CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 5 days ago•6 views

Exploits0References3

CVE-2026-41115

4.3CVSS0.00089EPSS

Exploits0References2

EUVD•added 5 days ago•7 views

EUVD-2026-33904

ATTACKERKB•added 5 days ago•7 views

CVE-2026-41115

5.8AI score0.00089EPSS

Exploits0References2Affected Software1

Vulnrichment•added 5 days ago•6 views

CVE-2026-41115 Apache Kafka: Improper Authorization in CONSUMER_GROUP_DESCRIBE API

5.8AI score0.00089EPSS

CVE•added 5 days ago•99 views

CVE-2026-41115

Summary: CVE-2026-41115 describes an improper authorization issue in Apache Kafka related to the CONSUMER_GROUP_DESCRIBE API. The vulnerability discussion notes a discrepancy between ACLs and documented permissions, but states that the correct permission for the API is DESCRIBE GROUP and that the...

Exploits0References2Affected Software1

Cvelist•added 5 days ago•34 views

CVE-2026-41115 Apache Kafka: Improper Authorization in CONSUMER_GROUP_DESCRIBE API

0.00089EPSS

Positive Technologies•added 5 days ago•13 views

PT-2026-45725

Name of the Vulnerable Software and Affected Versions Apache Kafka affected versions not specified Description An improper authorization issue exists in the 'CONSUMER GROUP DESCRIBE' 69 API. The implementation validates the DESCRIBE operation on the GROUP resource, which contradicts the READ...

Snyk•added 2026/05/27 11:20 p.m.•7 views

Exploits0References7

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the check field in metadata files due to unsafe execution using /bin/bash -c. An attacker can craft malicious metadata that executes arbitrary shell commands on the victim’s system when common uniget operations suc...

8.6CVSS6AI score0.00038EPSS

Exploits0References2

EUVD•added 2026/05/27 9:5 p.m.•7 views

EUVD-2026-32670

uniget is a universal installer and updater for container tools. Prior to 0.27.1, a command injection vulnerability exists in uniget due to unsafe execution of the check field from metadata files using /bin/bash -c. Because the check field is loaded directly from untrusted JSON metadata without...

7.8CVSS6.4AI score0.00038EPSS

EUVD•added 2026/05/21 5:42 p.m.•6 views

EUVD-2026-30420

Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path...

8.5CVSS5.8AI score0.00055EPSS

Exploits0References5

OSV•added 2026/05/21 5:42 p.m.•2 views

GHSA-7HH5-PRP2-MFH5 Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path

Summary Amazon SageMaker Python SDK is an open-source library for training and deploying machine learning models on Amazon SageMaker. An issue exists where, under certain circumstances, the ModelBuilder/Serve component stores an HMAC signing key in cleartext as a container environment variable,...

Github Security Blog•added 2026/05/21 5:42 p.m.•8 views

Exploits0References6

Cleartext storage of HMAC signing key in Amazon SageMaker Python SDK ModelBuilder/Serve path

Exploits0References6Affected Software1

Snyk•added 2026/05/21 5:42 p.m.•7 views

Cleartext Storage of Sensitive Information

Overview sagemaker-serve is a SageMaker Serve package for model serving and deployment Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in the ModelBuilder/Serve component. An attacker can extract sensitive HMAC signing keys by accessing the SageMaker...

9.1CVSS6.2AI score0.00055EPSS

Exploits0References2

Positive Technologies•added 2026/05/21 12:0 a.m.•7 views

PT-2026-42603

RedhatCVE•added 2026/05/15 7:57 p.m.•4 views

Exploits0References7

CVE-2026-8596

Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for special...