Lucene search
K

9204 matches found

Oracle linux
Oracle linux
added 2026/04/21 12:0 a.m.14 views

kernel security update

4.18.0-553.120.1 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

7.8CVSS6AI score0.00171EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.6 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013289)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013289 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing: Fix warning in tracebufferedeventdisable Warning happened in tracebufferedeventdisable a...

5.7AI score0.00177EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/20 10:16 p.m.5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass through the authentication process. An attacker can maintain unauthorized access to protected resources and perform actions such as reading, modifying, or creating new accounts by using previously issued bearer...

8.6CVSS5.3AI score0.00274EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/20 10:16 p.m.3 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass through the authentication process. An attacker can maintain unauthorized access to protected resources and perform actions such as reading, modifying, or creating new accounts by using previously issued bearer...

8.6CVSS5.3AI score0.00274EPSS
Exploits1References2
NVD
NVD
added 2026/04/20 9:16 p.m.14 views

CVE-2026-32613

Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL Spring Expression Language to process information - specifically around expected artifacts. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, unlike orca, it was NOT...

9.9CVSS0.00553EPSS
Exploits0References5
NVD
NVD
added 2026/04/20 9:16 p.m.11 views

CVE-2026-32604

Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, a bad actor can execute arbitrary commands very simply on the clouddriver pods. This can expose credentials, remove files, or inject resources easily. Versions...

9.9CVSS0.00606EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/20 8:7 p.m.4 views

CVE-2026-32613

Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL Spring Expression Language to process information - specifically around expected artifacts. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, unlike orca, it was NOT...

9.9CVSS5.9AI score0.00553EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/20 8:7 p.m.7 views

CVE-2026-32613 Spinnaker vulnerable to RCE via expression parsing due to unrestricted context handling

Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL Spring Expression Language to process information - specifically around expected artifacts. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, unlike orca, it was NOT...

9.9CVSS5.9AI score0.00553EPSS
Exploits0References4
CVE
CVE
added 2026/04/20 8:7 p.m.28 views

CVE-2026-32613

Spinnaker is affected by a security issue in its use of Spring Expression Language (SPeL) where, in versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, the SPeL context was not restricted to trusted classes, allowing FULL JVM access. This enables a user to invoke arbitrary Java classes,...

9.9CVSS5.9AI score0.00553EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/04/20 8:7 p.m.30 views

CVE-2026-32613 Spinnaker vulnerable to RCE via expression parsing due to unrestricted context handling

Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL Spring Expression Language to process information - specifically around expected artifacts. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, unlike orca, it was NOT...

9.9CVSS0.00553EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/20 8:0 p.m.5 views

CVE-2026-32604 Spinnaker vulnerable to RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths

Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, a bad actor can execute arbitrary commands very simply on the clouddriver pods. This can expose credentials, remove files, or inject resources easily. Versions...

9.9CVSS6AI score0.00606EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/20 7:31 p.m.5 views

Directory Traversal

Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Directory Traversal through the files request parameter in the dataflow import parsers. An attacker with administrative privileges can read...

8.5CVSS6.6AI score0.00502EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.9 views

PT-2026-33842

Name of the Vulnerable Software and Affected Versions Spinnaker versions prior to 2026.1.0 Spinnaker versions prior to 2026.0.1 Spinnaker versions prior to 2025.4.2 Spinnaker versions prior to 2025.3.2 Description An issue in the clouddriver pods allows a bad actor to execute arbitrary commands...

9.9CVSS6AI score0.00606EPSS
Exploits0References25
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.12 views

PT-2026-33843

Name of the Vulnerable Software and Affected Versions Spinnaker versions prior to 2026.1.0 Spinnaker versions prior to 2026.0.1 Spinnaker versions prior to 2025.4.2 Spinnaker versions prior to 2025.3.2 Description Echo uses SPeL Spring Expression Language, a powerful expression language for the...

9.9CVSS5.9AI score0.00553EPSS
Exploits0References23
Tenable Nessus
Tenable Nessus
added 2026/04/19 12:0 a.m.6 views

Oracle Linux 8 : nodejs:20 (ELSA-2026-8339)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-8339 advisory. - Patch nghttp2 to version 1.68.1 and disable tests which would fail due to this change. Resolves: RHEL-154018 Fixes: CVE-2026-27135 CVE-2026-27904...

9.2CVSS6.7AI score0.26356EPSS
Exploits5References5
NVD
NVD
added 2026/04/18 2:16 a.m.4 views

CVE-2026-40490

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When redirect following is enabled followRedirecttrue, versions of AsyncHttpClient prior to 3.0.9 and 2.14.5 forward Authorization and Proxy-Authorization headers...

6.8CVSS0.00326EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/04/17 11:25 p.m.4 views

SUSE CVE-2026-40170

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport...

7.5CVSS6AI score0.00776EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/04/17 7:52 p.m.2 views

CVE-2026-32650

Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access...

7.5CVSS5.7AI score0.0021EPSS
Exploits0References4
CVE
CVE
added 2026/04/17 7:52 p.m.11 views

CVE-2026-32650

The CVE-2026-32650 entry applies to Anviz CrossChex Standard. The description states that an attacker can manipulate the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access. This highlights a credential exposure risk ...

7.5CVSS5.7AI score0.0021EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007299)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007299 advisory. In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Prevent deadlock while disabling aRFS When disabling aRFS under the priv-statelock, a...

5.5CVSS6.3AI score0.00175EPSS
Exploits0References4
Rows per page
Query Builder