Lucene search
K

49 matches found

EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42609

n8n is an open source workflow automation platform. Prior to 2.27.4 and 2.28.1, the AI Agents feature did not enforce the Allowed HTTP Request Domains restriction configured on credentials when an MCP tool was pointed at an arbitrary URL, allowing a member-level user with use-only access to a...

7.1CVSS6.1AI score0.00263EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.14 views

PT-2026-53024

Name of the Vulnerable Software and Affected Versions regclient affected versions not specified Description Authentication credentials for a registry may be leaked to external servers. This occurs when a malicious registry server, a malicious blob store, or a registry that fails to restrict...

6.8CVSS5.9AI score
Exploits0References4
NVD
NVD
added 2026/06/17 5:17 p.m.16 views

CVE-2026-53872

picklescan before 0.0.35 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to read arbitrary server files by chaining io.FileIO and urllib.request.urlopen. Attackers can bypass RCE-focused blocklists to exfiltrate sensitive data like /etc/passwd to externa...

8.7CVSS0.00509EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 3:5 p.m.12 views

CVE-2026-53872

The CVE-2026-53872 entry covers picklescan (pre-0.0.35) with an unsafe pickle deserialization flaw that allows unauthenticated attackers to read arbitrary server files by chaining io.FileIO and urllib.request.urlopen. This leads to potential exposure of sensitive data (e.g., /etc/passwd) despite ...

8.7CVSS5.6AI score0.00509EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.12 views

CVE-2026-30624

Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the application when the...

8.6CVSS6.9AI score0.00405EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/24 3:21 a.m.4 views

CVE-2026-41323 Kyverno: ServiceAccount token leaked to external servers via apiCall service URL

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has n...

8.1CVSS5.2AI score0.0056EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/24 3:21 a.m.31 views

CVE-2026-41323 Kyverno: ServiceAccount token leaked to external servers via apiCall service URL

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has n...

8.1CVSS0.0056EPSS
Exploits1References4
CVE
CVE
added 2026/04/24 3:21 a.m.19 views

CVE-2026-41323

Summary of CVE-2026-41323 : Kyverno’s ClusterPolicy apiCall feature leaks the admission controller’s ServiceAccount token by attaching it to outgoing HTTP requests without validating the target URL. This allows tokens (e.g., for the kyverno-admission-controller) to be exfiltrated to attacker-cont...

9.1CVSS5.7AI score0.0056EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/04/16 9:36 p.m.17 views

GHSA-F9G8-6PPC-PQQ4 Kyverno: ServiceAccount token leaked to external servers via apiCall service URL

Summary Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has no validation — it can point anywhere, including attacker-controlled servers. Since the admission controller SA has permissions ...

8.1CVSS5.8AI score0.0056EPSS
Exploits1References6
EUVD
EUVD
added 2026/04/15 6:31 p.m.6 views

EUVD-2026-22943

Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the application when the...

8.6CVSS6.6AI score0.00405EPSS
Exploits0References2
NVD
NVD
added 2026/04/15 4:16 p.m.10 views

CVE-2026-30624

Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the application when the...

8.6CVSS0.00405EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/15 12:0 a.m.5 views

CVE-2026-30624

Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the application when the...

6.6AI score0.00405EPSS
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2026/02/10 12:0 a.m.7 views

This Week in Spring - February 10th, 2026

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's February 10th, 2026, as I write this from lovely London, UK. I spoke at the local Java User Group here last night, had a wonderful time. Tomorrow, I'm going home. It's been fun, but it's time to conclude this roller...

5.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 11:25 a.m.6 views

CVE-2021-28910

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 contains basic SSRF vulnerability. It allow unauthenticated attackers to request to any internal and external server...

7.5CVSS7.1AI score0.01166EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/10/28 12:0 a.m.3 views

TencentOS Server 4: netavark (TSSA-2025:0782)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0782 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

3.7CVSS5.5AI score0.0029EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-22934

Malicious code in bioql PyPI...

3.7CVSS6.3AI score0.0029EPSS
Exploits0References7
Packet Storm News
Packet Storm News
added 2025/09/17 12:0 a.m.6 views

The Cybersecurity of a Humanoid Robot

The rapid advancement of humanoid robotics presents unprecedented cybersecurity challenges that existing theoretical frameworks fail to adequately address. This report presents a comprehensive security assessment of a production humanoid robot platform, bridging the gap between abstract security...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.5 views

PT-2025-36901

Name of the Vulnerable Software and Affected Versions: Lexmark devices affected versions not specified Description: A Server-Side Request Forgery SSRF vulnerability exists in the embedded web server of Lexmark devices. An attacker can exploit this issue to make the device send an arbitrary HTTP...

6.9CVSS6.2AI score0.0031EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/07/29 11:27 p.m.8 views

SUSE CVE-2025-8283

A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be us...

3.7CVSS6.8AI score0.0029EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/07/28 9:31 p.m.10 views

Netavark Has Possible DNS Resolve Confusion

A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be us...

3.7CVSS7AI score0.0029EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder