Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2026/03/06 6:4 p.m.7 views

CoreDNS ACL Bypass

A logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check Time-of-Use TOCTOU flaw. Impact In multi-tenant Kubernetes clusters, this...

7.7CVSS5.8AI score0.00385EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/03 10:23 p.m.6 views

CVE-2026-27600 HomeBox affected by Blind SSRF

HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, the notifier functionality allows authenticated users to specify arbitrary URLs to which the application sends HTTP POST requests. No validation or restriction is applied to the supplied host, IP address, or port. Although...

5CVSS6AI score0.00187EPSS
Exploits0References3
OSV
OSV
added 2018/02/15 1:29 p.m.2 views

CVE-2017-18087

The download commit resource in Atlassian Bitbucket Server from version 5.1.0 before version 5.1.7, from version 5.2.0 before version 5.2.5, from version 5.3.0 before version 5.3.3 and from version 5.4.0 before version 5.4.1 allows remote attackers to write files to disk potentially allowing them...

7.5CVSS7.4AI score0.01789EPSS
Exploits0References2
CVE
CVE
added 2018/02/15 1:0 p.m.76 views

CVE-2017-18087

The CVE-2017-18087 entry concerns Atlassian Bitbucket Server. The download commit resource vulnerability in Bitbucket Server affects 5.1.0–5.1.7, 5.2.0–5.2.5, 5.3.0–5.3.3, and 5.4.0–5.4.1. An argument injection in the at parameter can be exploited by remote attackers to write files to disk and po...

7.5CVSS8.3AI score0.01789EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder