Lucene search
K

8628 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/23 7:53 p.m.5 views

CVE-2026-9073

A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, which are treated as authentication credentials, at an informational level. The other, when debug...

6.2CVSS5.8AI score0.00152EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/23 7:53 p.m.7 views

CVE-2026-9073

A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, which are treated as authentication credentials, at an informational level. The other, when debug...

6.2CVSS5.7AI score0.00152EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 7:40 p.m.7 views

CVE-2026-12112

CVE-2026-12112 affects the foreman-mcp-server MCP Server. The issue is a session management vulnerability where an improper cache of authenticated client connections allows an unauthenticated attacker to hijack active administrative sessions by trusting a non-secret session ID without re-validati...

7.8CVSS5.9AI score0.00153EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2026/06/23 2:17 p.m.11 views

CVE-2026-10609

A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...

6.8CVSS0.00236EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 1:26 p.m.8 views

EUVD-2026-38448

A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...

6.8CVSS5.8AI score0.00236EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 1:26 p.m.34 views

CVE-2026-10609 Openshift/cluster-logging-operator: cluster logging operator creates and forwards serviceaccount tokens without verifying clf creator authorization

A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...

6.8CVSS0.00236EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 1:26 p.m.8 views

CVE-2026-10609

A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...

6.8CVSS5.8AI score0.00236EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 1:26 p.m.9 views

CVE-2026-10609

The vulnerability CVE-2026-10609 affects the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, enabling a delegated editor to exfiltrate...

6.8CVSS5.8AI score0.00236EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/23 1:26 p.m.7 views

CVE-2026-10609

A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...

6.8CVSS5.9AI score0.00236EPSS
Exploits0References3
Chainguard
Chainguard
added 2026/06/23 8:17 a.m.7 views

GHSA-WFPW-MMFH-QQ69 vulnerabilities

Vulnerabilities for packages: ruby4.0-rails, logstash, kube-logging-operator, pact-broker-docker-fips, ruby3.2-rails, ruby3.4-rails, logstash-fips, pact-broker-docker, ruby3.3-rails...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:17 a.m.6 views

GHSA-WJV4-X9W8-WM3H vulnerabilities

Vulnerabilities for packages: ruby4.0-rails, logstash, kube-logging-operator, pact-broker-docker-fips, ruby3.2-rails, ruby3.4-rails, logstash-fips, pact-broker-docker, ruby3.3-rails...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:17 a.m.4 views

GHSA-P67V-3W7G-WJG7 vulnerabilities

Vulnerabilities for packages: ruby4.0-rails, logstash, kube-logging-operator, pact-broker-docker-fips, ruby3.2-rails, ruby3.4-rails, logstash-fips, pact-broker-docker, ruby3.3-rails...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:17 a.m.5 views

GHSA-9CV2-CFXC-V4V2 vulnerabilities

Vulnerabilities for packages: ruby4.0-rails, logstash, kube-logging-operator, pact-broker-docker-fips, ruby3.2-rails, ruby3.4-rails, logstash-fips, pact-broker-docker, ruby3.3-rails...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:17 a.m.5 views

GHSA-PHWJ-RPRQ-35PP vulnerabilities

Vulnerabilities for packages: ruby4.0-rails, logstash, kube-logging-operator, pact-broker-docker-fips, ruby3.2-rails, ruby3.4-rails, logstash-fips, pact-broker-docker, ruby3.3-rails...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:17 a.m.8 views

GHSA-8678-W3JW-XFC2 vulnerabilities

Vulnerabilities for packages: ruby4.0-rails, logstash, kube-logging-operator, pact-broker-docker-fips, ruby3.2-rails, ruby3.4-rails, logstash-fips, pact-broker-docker, ruby3.3-rails...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:17 a.m.7 views

GHSA-5V8H-3H3Q-446P vulnerabilities

Vulnerabilities for packages: ruby4.0-rails, logstash, kube-logging-operator, pact-broker-docker-fips, ruby3.2-rails, ruby3.4-rails, logstash-fips, pact-broker-docker, ruby3.3-rails...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:17 a.m.5 views

GHSA-5PRR-V3J2-97MH vulnerabilities

Vulnerabilities for packages: ruby4.0-rails, logstash, kube-logging-operator, pact-broker-docker-fips, ruby3.2-rails, ruby3.4-rails, logstash-fips, pact-broker-docker, ruby3.3-rails...

5.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/23 2:29 a.m.7 views

SUSE CVE-2026-12725

A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply su...

7.5CVSS6.1AI score0.00406EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.13 views

PT-2026-51592

Name of the Vulnerable Software and Affected Versions foreman-mcp-server affected versions not specified Description Two distinct logging mechanisms in the software can expose sensitive session and authentication data. One mechanism logs session identifiers, which function as authentication...

6.2CVSS5.8AI score0.00152EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.9 views

PT-2026-51588

Name of the Vulnerable Software and Affected Versions foreman-mcp-server affected versions not specified Red Hat Satellite affected versions not specified Description A session management issue in the MCP Server allows unauthenticated attackers to hijack active administrative sessions. This occur...

7.8CVSS5.9AI score0.00153EPSS
Exploits0References8
Rows per page
Query Builder