Lucene search
K

1848 matches found

NVD
NVD
added 2026/06/02 2:17 p.m.16 views

CVE-2026-9844

Use of default credentials vulnerability in Roche Diagnostics navify Digital Pathology RabbitMQ Management interface modules allows Default Usernames and Passwords. This issue affects navify Digital Pathology: from 2.0.0 before 2.4.1...

8.8CVSS0.00239EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.6 views

Roche Diagnostics navify Digital Pathology 安全漏洞

Roche Diagnostics navify Digital Pathology is an enterprise-level digital pathology software platform developed by Roche Diagnostics for the management and collaboration of pathological images. Versions 2.0.0 to 2.4.1 of Roche Diagnostics navify Digital Pathology contained security vulnerabilitie...

8.8CVSS5.3AI score0.00239EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/29 6:20 p.m.8 views

Incomplete List of Disallowed Inputs

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the NodeVM builtin allowlist in lib/builtin.js. An attacker can read host-process state by supplying a sandb...

8.2CVSS5.9AI score0.00308EPSS
Exploits0References2
OSV
OSV
added 2026/05/29 6:20 p.m.11 views

GHSA-9G8X-92Q2-P28F NodeVM observability builtins leak host process and HTTP request data

Summary NodeVM exposes some process-wide observability builtins when they are allowed through require.builtin. The following builtins are not blocked by the dangerous builtin denylist: text diagnosticschannel asynchooks perfhooks These modules are process-wide, not sandbox-local. Sandboxed code c...

8.2CVSS5.8AI score0.00308EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/29 6:20 p.m.15 views

NodeVM observability builtins leak host process and HTTP request data

Summary NodeVM exposes some process-wide observability builtins when they are allowed through require.builtin. The following builtins are not blocked by the dangerous builtin denylist: text diagnosticschannel asynchooks perfhooks These modules are process-wide, not sandbox-local. Sandboxed code c...

6.9CVSS5.8AI score0.00308EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/29 12:54 p.m.12 views

CVE-2026-45555 Roslyn CodeLens MCP Server: Untrusted Roslyn Analyzer Execution via get_diagnostics Leads to Arbitrary Code Execution

Roslyn CodeLens MCP Server is a Roslyn-based MCP server providing semantic code intelligence for .NET codebases. From 0.0.9 to 1.17.0, the getdiagnostics MCP tool loads and executes all DiagnosticAnalyzer assemblies referenced by the target solution without any allowlist, signature check, or user...

7.8CVSS6.4AI score0.00143EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 12:54 p.m.25 views

CVE-2026-45555

Summary : The Roslyn CodeLens MCP Server (MCP) processes Diagnostics via get_diagnostics, loading all DiagnosticAnalyzer assemblies in the target solution without any allowlist, signature check, or user confirmation. From versions 0.0.9–1.17.0, this enables arbitrary code execution in the MCP ser...

7.8CVSS6.4AI score0.00143EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.13 views

Roslyn CodeLens MCP Server 安全漏洞

Roslyn CodeLens MCP Server is a Roslyn-based .NET code library tool for deep semantic analysis, developed by Marcel Roozekrans. Versions of Roslyn CodeLens MCP Server from 0.0.9 to 1.17.0 contain security vulnerabilities. These vulnerabilities stem from the getdiagnostics tool, which loads and...

7.8CVSS6.1AI score0.00143EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.12 views

PT-2026-45023

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.4 Description NodeVM exposes process-wide observability builtins when they are permitted via require.builtin. Specifically, the diagnostics channel, async hooks, and perf hooks modules are not included in the dangero...

6.9CVSS5.3AI score0.00308EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 11:35 a.m.12 views

Malicious code in clawpro-diagnostics-metrics-cls (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d176cad00849132cb8df7ca53ac064e1980cea09bfe9b25836a78b4719b08ea The package's dist/index.js contains hardcoded HTTP POST calls targeting http://metadata.tencentyun.com along with reads of process.platform and...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/25 11:35 a.m.14 views

MAL-2026-4527 Malicious code in clawpro-diagnostics-metrics-cls (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d176cad00849132cb8df7ca53ac064e1980cea09bfe9b25836a78b4719b08ea The package's dist/index.js contains hardcoded HTTP POST calls targeting http://metadata.tencentyun.com along with reads of process.platform and...

5.8AI score
Exploits0References1
Fedora
Fedora
added 2026/05/21 11:21 p.m.13 views

[SECURITY] Fedora 44 Update: cockpit-362-1.fc44

The Cockpit Web Console enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more...

8CVSS7AI score0.01016EPSS
Exploits0
Snyk
Snyk
added 2026/05/20 7:7 p.m.8 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the diagnostics endpoint. An attacker can obtain sensitive secret-backed plugin configuration data by accessing this endpoint. Remediation There is no fixed version for...

6.1CVSS5.8AI score
Exploits0References3
Snyk
Snyk
added 2026/05/20 7:7 p.m.5 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the diagnostics endpoint. An attacker can obtain sensitive secret-backed plugin configuration data by accessing this endpoint. Remediation Upgrade...

6.1CVSS5.8AI score
Exploits0References3
OSV
OSV
added 2026/05/20 7:7 p.m.9 views

GO-2026-5010 Kong Ingress Controller for Kubernetes (KIC): Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint in github.com/kong/kubernetes-ingress-controller

Kong Ingress Controller for Kubernetes KIC: Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint in github.com/kong/kubernetes-ingress-controller...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.21 views

PT-2026-42386

Kong Ingress Controller for Kubernetes KIC: Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint in github.com/kong/kubernetes-ingress-controller...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/19 7:28 p.m.9 views

GHSA-3278-C88V-XRH4 Kong Ingress Controller for Kubernetes (KIC): Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint

Summary A vulnerability in the Kong Ingress Controller KIC allows for the unauthorized exposure of sensitive plugin credentials through the diagnostics interface. Even when configured to redact sensitive information using --dump-sensitive-config=false, KIC fails to sanitize the Plugins field in...

4.9CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/19 7:28 p.m.18 views

Kong Ingress Controller for Kubernetes (KIC): Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint

Summary A vulnerability in the Kong Ingress Controller KIC allows for the unauthorized exposure of sensitive plugin credentials through the diagnostics interface. Even when configured to redact sensitive information using --dump-sensitive-config=false, KIC fails to sanitize the Plugins field in...

5.8AI score
Exploits0References2Affected Software3
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.12 views

PT-2026-42362

Summary A vulnerability in the Kong Ingress Controller KIC allows for the unauthorized exposure of sensitive plugin credentials through the diagnostics interface. Even when configured to redact sensitive information using --dump-sensitive-config=false, KIC fails to sanitize the Plugins field in...

4.9CVSS5.8AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/13 2:12 p.m.7 views

CVE-2026-41959 iControl and tmsh REST vulnerability

Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell tmsh network diagnostics commands and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view the network status of destination systems. Note: Software versions which have...

7.1CVSS5.8AI score0.00203EPSS
Exploits0References1
Rows per page
Query Builder