Lucene search
K

802 matches found

OSV
OSV
added 2026/06/26 2:55 a.m.8 views

MAL-2026-6498 Malicious code in dttfdsdee (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ae565bed85ec0db27f1ff658c7e9491591ce40edc56f423cd8b1122bc209c69c package.json declares a postinstall script that runs automatically on npm install. The script walks the entire filesystem with find to locate databas...

5.8AI score
Exploits0References7
NVD
NVD
added 2026/06/24 2:17 p.m.8 views

CVE-2026-57294

A missing permission check in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a81c3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins...

5.4CVSS0.00161EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.6 views

CVE-2026-57294

A missing permission check in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a81c3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins...

5.4CVSS5.8AI score0.00161EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.31 views

CVE-2026-57294

A missing permission check in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a81c3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins...

0.00161EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.5 views

CVE-2026-57295

A cross-site request forgery CSRF vulnerability in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a81c3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins...

5.4CVSS5.8AI score0.00128EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 1:20 p.m.7 views

EUVD-2026-38775

A missing permission check in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a81c3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins...

5.4CVSS5.8AI score0.00161EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 1:20 p.m.99 views

CVE-2026-57294

CVE-2026-57294 affects Jenkins EC2 Fleet Plugin version 4.2.3.539.v8fedff2a_81c3 and earlier, where a missing permission check allows an attacker with Overall/Read to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, potentially capturi...

5.4CVSS5.8AI score0.00161EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/22 9:1 p.m.4 views

openstack-keystone: OpenStack Keystone: Privilege escalation through EC2 credential creation

A flaw was found in OpenStack Keystone. An authenticated user with a reader role can exploit a vulnerability in the EC2 credential creation endpoint. By using a restricted application credential to call the EC2 credential creation API, the user may obtain EC2/S3 credentials that carry the full se...

5.3CVSS5.8AI score0.0022EPSS
Exploits1References7
Ubuntu
Ubuntu
added 2026/06/16 1:45 p.m.11 views

USN-8433-1: OpenStack Keystone vulnerabilities

It was discovered that OpenStack Keystone allowed restricted application credentials to create EC2 credentials. An authenticated attacker with only a reader role could possibly use this issue to bypass the role restrictions imposed on the application credential. CVE-2026-33551 It was discovered...

8.8CVSS5.8AI score0.00446EPSS
Exploits6
RedhatCVE
RedhatCVE
added 2026/06/01 4:3 p.m.14 views

CVE-2026-10177

A security vulnerability has been detected in Aider-AI Aider 0.86.3. This affects the function requests.get of the file apidocs.py of the component AWS EC2 Metadata Endpoint. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has...

6.5CVSS5.4AI score0.00209EPSS
Exploits0References1
OSV
OSV
added 2026/05/31 12:30 p.m.3 views

GHSA-HCHG-QM84-CJ9P Aider has an SSRF vulnerability through its AWS EC2 Metadata Endpoint

A security vulnerability has been detected in Aider-AI Aider 0.86.3.dev. This affects the function requests.get of the file apidocs.py of the component AWS EC2 Metadata Endpoint. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit...

6.3CVSS5.9AI score0.00209EPSS
Exploits0References8
CVE
CVE
added 2026/05/31 10:15 a.m.30 views

CVE-2026-10177

CVE-2026-10177 affects Aider-AI Aider 0.86.3, specifically the function requests.get in api_docs.py within the AWS EC2 Metadata Endpoint component. The issue enables a server-side request forgery (SSRF) and is exploitable remotely. Public disclosure has occurred, with the vulnerability categorize...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/31 10:15 a.m.36 views

CVE-2026-10177 Aider-AI Aider AWS EC2 Metadata Endpoint api_docs.py requests.get server-side request forgery

A security vulnerability has been detected in Aider-AI Aider 0.86.3. This affects the function requests.get of the file apidocs.py of the component AWS EC2 Metadata Endpoint. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has...

6.5CVSS0.00209EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/31 12:0 a.m.13 views

Aider 代码问题漏洞

Aider is an open-source terminal AI pair programming tool developed by Aider AI. Version 0.86.3 of Aider contains a code vulnerability. This vulnerability stems from the requests.get operation in the apidocs.py file of the AWS EC2 Metadata Endpoint, which leads to server-side request forgeing...

6.5CVSS6.6AI score0.00209EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/31 12:0 a.m.18 views

PT-2026-45187

A security vulnerability has been detected in Aider-AI Aider 0.86.3. This affects the function requests.get of the file api docs.py of the component AWS EC2 Metadata Endpoint. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/05/22 3:46 p.m.14 views

CVE-2026-43001

A flaw was found in OpenStack Keystone. An attacker holding an unrestricted application credential could exploit a vulnerability in the POST /v3/credentials endpoint where the caller-supplied projectid for an EC2-type credential was not validated against the project of the authenticating...

8CVSS5.8AI score0.00446EPSS
Exploits1References5
NVD
NVD
added 2026/05/11 7:16 p.m.20 views

CVE-2026-42864

FireFighter is an incident management application. Prior to 0.0.54, the POST /api/v2/firefighter/raid/jirabot endpoint CreateJiraBotView is reachable without authentication permissionclasses = permissions.AllowAny. Its attachments payload is fetched server-side via httpx.get with no URL validatio...

9.9CVSS0.00272EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/01 9:30 a.m.10 views

OpenStack Keystone has an Incorrect Authorization Issue

An issue was discovered in OpenStack Keystone 13 through 29. POST /v3/credentials did not validate that the caller-supplied projectid for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credentia...

8CVSS5.8AI score0.00446EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/05/01 9:16 a.m.3 views

PYSEC-2026-602

An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied projectid for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credentia...

8CVSS5.8AI score0.00446EPSS
Exploits1References7
EUVD
EUVD
added 2026/05/01 12:0 a.m.8 views

EUVD-2026-26488

An issue was discovered in OpenStack Keystone 13 through 29. POST /v3/credentials did not validate that the caller-supplied projectid for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credentia...

7.9CVSS5.8AI score0.00446EPSS
Exploits1References2
Rows per page
Query Builder