33 matches found
CVE-2026-57953
Mythic before 3.4.0.60 contains an authorization bypass vulnerability that allows authenticated spectator-role users to perform unauthorized write operations by accessing the eventingimportautomaticwebhook endpoint registered under spectator-permitted middleware. Attackers with spectator role can...
EUVD-2026-40138
Mythic before 3.4.0.60 contains an authorization bypass vulnerability that allows authenticated spectator-role users to perform unauthorized write operations by accessing the eventingimportautomaticwebhook endpoint registered under spectator-permitted middleware. Attackers with spectator role can...
CVE-2026-57953
The vulnerability affects Mythic prior to version 3.4.0.60 and is due to an authorization bypass that allows authenticated spectator-role users to perform unauthorized write operations via the eventing_import_automatic_webhook endpoint registered under spectator-permitted middleware. Exploitation...
GHSA-45GG-VH54-H5M9 vulnerabilities
Vulnerabilities for packages: frankenphp-8.4, skaffold, cilium, prometheus-elasticsearch-exporter, traefik-fips, kubescape-server-fips, kubernetes, osv-scanner, skaffold-fips, keda-fips, coder, minio-fips, elastic-agent-fips, chisel, knative-serving, backup-restore-operator, chisel-fips,...
GHSA-78H2-9FRX-2JM8 vulnerabilities
Vulnerabilities for packages: sqlexporter-fips, crossplane-provider-gcp-fips, cilium, xeol-fips, cert-manager-istio-csr-fips, grype-fips, cerbos, tempo-fips, gatus, restic, kyverno-policy-reporter-plugins-kyverno, vexctl, conftest-fips, minio-fips, step-ca-fips, elastic-agent-fips,...
Konica Bizhub Multifunction Printers Server-Side Request Forgery (CVE-2024-51981)
An unauthenticated attacker may perform a blind server side request forgery SSRF, due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages the WS-Addressing feature used during a WS-Eventing subscription SOAP operation. The attacker can control al...
CVE-2019-11466
In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. This has been remedied in version 6.0.1 and now requires valid credentials to access...
EUVD-2009-0425
Malware in sbrugna...
EUVD-2019-3139
Malware in sbrugna...
EUVD-2024-54701
Malicious code in bioql PyPI...
CVE-2025-47906 vulnerabilities
Vulnerabilities for packages: kubernetes-dashboard-fips, nvidia-nsight-compute-12.9, karpenter, secrets-store-csi-driver-provider-aws-fips, k8sgpt-operator, configmap-reload-fips, mattmoor-chainit, git-lfs, sftpgo-plugin-geoipfilter, falco, blobfuse2, gostatsd, vexctl, openbao-k8s-fips,...
GHSA-GWRF-JF3H-W649 vulnerabilities
Vulnerabilities for packages: kubernetes-dashboard-fips, nvidia-nsight-compute-12.9, karpenter, secrets-store-csi-driver-provider-aws-fips, k8sgpt-operator, configmap-reload-fips, mattmoor-chainit, git-lfs, sftpgo-plugin-geoipfilter, falco, blobfuse2, gostatsd, vexctl, openbao-k8s-fips,...
CVE-2024-51981
An unauthenticated attacker may perform a blind server side request forgery SSRF, due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages the WS-Addressing feature used during a WS-Eventing subscription SOAP operation. The attacker can control al...
CVE-2024-51981 Unauthenticated Server Side Request Forgery (SSRF) via WS-Eventing affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, and Toshiba Tec, and Konica Minolta, Inc.
An unauthenticated attacker may perform a blind server side request forgery SSRF, due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages the WS-Addressing feature used during a WS-Eventing subscription SOAP operation. The attacker can control al...
CVE-2024-51981
CVE-2024-51981 describes an unauthenticated SSRF via a CLRF injection that can be exploited during a WS-Eventing SOAP subscription (WS-Addressing). The issue allows an attacker to control all HTTP data sent in the SSRF connection but cannot receive data from the connection, enabling network-bound...
GO-2023-2388 eventing-github vulnerable to denial of service caused by improper enforcement of the timeout on individual read operations in knative.dev/eventing-github
eventing-github vulnerable to denial of service caused by improper enforcement of the timeout on individual read operations in knative.dev/eventing-github...
GHSA-99JV-8292-2HPM eventing-gitlab vulnerable to denial of service, caused by improper enforcement of the timeout on individual read operations
Impact The eventing-gitlab cluster-local server doesn't set ReadHeaderTimeout which could lead do a DDoS attack, where a large group of users send requests to the server causing the server to hang for long enough to deny it from being available to other users, also know as a Slowloris...
eventing-gitlab vulnerable to denial of service, caused by improper enforcement of the timeout on individual read operations
Impact The eventing-gitlab cluster-local server doesn't set ReadHeaderTimeout which could lead do a DDoS attack, where a large group of users send requests to the server causing the server to hang for long enough to deny it from being available to other users, also know as a Slowloris...
GHSA-V7HC-87JC-QRRR eventing-github vulnerable to denial of service caused by improper enforcement of the timeout on individual read operations
Impact The eventing-github cluster-local server doesn't set ReadHeaderTimeout which could lead do a DDoS attack, where a large group of users send requests to the server causing the server to hang for long enough to deny it from being available to other users, also know as a Slowloris...
eventing-github vulnerable to denial of service caused by improper enforcement of the timeout on individual read operations
Impact The eventing-github cluster-local server doesn't set ReadHeaderTimeout which could lead do a DDoS attack, where a large group of users send requests to the server causing the server to hang for long enough to deny it from being available to other users, also know as a Slowloris...