Lucene search
K

2051 matches found

Nuclei
Nuclei
added yesterday71 views

HashiCorp Consul/Consul Enterprise <=1.9.4 - Cross-Site Scripting

HashiCorp Consul and Consul Enterprise up to version 1.9.4 are vulnerable to cross-site scripting via the key-value KV raw mode. id: CVE-2020-25864 info: name: HashiCorp Consul/Consul Enterprise =1.9.4 - Cross-Site Scripting author: c-sh0 severity: medium description: | HashiCorp Consul and Consu...

6.1CVSS6.6AI score0.06095EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday100 views

Alibaba Sentinel - Server-side request forgery (SSRF)

There is a Pre-Auth SSRF vulnerability in Alibaba Sentinel version 1.8.2, which allows remote unauthenticated attackers to perform SSRF attacks via the /registry/machine endpoint through the ip parameter. id: CVE-2021-44139 info: name: Alibaba Sentinel - Server-side request forgery SSRF author:...

7.5CVSS7AI score0.06485EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday72 views

HashiCorp Consul/Consul Enterprise - Server-Side Request Forgery

HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11 are susceptible to server-side request forgery. When redirects are returned by HTTP health check endpoints, Consul follows these HTTP redirects by default. An attacker can possibly obtain sensitive information, modify data,...

7.5CVSS6.8AI score0.08676EPSS
Exploits0References5
EUVD
EUVD
added last week6 views

EUVD-2026-42392

HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This...

4.2CVSS6AI score0.0016EPSS
Exploits0References1
NVD
NVD
added last week7 views

CVE-2026-14362

HashiCorp memberlist before version 0.6.0 is vulnerable to a denial-of-service issue in its push/pull state handling that may allow an attacker with network access to the gossip port to exhaust memory on a receiving node and cause the process to terminate. This vulnerability CVE-2026-14362 is fix...

4.9CVSS0.00251EPSS
Exploits0References1
EUVD
EUVD
added last week5 views

EUVD-2026-42342

HashiCorp memberlist before version 0.6.0 is vulnerable to a denial-of-service issue in its push/pull state handling that may allow an attacker with network access to the gossip port to exhaust memory on a receiving node and cause the process to terminate. This vulnerability CVE-2026-14362 is fix...

4.9CVSS6AI score0.00251EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added last week7 views

CVE-2026-14362

HashiCorp memberlist before version 0.6.0 is vulnerable to a denial-of-service issue in its push/pull state handling that may allow an attacker with network access to the gossip port to exhaust memory on a receiving node and cause the process to terminate. This vulnerability CVE-2026-14362 is fix...

4.9CVSS6AI score0.00251EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/07/06 9:16 a.m.9 views

CVE-2026-46590

Deserialization of Untrusted Data vulnerability in Apache Camel PQC component. The camel-pqc component persists post-quantum key metadata KeyMetadata through pluggable KeyLifecycleManager implementations. HashicorpVaultKeyLifecycleManager and AwsSecretsManagerKeyLifecycleManager read that metadat...

8.8CVSS0.00485EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 8:3 a.m.15 views

CVE-2026-46590

CVE-2026-46590 (Apache Camel-PQC) describes a deserialization of untrusted data issue in the camel-pqc component. Hashicorp Vault and AWS Secrets Manager key lifecycle managers deserialize a Base64-wrapped value via java.io.ObjectInputStream.readObject() without an ObjectInputFilter or class allo...

8.8CVSS6.4AI score0.00485EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/07/01 8:33 p.m.13 views

CVE-2026-5051

A flaw was found in HashiCorp Vault and Vault Enterprise. The audit device validation logic did not consistently apply plugin directory protections when a legacy file audit path option was used. This inconsistency could allow an attacker to bypass security controls, potentially leading to...

4.4CVSS5.6AI score0.00278EPSS
Exploits0References4
NVD
NVD
added 2026/07/01 6:16 p.m.10 views

CVE-2026-5051

HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used. This vulnerability CVE-2026-5051 is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17...

4.4CVSS0.00278EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 6:43 p.m.3 views

GO-2026-5262 HashiCorp Vault has Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS in github.com/hashicorp/vault

HashiCorp Vault has Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS in github.com/hashicorp/vault...

8.6CVSS5.8AI score0.00332EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 6:43 p.m.4 views

GO-2026-5247 HashiCorp Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations in github.com/hashicorp/vault

HashiCorp Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations in github.com/hashicorp/vault...

7.5CVSS5.8AI score0.00718EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 6:43 p.m.4 views

GO-2026-5199 HashiCorp Vault May Expose Tokens to Auth Plugins Due to Incorrect Header Sanitization in github.com/hashicorp/vault

HashiCorp Vault May Expose Tokens to Auth Plugins Due to Incorrect Header Sanitization in github.com/hashicorp/vault...

8.8CVSS5.8AI score0.00406EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/19 4:35 p.m.8 views

OpenTofu: Possible arbitrary file read during certain git operations via a maliciously crafted URL

Impact Possible data exposure. Summary While downloading packages from a maliciously crafted URL, some git operations against that URL could allow arbitrary file read. This might allow disclosure of confidential information. Details OpenTofu relies on go-getter for downloading packages like...

7.5CVSS6AI score0.00583EPSS
Exploits1References9Affected Software1
Snyk
Snyk
added 2026/06/02 9:0 p.m.12 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/02 9:0 p.m.12 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/02 9:0 p.m.8 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/02 9:0 p.m.12 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/02 9:0 p.m.17 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...

9.8CVSS5.6AI score
Exploits0References2
Rows per page
Query Builder