Lucene search
K

33 matches found

NVD
NVD
added 2026/06/29 6:16 p.m.11 views

CVE-2026-57953

Mythic before 3.4.0.60 contains an authorization bypass vulnerability that allows authenticated spectator-role users to perform unauthorized write operations by accessing the eventingimportautomaticwebhook endpoint registered under spectator-permitted middleware. Attackers with spectator role can...

5.4CVSS0.00249EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/29 5:21 p.m.6 views

EUVD-2026-40138

Mythic before 3.4.0.60 contains an authorization bypass vulnerability that allows authenticated spectator-role users to perform unauthorized write operations by accessing the eventingimportautomaticwebhook endpoint registered under spectator-permitted middleware. Attackers with spectator role can...

5.4CVSS5.8AI score0.00249EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 5:21 p.m.11 views

CVE-2026-57953

The vulnerability affects Mythic prior to version 3.4.0.60 and is due to an authorization bypass that allows authenticated spectator-role users to perform unauthorized write operations via the eventing_import_automatic_webhook endpoint registered under spectator-permitted middleware. Exploitation...

5.4CVSS5.8AI score0.00249EPSS
Exploits0References4Affected Software1
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.4 views

GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: frankenphp-8.4, skaffold, cilium, prometheus-elasticsearch-exporter, traefik-fips, kubescape-server-fips, kubernetes, osv-scanner, skaffold-fips, keda-fips, coder, minio-fips, elastic-agent-fips, chisel, knative-serving, backup-restore-operator, chisel-fips,...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/04/03 7:17 p.m.8 views

GHSA-78H2-9FRX-2JM8 vulnerabilities

Vulnerabilities for packages: sqlexporter-fips, crossplane-provider-gcp-fips, cilium, xeol-fips, cert-manager-istio-csr-fips, grype-fips, cerbos, tempo-fips, gatus, restic, kyverno-policy-reporter-plugins-kyverno, vexctl, conftest-fips, minio-fips, step-ca-fips, elastic-agent-fips,...

5.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/21 12:0 a.m.5 views

Konica Bizhub Multifunction Printers Server-Side Request Forgery (CVE-2024-51981)

An unauthenticated attacker may perform a blind server side request forgery SSRF, due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages the WS-Addressing feature used during a WS-Eventing subscription SOAP operation. The attacker can control al...

5.3CVSS8.4AI score0.00822EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 10:10 a.m.8 views

CVE-2019-11466

In Couchbase Server 6.0.0 and 5.5.0, the eventing service exposes system diagnostic profile via an HTTP endpoint that does not require credentials on a port earmarked for internal traffic only. This has been remedied in version 6.0.1 and now requires valid credentials to access...

5.3CVSS6.9AI score0.01106EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2009-0425

Malware in sbrugna...

7.5CVSS6.4AI score0.02043EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-3139

Malware in sbrugna...

5.3CVSS5.6AI score0.01106EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.31 views

EUVD-2024-54701

Malicious code in bioql PyPI...

5.3CVSS9.1AI score0.00822EPSS
Exploits0References6
Chainguard
Chainguard
added 2025/09/20 1:30 p.m.6 views

CVE-2025-47906 vulnerabilities

Vulnerabilities for packages: kubernetes-dashboard-fips, nvidia-nsight-compute-12.9, karpenter, secrets-store-csi-driver-provider-aws-fips, k8sgpt-operator, configmap-reload-fips, mattmoor-chainit, git-lfs, sftpgo-plugin-geoipfilter, falco, blobfuse2, gostatsd, vexctl, openbao-k8s-fips,...

6.5CVSS6.5AI score0.00489EPSS
Exploits1
Chainguard
Chainguard
added 2025/09/20 1:30 p.m.6 views

GHSA-GWRF-JF3H-W649 vulnerabilities

Vulnerabilities for packages: kubernetes-dashboard-fips, nvidia-nsight-compute-12.9, karpenter, secrets-store-csi-driver-provider-aws-fips, k8sgpt-operator, configmap-reload-fips, mattmoor-chainit, git-lfs, sftpgo-plugin-geoipfilter, falco, blobfuse2, gostatsd, vexctl, openbao-k8s-fips,...

