Lucene search
+L

54 matches found

RedHat Linux
RedHat Linux
added 2026/07/01 5:33 p.m.7 views

foreman: foreman: Cross-tenant private SSH key disclosure via taxonomy scoping bypass

A flaw was found in foreman. Authenticated users with 'viewkeypairs' permission can bypass taxonomy scoping, allowing them to download private SSH Secure Shell keys from other organizations by directly querying key pair IDs. This vulnerability leads to cross-tenant data exposure in multi-tenant...

6.5CVSS5.7AI score0.00253EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/01 5:31 p.m.9 views

foreman: foreman: Cross-tenant private SSH key disclosure via taxonomy scoping bypass

A flaw was found in foreman. Authenticated users with 'viewkeypairs' permission can bypass taxonomy scoping, allowing them to download private SSH Secure Shell keys from other organizations by directly querying key pair IDs. This vulnerability leads to cross-tenant data exposure in multi-tenant...

6.5CVSS5.7AI score0.00253EPSS
Exploits0References4
NVD
NVD
added 2026/07/01 3:17 p.m.9 views

CVE-2026-5142

A flaw was found in foreman. Authenticated users with 'viewkeypairs' permission can bypass taxonomy scoping, allowing them to download private SSH Secure Shell keys from other organizations by directly querying key pair IDs. This vulnerability leads to cross-tenant data exposure in multi-tenant...

6.5CVSS0.00253EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/01 2:7 p.m.38 views

CVE-2026-5142 Foreman: foreman: cross-tenant private ssh key disclosure via taxonomy scoping bypass

A flaw was found in foreman. Authenticated users with 'viewkeypairs' permission can bypass taxonomy scoping, allowing them to download private SSH Secure Shell keys from other organizations by directly querying key pair IDs. This vulnerability leads to cross-tenant data exposure in multi-tenant...

6.5CVSS0.00253EPSS
Exploits0References6
CVE
CVE
added 2026/07/01 2:7 p.m.52 views

CVE-2026-5142

CVE-2026-5142 (Foreman) : A flaw allows authenticated users with the low-privilege permission view_keypairs to bypass taxonomy scoping and download private SSH keys from other organizations by querying key pair IDs. This results in cross-tenant data exposure in multi-tenant deployments. The initi...

6.5CVSS5.7AI score0.00253EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/01 2:7 p.m.5 views

CVE-2026-5142

A flaw was found in foreman. Authenticated users with 'viewkeypairs' permission can bypass taxonomy scoping, allowing them to download private SSH Secure Shell keys from other organizations by directly querying key pair IDs. This vulnerability leads to cross-tenant data exposure in multi-tenant...

6.5CVSS5.7AI score0.00253EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/01 2:7 p.m.9 views

EUVD-2026-41002

A flaw was found in foreman. Authenticated users with 'viewkeypairs' permission can bypass taxonomy scoping, allowing them to download private SSH Secure Shell keys from other organizations by directly querying key pair IDs. This vulnerability leads to cross-tenant data exposure in multi-tenant...

6.5CVSS5.7AI score0.00253EPSS
Exploits0References4
OSV
OSV
added 2026/07/01 2:7 p.m.4 views

CVE-2026-5142 Foreman: foreman: cross-tenant private ssh key disclosure via taxonomy scoping bypass

A flaw was found in foreman. Authenticated users with 'viewkeypairs' permission can bypass taxonomy scoping, allowing them to download private SSH Secure Shell keys from other organizations by directly querying key pair IDs. This vulnerability leads to cross-tenant data exposure in multi-tenant...

6.5CVSS6AI score0.00253EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.15 views

PT-2026-54788

Name of the Vulnerable Software and Affected Versions foreman affected versions not specified Description Authenticated users with 'view keypairs' permission can bypass taxonomy scoping, which is a mechanism used to restrict access to resources based on organizational boundaries. This allows them...

6.5CVSS6AI score0.00253EPSS
Exploits0References10
OSV
OSV
added 2026/06/26 2:13 p.m.8 views

MAL-2026-6522 Malicious code in @epsteinlovekids483/crossmint-wallets-sdk-pentest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e43e5a418541bb3e485010eba536ecc9f1483dba866af53ff4a760684409213 Package's main entry dist/index.cjs unconditionally requires dist/shai-hulud.js at module load. On require, the code harvests installer secrets —...

5.9AI score
Exploits0References9
Cvelist
Cvelist
added 2026/05/15 4:51 p.m.47 views

CVE-2026-44714 bitcoinj: ScriptExecution P2PKH/P2WPKH Verification Bypass

The bitcoinj library is a Java implementation of the Bitcoin protocol. Prior to 0.17.1, ScriptExecution.correctlySpends contains two fast-path verification bugs for standard P2PKH and native P2WPKH spends in core/src/main/java/org/bitcoinj/script/ScriptExecution.java. In both branches, bitcoinj...

7.5CVSS0.0027EPSS
Exploits0References3
Veracode
Veracode
added 2025/12/23 10:2 a.m.9 views

Improper Access Control

github.com/bishopfox/sliver is vulnerable to Improper Access Control. The vulnerability is due to the custom WireGuard netstack not restricting traffic between connected clients, which allows an attacker with leaked or recovered keypairs to communicate with other implants, access exposed port...

6.3CVSS5.5AI score0.00217EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-1569

Malware in sbrugna...

5.1CVSS5.2AI score0.01403EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2001-0800

Malware in sbrugna...

7.5CVSS8AI score0.01794EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2001-1361

Malware in sbrugna...

7.5CVSS8AI score0.02949EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-1578

Malware in sbrugna...

8.5CVSS8.2AI score0.01151EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2023/11/07 11:44 p.m.27 views

rusty_paseto vulnerable to private key extraction due to ed25519-dalek dependency

Impact The vulnerability, known as RUSTSEC-2022-0093, impacts the ed25519-dalek crate, which is a dependency of the rusty-paseto crate. This issue arises from a "Double Public Key Signing Function Oracle Attack" affecting versions of ed25519-dalek prior to v2.0. These versions expose an unsafe AP...

6.5AI score
Exploits0References5Affected Software1
OSV
OSV
added 2023/11/02 9:47 p.m.34 views

GO-2023-2163 Curve KeyPairs fail to encrypt in github.com/nats-io/nkeys

Curve KeyPairs always use the same all-zeros key to encrypt data, and provide no security...

7.5CVSS7.4AI score0.00374EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:19 a.m.8 views

SUSE CVE-2019-0816

A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure SSH Keypairs Security Feature Bypass Vulnerability'...

5.1CVSS6.9AI score0.01403EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2021/10/27 12:0 a.m.27 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : cloud-init Multiple Vulnerabilities (NS-SA-2021-0151)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has cloud-init packages installed that are affected by multiple vulnerabilities: - The default cloud-init configuration, in cloud-init 0.6.2 and newer, included sshdeletekeys: 0, disabling cloud-init's deletion of ssh host keys...

7.1CVSS6.2AI score0.01403EPSS
Exploits0References9
Rows per page
Query Builder