletins
added yesterday5 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a HTTP Request Smuggling Vulnerability in Netty (CVE-2026-33870)

Summary Netty is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCD as part of the Server/Agent/Relay communication system. CVE-2026-33870. Vulnerability Details CVEID:CVE-2026-33870 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to...

7.5CVSS6.6AI score0.0064EPSS
Exploits1Affected Software1
NVD
NVD
added 2 days ago8 views

CVE-2026-58065

The Apache Airflow Git provider runs its git-over-SSH operations with StrictHostKeyChecking=no by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server man-in-the-middle, capturing the S...

8.1CVSS0.00461EPSS
Exploits0References3
CVE
CVE
added 2 days ago17 views

CVE-2026-58065

The CVE affects the Apache Airflow Git provider when performing git-over-SSH operations with StrictHostKeyChecking=no, which disables SSH host-key verification and enables MITM risk between an Airflow worker and the Git server. Deployments that clone over SSH using a deploy key or involve the Git...

8.1CVSS6.1AI score0.00461EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-43499

The Apache Airflow Git provider runs its git-over-SSH operations with StrictHostKeyChecking=no by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server man-in-the-middle, capturing the S...

8.1CVSS6.1AI score0.00461EPSS
Exploits0References2
NVD
NVD
added 5 days ago7 views

CVE-2026-44383

Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy multiple instances of malicious OCPP clients to overwhelm the backend...

8.7CVSS0.00563EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42902

PraisonAI versions before 4.6.78 contain a code injection vulnerability in deploy/api.py where the agentsfile parameter is directly interpolated into an f-string without sanitization. Attackers can inject arbitrary Python code that executes when the generated server code runs via subprocess.Popen...

9.4CVSS6.2AI score0.00392EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-57196

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.6.78 Description A code injection issue exists in the deploy/api.py file. The agents file parameter is directly interpolated into an f-string without proper sanitization. This interpolated string is used to genera...

9.4CVSS6.3AI score0.00392EPSS
Exploits0References8
NVD
NVD
added 6 days ago11 views

CVE-2026-56459

HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure. The application stores potentially sensitive information in log files that could be read by a local user...

6.2CVSS0.00141EPSS
Exploits0References1
NVD
NVD
added 6 days ago9 views

CVE-2026-56458

HCL DevOps Deploy uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...

7.5CVSS0.00248EPSS
Exploits0References1
CVE
CVE
added 6 days ago14 views

CVE-2026-56460

CVE-2026-56460 affects HCL DevOps Deploy / HCL Launch. The issue is an Insertion of Sensitive Information Into Sent Data where sensitive configurations and secrets can be disclosed to authenticated users via API responses, enabling potential follow-on attacks. CVSS3.1 metrics indicate Network acc...

6.5CVSS5.8AI score0.00379EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-56460 HCL DevOps Deploy / HCL Launch is susceptible to an Insertion of Sensitive Information Into Sent Data vulnerability

HCL DevOps Deploy / HCL Launch could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system...

6.5CVSS0.00379EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-56460

HCL DevOps Deploy / HCL Launch could disclose sensitive configurations and secrets to authenticated users in API responses that could be used in further attacks against the system...

6.5CVSS5.8AI score0.00379EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42552

HCL DevOps Deploy uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...

5.4CVSS5.9AI score0.00248EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-56458

HCL DevOps Deploy uses Cross-Origin Resource Sharing CORS which could allow an attacker to carry out privileged actions and retrieve sensitive information as the domain name is not being limited to only trusted domains...

5.4CVSS5.9AI score0.00248EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-56459 HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure

HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure. The application stores potentially sensitive information in log files that could be read by a local user...

6.2CVSS0.00141EPSS
Exploits0References1
CVE
CVE
added 6 days ago12 views

CVE-2026-56459

CVE-2026-56459 affects HCL DevOps Deploy / HCL Launch. The issue: the application stores potentially sensitive information in log files, which could be read by a local user, enabling sensitive data disclosure. Details in the provided documents indicate a local-access exposure due to log handling,...

6.2CVSS5.9AI score0.00141EPSS
Exploits0References1Affected Software2
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-56459

HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure. The application stores potentially sensitive information in log files that could be read by a local user...

6.2CVSS5.9AI score0.00141EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-56765

Name of the Vulnerable Software and Affected Versions HCL DevOps Deploy / HCL Launch affected versions not specified Description HCL DevOps Deploy / HCL Launch may disclose sensitive configurations and secrets to authenticated users through API responses. This information leakage could be leverag...

6.5CVSS6.1AI score0.00379EPSS
Exploits0References5
CVE
CVE
added last week8 views

CVE-2026-56293

Capgo before 12.128.2 contains an authorization flaw in transfer_app() that fails to update deploy_history.owner_org when transferring applications between organizations. Attackers can exploit this omission to retain unauthorized access to deployment history records in the source organization or ...

5.4CVSS6AI score0.00143EPSS
Exploits0References2
Cvelist
Cvelist
added last week30 views

CVE-2026-56293 Capgo - Stale Cross-Organization Authorization via Incomplete deploy_history Update in transfer_app()

Capgo before 12.128.2 contains an authorization flaw in transferapp that fails to update deployhistory.ownerorg when transferring applications between organizations. Attackers can exploit this omission to retain unauthorized access to deployment history records in the source organization or cause...

5.4CVSS0.00143EPSS
Exploits0References2
Rows per page
Query Builder