Lucene search
K

4 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/13 8:12 p.m.16 views

Security Bulletin: Vault Vulnerable to Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS

Summary Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This may lead to these requests being sent to local network targets, potentially leading to information disclosure. Fixed in Vault Community Edition 2.0.0 and Vault Enterpris...

8.6CVSS5.7AI score0.00332EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2026/05/07 3:55 a.m.67 views

CVE-2026-40981

When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater...

7.5CVSS0.00435EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2024/06/15 2:12 a.m.1 views

SUSE CVE-2024-37884

Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 and that the Nextcloud Enterprise...

5.4CVSS6.8AI score0.00371EPSS
Exploits0References3
OSV
OSV
added 2022/06/15 5:15 p.m.4 views

CVE-2022-32152

Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable...

7.2CVSS5.8AI score0.00831EPSS
Exploits0References7
Rows per page
Query Builder