225 matches found
CVE-2026-11807
A missing authorization vulnerability was found in the Event-Driven Ansible EDA websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker messages. Any authenticated user can send a forged message with an arbitrary activationid to receive...
EUVD-2026-38598
A missing authorization vulnerability was found in the Event-Driven Ansible EDA websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker messages. Any authenticated user can send a forged message with an arbitrary activationid to receive...
CVE-2026-11807
A missing authorization vulnerability was found in the Event-Driven Ansible EDA websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker messages. Any authenticated user can send a forged message with an arbitrary activationid to receive...
CVE-2026-11807
CVE-2026-11807 affects Event-Driven Ansible (EDA) websocket API. The /api/eda/ws/ansible-rulebook endpoint fails to verify permissions when processing Worker messages, permitting any authenticated user to forge a message with an arbitrary activation_id and access plaintext credentials tied to tha...
PT-2026-51585
Name of the Vulnerable Software and Affected Versions Event-Driven Ansible affected versions not specified Description A missing authorization issue exists in the websocket API. The '/api/eda/ws/ansible-rulebook' endpoint fails to verify user permissions when processing Worker messages. This allo...
ecommerce-poc
Event-Driven E-Commerce Saga POC This project is a small even...
cisco-hypershield
Ansible Collection: stevefulme1.ciscohypershield Ansible Col...
Event-Driven Vulnerability Exposure Management (VEM): Why you should move beyond Human Triggers
& The traditional approach to vulnerability management has long followed a familiar pattern: security teams log into their vulnerability management platforms, run scans, generate reports, analyze findings, and then prioritize remediation efforts. Rinse and repeat. While this on-demand model has...
EUVD-2025-208132
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible EDA Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the testheaders field when an event stream is in test mode. The possible outcome...
CVE-2025-9908
The CVE-2025-9908 entry concerns Red Hat Ansible Automation Platform (AAP) Event-Driven Ansible (EDA) Event Streams. A authenticated user can exfiltrate sensitive internal headers (e.g., X-Trusted-Proxy, X-Envoy-*) and event stream URLs through crafted requests and job templates, enabling header ...
CVE-2025-9908 Event-driven-ansible: sensitive internal headers disclosure in aap eda event streams
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible EDA Event Streams. This vulnerability allows an authenticated user to gain access to sensitive internal infrastructure headers such as X-Trusted-Proxy and X-Envoy- and event stream URLs via crafted requests and job...
CVE-2025-9907
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible EDA Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the testheaders field when an event stream is in test mode. The possible outcome...
PT-2025-54838
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible EDA Event Streams. This vulnerability allows an authenticated user to gain access to sensitive internal infrastructure headers such as X-Trusted-Proxy and X-Envoy- and event stream URLs via crafted requests and job...
[SECURITY] Fedora 43 Update: nodejs20-20.20.0-2.fc43
Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...
[SECURITY] Fedora 43 Update: nodejs22-22.22.0-2.fc43
Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...
[SECURITY] Fedora 42 Update: nodejs20-20.20.0-2.fc42
Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...
CVE-2025-68476 KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential
KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The...
Architecture Patterns That Enable Cycode alternatives at Scale
Guide to scale ready code security with event driven scans unified data and API first design for large teams seeking strong growth aligned control...
event-driven-ansible: Sensitive Internal Headers Disclosure in AAP EDA Event Streams
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible EDA Event Streams. This vulnerability allows an authenticated user to gain access to sensitive internal infrastructure headers such as X-Trusted-Proxy and X-Envoy- and event stream URLs via crafted requests and job...
event-driven-ansible: Event Stream Test Mode Exposes Sensitive Headers in AAP EDA
A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible EDA Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the testheaders field when an event stream is in test mode. The possible outcome...