4 matches found
CoreDNS ACL Bypass
A logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check Time-of-Use TOCTOU flaw. Impact In multi-tenant Kubernetes clusters, this...
CVE-2026-27600 HomeBox affected by Blind SSRF
HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, the notifier functionality allows authenticated users to specify arbitrary URLs to which the application sends HTTP POST requests. No validation or restriction is applied to the supplied host, IP address, or port. Although...
CVE-2017-18087
The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them...
CVE-2017-18087
The CVE-2017-18087 entry concerns Atlassian Bitbucket Server. The download commit resource vulnerability in Bitbucket Server affects 5.1.0–5.1.7, 5.2.0–5.2.5, 5.3.0–5.3.3, and 5.4.0–5.4.1. An argument injection in the at parameter can be exploited by remote attackers to write files to disk and po...