77 matches found
Exploit for CVE-2025-0133
CVE-2025-0133 Palo Alto PAN-OS reflected XSS in the GlobalPro...
Exploit for CVE-2025-69600
CVE-2025-69600 - author: Rafael José Núñez Gulías - com...
SUSE CVE-2026-24748
Kargo manages and automates the promotion of software artifacts. Prior to versions 1.8.7, 1.7.7, and 1.6.3, a bug was found with authentication checks on the GetConfig API endpoint. This allowed unauthenticated users to access this endpoint by specifying an Authorization header with any non-empty...
GO-2026-4385 Kargo's `GetConfig()` and `RefreshResource()` API endpoints allow unauthenticated access in github.com/akuity/kargo
Kargo's GetConfig and RefreshResource API endpoints allow unauthenticated access in github.com/akuity/kargo...
CVE-2026-24748
Kargo manages and automates the promotion of software artifacts. Prior to versions 1.8.7, 1.7.7, and 1.6.3, a bug was found with authentication checks on the GetConfig API endpoint. This allowed unauthenticated users to access this endpoint by specifying an Authorization header with any non-empty...
Kargo's `GetConfig()` and `RefreshResource()` API endpoints allow unauthenticated access
Impact A bug was found with authentication checks on the GetConfig API endpoint. This allowed unauthenticated users to access this endpoint by specifying an Authorization header with any non-empty Bearer token value, regardless of validity. This vulnerability did allow for exfiltration of...
GHSA-W5WV-WVRP-V5M5 Kargo's `GetConfig()` and `RefreshResource()` API endpoints allow unauthenticated access
Impact A bug was found with authentication checks on the GetConfig API endpoint. This allowed unauthenticated users to access this endpoint by specifying an Authorization header with any non-empty Bearer token value, regardless of validity. This vulnerability did allow for exfiltration of...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the GetConfig and RefreshResource API endpoints. An attacker can access sensitive configuration data or trigger excessive reconciliations by sending requests with any non-empty Bearer token in the Authorizati...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the GetConfig and RefreshResource API endpoints. An attacker can access sensitive configuration data or trigger excessive reconciliations by sending requests with any non-empty Bearer token in the Authorizati...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the GetConfig and RefreshResource API endpoints. An attacker can access sensitive configuration data or trigger excessive reconciliations by sending requests with any non-empty Bearer token in the Authorizati...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the GetConfig and RefreshResource API endpoints. An attacker can access sensitive configuration data or trigger excessive reconciliations by sending requests with any non-empty Bearer token in the Authorizati...
CVE-2026-24748
Kargo manages and automates the promotion of software artifacts. Prior to versions 1.8.7, 1.7.7, and 1.6.3, a bug was found with authentication checks on the GetConfig API endpoint. This allowed unauthenticated users to access this endpoint by specifying an Authorization header with any non-empty...
CVE-2026-24748 Kargo's `GetConfig()` and `RefreshResource()` API endpoints allow unauthenticated access
Kargo manages and automates the promotion of software artifacts. Prior to versions 1.8.7, 1.7.7, and 1.6.3, a bug was found with authentication checks on the GetConfig API endpoint. This allowed unauthenticated users to access this endpoint by specifying an Authorization header with any non-empty...
EUVD-2026-4736
Kargo manages and automates the promotion of software artifacts. Prior to versions 1.8.7, 1.7.7, and 1.6.3, a bug was found with authentication checks on the GetConfig API endpoint. This allowed unauthenticated users to access this endpoint by specifying an Authorization header with any non-empty...
CVE-2026-24748 Kargo's `GetConfig()` and `RefreshResource()` API endpoints allow unauthenticated access
Kargo manages and automates the promotion of software artifacts. Prior to versions 1.8.7, 1.7.7, and 1.6.3, a bug was found with authentication checks on the GetConfig API endpoint. This allowed unauthenticated users to access this endpoint by specifying an Authorization header with any non-empty...
PT-2026-5025
Name of the Vulnerable Software and Affected Versions Kargo versions prior to 1.8.7 Kargo versions prior to 1.7.7 Kargo versions prior to 1.6.3 Description Kargo is a tool for managing and automating the promotion of software artifacts. A flaw in authentication checks on the GetConfig API endpoin...
Kargo security vulnerabilities
Kargo is an open-source continuous delivery tool developed by Akuity. Versions of Kargo prior to 1.8.7, 1.7.7, and 1.6.3 contained security vulnerabilities. These vulnerabilities stemmed from defects in the authentication checks for the GetConfig and RefreshResource API endpoints, which could all...
PT-2025-50267
Name of the Vulnerable Software and Affected Versions MiniDVBLinux version 5.4 Description MiniDVBLinux version 5.4 has an issue allowing unauthenticated access to system configuration files. Remote attackers can obtain sensitive system configuration files through a direct object reference. The...
EUVD-2022-49813
Malicious code in bioql PyPI...
CVE-2025-56706
Edimax BR-6473AX v1.0.28 was discovered to contain a remote code execution RCE vulnerability via the Object parameter in the openwrtgetConfig function...