Lucene search
K

78 matches found

Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.14 views

PT-2025-54837

A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible EDA Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the test headers field when an event stream is in test mode. The possible outcome...

6.7CVSS5.8AI score0.00167EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/12/10 6:0 p.m.16 views

event-driven-ansible: Event Stream Test Mode Exposes Sensitive Headers in AAP EDA

A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible EDA Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the testheaders field when an event stream is in test mode. The possible outcome...

6.7CVSS5.8AI score0.00167EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/12/10 6:0 p.m.13 views

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.5 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

9.1CVSS7AI score0.19396EPSS
Exploits11References7
RedHat Linux
RedHat Linux
added 2025/10/28 7:18 p.m.5 views

event-driven-ansible: Event Stream Test Mode Exposes Sensitive Headers in AAP EDA

A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible EDA Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the testheaders field when an event stream is in test mode. The possible outcome...

6.7CVSS5.8AI score0.00167EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/28 12:0 a.m.12 views

Red Hat Ansible Automation Platform Information Disclosure Vulnerability

Red Hat Ansible Automation Platform Red Hat AAP is a unified solution for strategic automation from Red Hat, Inc. An information disclosure vulnerability exists in Red Hat Ansible Automation Platform Red Hat AAP that originates from an access restriction that can be bypassed via Event Stream Test...

6.7CVSS5.8AI score0.00167EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2022-7302

Malicious code in bioql PyPI...

4.3CVSS4.7AI score0.00462EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-1934

Malicious code in bioql PyPI...

7.1CVSS6.8AI score0.0043EPSS
Exploits0References2
OSV
OSV
added 2025/02/12 7:15 p.m.4 views

UBUNTU-CVE-2025-0937

Nomad Community and Nomad Enterprise "Nomad" event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces...

7.1CVSS5.8AI score0.0043EPSS
Exploits0References3
OSV
OSV
added 2025/02/12 6:59 p.m.5 views

CVE-2025-0937 Nomad Vulnerable To Event Stream Namespace ACL Policy Bypass Through Wildcard Namespace

Nomad Community and Nomad Enterprise "Nomad" event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces...

7.1CVSS7AI score0.0043EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/02/12 6:59 p.m.17 views

CVE-2025-0937 Nomad Vulnerable To Event Stream Namespace ACL Policy Bypass Through Wildcard Namespace

Nomad Community and Nomad Enterprise "Nomad" event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces...

7.1CVSS7AI score0.0043EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/12 6:59 p.m.18 views

CVE-2025-0937 Nomad Vulnerable To Event Stream Namespace ACL Policy Bypass Through Wildcard Namespace

Nomad Community and Nomad Enterprise "Nomad" event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces...

7.1CVSS0.0043EPSS
Exploits0References1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2025/02/12 6:33 p.m.7 views

Nomad Vulnerable To Event Stream Namespace ACL Policy Bypass Through Wildcard Namespace

Summary Nomad Community and Nomad Enterprise “Nomad” event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces. This vulnerability, identified as CVE-2025-0937, is fixed in Nomad Community Edition 1.9.6 and Nomad Enterprise 1.9.6, 1.8.10, and...

7.1CVSS7AI score0.0043EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2022/12/06 5:58 p.m.36 views

CVE-2022-23466 DOM-based cross-site scripting (XSS) in teler dashboard

teler is an real-time intrusion detection and threat alert dashboard. teler prior to version 2.0.0-rc.4 is vulnerable to DOM-based cross-site scripting XSS in the teler dashboard. When teler requests messages from the event stream on the /events endpoint, the log data displayed on the dashboard a...

5.4CVSS5.4AI score0.00384EPSS
Exploits0References2
OSV
OSV
added 2022/12/06 3:36 p.m.24 views

GHSA-XR7P-8Q82-878Q teler dashboard vulnerable to DOM-based cross-site scripting (XSS)

Description teler prior to version = 2.0.0-rc.4 is vulnerable to DOM-based cross-site scripting XSS in the teler dashboard. When teler requests messages from the event stream on the /events endpoint, the log data displayed on the dashboard are not sanitized. Impact This only affects authenticated...

3.1CVSS5AI score0.00384EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/12/06 3:36 p.m.20 views

teler dashboard vulnerable to DOM-based cross-site scripting (XSS)

Description teler prior to version = 2.0.0-rc.4 is vulnerable to DOM-based cross-site scripting XSS in the teler dashboard. When teler requests messages from the event stream on the /events endpoint, the log data displayed on the dashboard are not sanitized. Impact This only affects authenticated...

5.4CVSS5AI score0.00384EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2022/12/06 12:0 a.m.5 views

Kitabisa Teler 跨站脚本漏洞

Kitabisa Teler is a software from the Kitabisa team for implementing intrusion detection and threat alerts based on web logs. A cross-site scripting vulnerability exists in versions prior to Kitabisa Teler 2.0.0-rc.4, which stems from the fact that log data displayed on the dashboard is not clean...

5.4CVSS5.3AI score0.00384EPSS
Exploits0References3
NVD
NVD
added 2022/11/10 6:15 a.m.22 views

CVE-2022-3867

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2...

4.3CVSS0.00462EPSS
Exploits0References1
OSV
OSV
added 2022/11/10 6:15 a.m.36 views

UBUNTU-CVE-2022-3867

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2...

4.3CVSS5.7AI score0.00462EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/11/10 5:45 a.m.32 views

CVE-2022-3867 Nomad Event Stream Subscriber Using a Token with TTL Receives Updates Until Garbage Collected

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2...

2.7CVSS4.8AI score0.00462EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/11/10 5:45 a.m.9 views

CVE-2022-3867 Nomad Event Stream Subscriber Using a Token with TTL Receives Updates Until Garbage Collected

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2...

2.7CVSS4.5AI score0.00462EPSS
Exploits0References1
Rows per page
Query Builder