Lucene search
K

9204 matches found

OSV
OSV
added 2026/04/21 2:53 p.m.9 views

GHSA-69RW-45WJ-G4V6 Spinnaker: RCE via expression parsing due to unrestricted context handling

Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL Spring Expression Language to process information - specifically around expected artifacts. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, unlike orca, it was NOT...

9.9CVSS5.9AI score0.00553EPSS
Exploits0References8
EUVD
EUVD
added 2026/04/21 2:48 p.m.4 views

EUVD-2026-23963

Spinnaker: RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths...

9.9CVSS5.8AI score0.00606EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/21 2:48 p.m.8 views

Spinnaker: RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths

Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, a bad actor can execute arbitrary commands very simply on the clouddriver pods. This can expose credentials, remove files, or inject resources easily. Versions...

9.9CVSS5.7AI score0.00606EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/04/21 2:48 p.m.6 views

GHSA-X3J7-7PGJ-H87R Spinnaker: RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths

Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, a bad actor can execute arbitrary commands very simply on the clouddriver pods. This can expose credentials, remove files, or inject resources easily. Versions...

9.9CVSS6.1AI score0.00606EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/21 1:57 p.m.7 views

Security Bulletin: There is a vulnerability in vertx-core-4.1.0.jar used by IBM Maximo Asset Management application (CVE-2026-1002)

Summary There is a vulnerability in vertx-core-4.1.0.jar used by IBM Maximo Asset Management application CVE-2026-1002 Vulnerability Details CVEID:CVE-2026-1002 DESCRIPTION: The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler...

6.9CVSS5.7AI score0.00343EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/04/21 1:22 p.m.10 views

CLSA-2026-1776777715 gstreamer1-plugins-good: Fix of 2 CVEs

CVE-2026-3083, CVE-2026-3085: disable rtpqdm2depay element to fix heap buffer overflow and out-of-bounds write via crafted RTP payloads...

8.8CVSS7.5AI score0.00828EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/21 12:47 p.m.6 views

CVE-2026-39388

A flaw was found in OpenBao, an open source identity-based secrets management system. When renewing tokens using the Certificate authentication method with disablebinding=true, the system incorrectly verifies the presented mTLS mutual Transport Layer Security certificate. This vulnerability allow...

3.1CVSS5.7AI score0.00101EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/04/21 12:16 p.m.5 views

SUSE CVE-2026-39388

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication method, when a token renewal is requested and disablebinding=true is set, attempts to verify the current request's presented mTLS certificate matches the original. Toke...

3.1CVSS5.7AI score0.00101EPSS
Exploits0References3
NVD
NVD
added 2026/04/21 7:16 a.m.4 views

CVE-2026-6703

The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticat...

4.3CVSS0.0023EPSS
Exploits0References8
NVD
NVD
added 2026/04/21 1:16 a.m.4 views

CVE-2026-39388

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication method, when a token renewal is requested and disablebinding=true is set, attempts to verify the current request's presented mTLS certificate matches the original. Toke...

3.1CVSS0.00101EPSS
Exploits0References1
OSV
OSV
added 2026/04/21 1:16 a.m.5 views

DEBIAN-CVE-2026-39378

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when HTMLExporter.embedimages=True, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook...

6.5CVSS5.5AI score0.00306EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/21 12:43 a.m.2 views

CVE-2026-39388

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication method, when a token renewal is requested and disablebinding=true is set, attempts to verify the current request's presented mTLS certificate matches the original. Toke...

2CVSS5.7AI score0.00101EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/21 12:43 a.m.5 views

CVE-2026-39388 OpenBao's Certificate Authentication Allows Token Renewal With Different Certificate

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication method, when a token renewal is requested and disablebinding=true is set, attempts to verify the current request's presented mTLS certificate matches the original. Toke...

2CVSS5.7AI score0.00101EPSS
Exploits0References1
CVE
CVE
added 2026/04/21 12:43 a.m.19 views

CVE-2026-39388

OpenBao (open source identity-based secrets management) prior to version 2.5.3 contains a flaw in the Certificate authentication method: when a token renewal is requested with disable_binding=true, the system attempts to verify that the presented mTLS certificate matches the original. Due to inco...

3.1CVSS5.7AI score0.00101EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/21 12:43 a.m.3 views

CVE-2026-39388

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication method, when a token renewal is requested and disablebinding=true is set, attempts to verify the current request's presented mTLS certificate matches the original. Toke...

3.1CVSS5.5AI score0.00101EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/21 12:17 a.m.15 views

CVE-2026-39378 nbconvert has an Arbitrary File Read via Path Traversal in HTMLExporter Image Embedding

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when HTMLExporter.embedimages=True, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook...

6.5CVSS5.9AI score0.00306EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/04/21 12:17 a.m.4 views

CVE-2026-39378

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when HTMLExporter.embedimages=True, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook...

6.5CVSS5.5AI score0.00306EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.7 views

Unity Linux 20.1050e / 20.1060e Security Update: kernel (UTSA-2026-011122)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011122 advisory. In the Linux kernel, the following vulnerability has been resolved: quota: fix warning in dqgrab There's issue as follows when do fault injection: WARNING: CPU: 1...

5.8AI score0.00191EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.10 views

ClearanceKit 安全漏洞

ClearanceKit is a macOS file system access control tool developed by Craig J. Bass. Versions of ClearanceKit prior to 5.0.6 contained security vulnerabilities. These vulnerabilities stemmed from the opfilter Endpoint Security system extension, which could be suspended or terminated by the root...

8.2CVSS5.8AI score0.00105EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.7 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-010870)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010870 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Panic on bad configs that VE on private memory access All normal kernel memory is TDX...

5.5CVSS6.3AI score0.0014EPSS
Exploits0References4
Rows per page
Query Builder