5.9AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2025/06/25 8:15 a.m.3 views

CVE-2024-51981

An unauthenticated attacker may perform a blind server side request forgery SSRF, due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages the WS-Addressing feature used during a WS-Eventing subscription SOAP operation. The attacker can control al...

5.3CVSS7.2AI score0.00822EPSS
Exploits0References10Affected Software46
Vulnrichment
Vulnrichment
added 2025/06/25 7:23 a.m.7 views

CVE-2024-51981 Unauthenticated Server Side Request Forgery (SSRF) via WS-Eventing affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, and Toshiba Tec, and Konica Minolta, Inc.

An unauthenticated attacker may perform a blind server side request forgery SSRF, due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages the WS-Addressing feature used during a WS-Eventing subscription SOAP operation. The attacker can control al...

5.3CVSS7.5AI score0.00822EPSS
Exploits0References10
CVE
CVE
added 2025/06/25 7:23 a.m.23 views

CVE-2024-51981

CVE-2024-51981 describes an unauthenticated SSRF via a CLRF injection that can be exploited during a WS-Eventing SOAP subscription (WS-Addressing). The issue allows an attacker to control all HTTP data sent in the SSRF connection but cannot receive data from the connection, enabling network-bound...

5.3CVSS7.5AI score0.00822EPSS
Exploits0References10
OSV
OSV
added 2024/08/21 2:30 p.m.4 views

GO-2023-2388 eventing-github vulnerable to denial of service caused by improper enforcement of the timeout on individual read operations in knative.dev/eventing-github

eventing-github vulnerable to denial of service caused by improper enforcement of the timeout on individual read operations in knative.dev/eventing-github...

6.9AI score
Exploits0References5
OSV
OSV
added 2023/12/08 9:57 p.m.12 views

GHSA-99JV-8292-2HPM eventing-gitlab vulnerable to denial of service, caused by improper enforcement of the timeout on individual read operations

Impact The eventing-gitlab cluster-local server doesn't set ReadHeaderTimeout‬‭ which could lead do a DDoS‬ ‭attack, where a large group of users send requests to the server causing the server to hang‬ ‭for long enough to deny it from being available to other users, also know as a Slowloris‬...

7.1AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/12/08 9:57 p.m.13 views

eventing-gitlab vulnerable to denial of service, caused by improper enforcement of the timeout on individual read operations

Impact The eventing-gitlab cluster-local server doesn't set ReadHeaderTimeout‬‭ which could lead do a DDoS‬ ‭attack, where a large group of users send requests to the server causing the server to hang‬ ‭for long enough to deny it from being available to other users, also know as a Slowloris‬...

7.1AI score
Exploits0References4Affected Software1
OSV
OSV
added 2023/12/06 7:19 p.m.8 views

GHSA-V7HC-87JC-QRRR eventing-github vulnerable to denial of service caused by improper enforcement of the timeout on individual read operations

Impact The eventing-github cluster-local server doesn't set ReadHeaderTimeout‬‭ which could lead do a DDoS‬ ‭attack, where a large group of users send requests to the server causing the server to hang‬ ‭for long enough to deny it from being available to other users, also know as a Slowloris‬...

7.1AI score
Exploits0References6
Github Security Blog
Github Security Blog
added 2023/12/06 7:19 p.m.16 views

eventing-github vulnerable to denial of service caused by improper enforcement of the timeout on individual read operations

Impact The eventing-github cluster-local server doesn't set ReadHeaderTimeout‬‭ which could lead do a DDoS‬ ‭attack, where a large group of users send requests to the server causing the server to hang‬ ‭for long enough to deny it from being available to other users, also know as a Slowloris‬...

7.1AI score
Exploits0References6Affected Software1
Rows per page
Query Builder