Lucene search
+L

15 matches found

osv
osv
added 2026/07/09 12:51 p.m.2 views

OESA-2026-2918 openvpn security update

OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the...

7.5CVSS7AI score0.00549EPSS
Exploits0References7
osv
osv
added 2026/07/09 12:51 p.m.3 views

OESA-2026-2917 openvpn security update

OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the...

7.5CVSS7AI score0.00549EPSS
Exploits0References7
osv
osv
added 2026/05/19 8:4 p.m.10 views

GHSA-6X44-W3XG-HQQF Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated agent token theft

Summary azureidentity.Validate verifies that the PKCS7 signer certificate chains to a trusted Azure CA but never verifies the PKCS7 signature itself. An attacker can embed a legitimate Azure certificate alongside arbitrary content e.g. "vmId":"" and the forged vmId will be accepted returning the...

9.1CVSS5.9AI score0.0026EPSS
Exploits0References9
vulnersosv
vulnersosv
added 2026/04/15 10:13 a.m.8 views

io.github.epi155:promethium-pgp-jdk5 (=0.5-B1), io.github.hWorblehat:nexus3-external-auth-plugin (=0.1.0) +220 more potentially affected by CVE-2026-3505 via org.bouncycastle:bcpg-jdk15to18 (>=1.65 <=1.82)

org.bouncycastle:bcpg-jdk15to18 MAVEN version =1.65, =4.5.0-alpha2, =4.5.0-alpha2, =4.5.0-alpha2, =4.5.0-alpha2, =4.5.0-beta3, =4.5.0-alpha2, =4.5.0-alpha2, =4.5.0-alpha2, =4.5.0-alpha2, =1.9.0, =1.9.0, =1.9.0, =1.9.0, =1.10.0 and more Source cves: CVE-2026-3505 Source advisory:...

8.7CVSS5.8AI score0.00758EPSS
Exploits0
redhatcve
redhatcve
added 2026/04/10 7:22 p.m.6 views

CVE-2026-39943

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records in directusrevisions whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta sanitization pipeline,...

6.5CVSS5.9AI score0.0017EPSS
Exploits0References1
cvelist
cvelist
added 2026/04/09 4:12 p.m.28 views

CVE-2026-39943 Directus exposes sensitive fields in revision history

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records in directusrevisions whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta sanitization pipeline,...

6.5CVSS0.0017EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/04/09 4:12 p.m.4 views

CVE-2026-39943

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records in directusrevisions whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta sanitization pipeline,...

6.5CVSS6AI score0.0017EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/04/09 4:12 p.m.4 views

CVE-2026-39943 Directus exposes sensitive fields in revision history

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records in directusrevisions whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta sanitization pipeline,...

6.5CVSS6AI score0.0017EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/04/09 4:12 p.m.3 views

CVE-2026-39943 Directus exposes sensitive fields in revision history

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records in directusrevisions whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta sanitization pipeline,...

6.5CVSS5.9AI score0.0017EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.19 views

EUVD-2022-7035

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.0067EPSS
Exploits0References7
prion
prion
added 2022/10/06 6:16 p.m.18 views

Hardcoded credentials

FlyteAdmin is the control plane for the data processing platform Flyte. Users who enable the default Flyte’s authorization server without changing the default clientid hashes will be exposed to the public internet. In an effort to make enabling authentication easier for Flyte administrators, the...

5CVSS7.6AI score0.0067EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2022/10/06 12:0 a.m.75 views

CVE-2022-39273 Default OAuth Authorization Server secret in FlyteAdmin

FlyteAdmin is the control plane for the data processing platform Flyte. Users who enable the default Flyte’s authorization server without changing the default clientid hashes will be exposed to the public internet. In an effort to make enabling authentication easier for Flyte administrators, the...

4.8CVSS7.8AI score0.0067EPSS
Exploits0References3
osv
osv
added 2022/10/06 12:0 a.m.45 views

CVE-2022-39273 Default OAuth Authorization Server secret in FlyteAdmin

FlyteAdmin is the control plane for the data processing platform Flyte. Users who enable the default Flyte’s authorization server without changing the default clientid hashes will be exposed to the public internet. In an effort to make enabling authentication easier for Flyte administrators, the...

4.8CVSS7.7AI score0.0067EPSS
Exploits0References5
cve
cve
added 2022/10/06 12:0 a.m.270 views

CVE-2022-39273

FlyteAdmin's CVE-2022-39273 describes a vulnerability in the default OAuth2 authorization server configuration. When ExternalAuthorizationServer is not specified, the default clientid hashes and a hardcoded hashed password in Flyte Admin (and propagated to the Propeller configmap in Helm charts) ...

7.5CVSS6.2AI score0.0067EPSS
Exploits0References3Affected Software1
vulnersosv
vulnersosv
added 2021/04/23 4:55 p.m.7 views

ai.catboost:catboost-spark_4.0_2.13 (=1.2.10), ai.catboost:catboost-spark_4.1_2.13 (=1.2.10) +813 more potentially affected by CVE-2021-28168 via org.glassfish.jersey.core:jersey-common (>=3.0.0 <=3.0.18)

org.glassfish.jersey.core:jersey-common MAVEN version =3.0.0, =21.1.0, =21.1.0, =2.0.14-spark-4.0, =4.43.0, =4.48.0, =2.0.0, =2.0.0, =2.0.2 and more Source cves: CVE-2021-28168 Source advisory: OSV:GHSA-C43Q-5HPJ-4CRV...

6.2CVSS6.7AI score0.00905EPSS
Exploits0
Rows per page
Query Builder