Lucene search
K

402 matches found

OSV
OSV
added 2026/05/18 5:39 a.m.6 views

BIT-ETCD-2026-44283 etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checks

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user...

4.3CVSS5.8AI score0.00225EPSS
Exploits0References2
Fedora
Fedora
added 2026/05/18 12:59 a.m.24 views

[SECURITY] Fedora 43 Update: valkey-8.1.7-1.fc43

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

8.8CVSS5.8AI score0.02995EPSS
Exploits4
GithubExploit
GithubExploit
added 2026/05/17 6:52 p.m.112 views

kv-cache-side-channel-poc

KV Cache Side-Channel: Cross-Tenant Timing Oracle Proof of co...

5.8AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/05/17 8:1 a.m.13 views

etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checks

...

6.5CVSS5.8AI score0.00225EPSS
Exploits0
NVD
NVD
added 2026/05/14 6:16 p.m.14 views

CVE-2026-44283

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user...

4.3CVSS0.00225EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/14 6:16 p.m.14 views

CVE-2026-44283

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user...

4.3CVSS5.8AI score0.00225EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/05/14 5:1 p.m.20 views

CVE-2026-44283

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user...

4.3CVSS5.8AI score0.00225EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/14 5:1 p.m.8 views

CVE-2026-44283

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user...

4.3CVSS5.8AI score0.00225EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-44283

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via...

4.3CVSS5.6AI score0.00225EPSS
Exploits0References3
OSV
OSV
added 2026/05/12 6:30 p.m.8 views

GHSA-MF8F-X4R3-JM8C Horovod contains an insecure deserialization vulnerability in its KVStore HTTP server component

Horovod thru 0.28.1 contains an insecure deserialization vulnerability CWE-502 in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication and authorization controls, allowing any remote attacker to write arbitrary data via HTTP PUT...

9.8CVSS6.4AI score0.00687EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.12 views

Horovod contains an insecure deserialization vulnerability in its KVStore HTTP server component

Horovod thru 0.28.1 contains an insecure deserialization vulnerability CWE-502 in its KVStore HTTP server component. The KVStore server, used for distributed task coordination, lacks authentication and authorization controls, allowing any remote attacker to write arbitrary data via HTTP PUT...

9.8CVSS6.4AI score0.00687EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.13 views

Horovod 安全漏洞

Horovod is a distributed training framework developed by Horovod OpenSource, based on TensorFlow, Keras, PyTorch, and Apache MXNet. Horovod versions 0.28.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of authentication and authorization controls in the...

9.8CVSS6.2AI score0.00687EPSS
Exploits0References2
Fedora
Fedora
added 2026/05/01 3:12 a.m.6 views

[SECURITY] Fedora 44 Update: openbao-2.5.3-1.fc44

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

7.5CVSS5.4AI score0.00651EPSS
Exploits1
Fedora
Fedora
added 2026/05/01 3:6 a.m.8 views

[SECURITY] Fedora 43 Update: openbao-2.5.3-1.fc43

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

7.5CVSS5.4AI score0.00651EPSS
Exploits1
Snyk
Snyk
added 2026/04/27 6:19 p.m.7 views

Use of Uninitialized Resource

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Use of Uninitialized Resource via the hasmambalayers function in the KV Block Handler. An attacker can cause unintended behavior by leaking data...

6.3CVSS6.2AI score0.00288EPSS
Exploits0References2
NVD
NVD
added 2026/04/27 11:16 a.m.8 views

CVE-2026-27172

The ConsulRegistry in the camel-consul component class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject without configuring an ObjectInputFilte...

8.8CVSS0.00667EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/27 9:59 a.m.8 views

CVE-2026-27172

The ConsulRegistry in the camel-consul component class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject without configuring an ObjectInputFilte...

9.8CVSS8.6AI score0.01145EPSS
Exploits3References2Affected Software1
CVE
CVE
added 2026/04/27 9:59 a.m.31 views

CVE-2026-27172

CVE-2026-27172 affects Apache Camel, Camel-Catalog: the ConsulRegistry reads Java-serialized values from the Consul KV store and deserializes them via ObjectInputStream.readObject() without an ObjectInputFilter. An attacker with write access to the backing KV store can inject a malicious serializ...

8.8CVSS6.3AI score0.00667EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/04/27 9:59 a.m.36 views

CVE-2026-27172 Apache Camel: Unsafe Java deserialization in camel-consul ConsulRegistry allows arbitrary code execution via malicious values read from the Consul KV store

The ConsulRegistry in the camel-consul component class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject without configuring an ObjectInputFilte...

0.00667EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.17 views

PT-2026-35393

The ConsulRegistry in the camel-consul component class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject without configuring an ObjectInputFilte...

6.2AI score0.00667EPSS
Exploits1References2
Rows per page
Query Builder