Lucene search
K

19 matches found

Github Security Blog
Github Security Blog
added 2026/03/16 8:45 p.m.7 views

Romeo's invalid NetworkPolicy enables a malicious actor to pivot into another namespace

Impact Due to a mis-written NetworkPolicy, a malicious actor can pivot from the "hardened" namespace to any Pod out of it. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. Patch Removing the inter-ns NetworkPolicy...

10CVSS5.8AI score0.00386EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.5 views

PT-2026-25851

Name of the Vulnerable Software and Affected Versions Romeo versions prior to 0.2.1 Description Romeo is a tool designed to measure code coverage for Go applications within GitHub Actions. A misconfigured NetworkPolicy allows a malicious actor to move from the "hardened" namespace to any other Po...

10CVSS5.9AI score0.00386EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-52760

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00604EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/24 6:13 p.m.15 views

CVE-2025-48066

wire-webapp is the web application for the open-source messaging service Wire. A bug fix caused a regression causing an issue with function to delete local data. Instructing the client to delete its local database on user logout does not result in deletion. This is the case for both temporary...

6CVSS6.7AI score0.00087EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/22 5:20 p.m.11 views

CVE-2025-48066 wire-webapp has no database deletion on client logout

wire-webapp is the web application for the open-source messaging service Wire. A bug fix caused a regression causing an issue with function to delete local data. Instructing the client to delete its local database on user logout does not result in deletion. This is the case for both temporary...

6CVSS6AI score0.00087EPSS
Exploits0References2
CVE
CVE
added 2025/05/22 5:20 p.m.58 views

CVE-2025-48066

CVE-2025-48066 affects wire-webapp; a regression stopped the client from deleting local data on logout for both public and regular clients. Data could remain on the device, and in some cases encryption-at-rest cryptographic material could not be exported. The issue was fixed in wire-webapp versio...

6CVSS5.9AI score0.00087EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/11/08 3:15 p.m.11 views

CVE-2024-50378

Airflow versions before 2.10.3 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive variables were set via airflow CLI, values of those variables appeared in the audit log and were stored...

4.9CVSS5AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/06/17 12:0 a.m.8 views

PT-2024-11972

Name of the Vulnerable Software and Affected Versions Rancher versions prior to 2.7.14 Rancher versions prior to 2.8.5 Description A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider. This...

8.8CVSS6.8AI score0.00585EPSS
Exploits0References14
Cvelist
Cvelist
added 2022/08/04 5:10 p.m.37 views

CVE-2022-31132 Unauthenticated SSRF in 3rd party module "cerdic/csstidy"

Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path ./vendor/cerdic/css-tidy/cssoptimiser.php. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery SSRF. It is recommendet t...

8.3CVSS9.8AI score0.00604EPSS
Exploits0References1
OSV
OSV
added 2022/08/04 5:10 p.m.26 views

CVE-2022-31132 Unauthenticated SSRF in 3rd party module "cerdic/csstidy"

Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path ./vendor/cerdic/css-tidy/cssoptimiser.php. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery SSRF. It is recommendet t...

8.3CVSS9.2AI score0.00604EPSS
Exploits0References3
NVD
NVD
added 2021/07/22 7:15 a.m.31 views

CVE-2021-36934

An elevation of privilege vulnerability exists because of overly permissive Access Control Lists ACLs on multiple system files, including the Security Accounts Manager SAM database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An...

7.8CVSS0.67252EPSS
Exploits11References4
NVD
NVD
added 2020/10/26 6:15 p.m.16 views

CVE-2020-15271

In lookatme python/pypi package versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "fileloader" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. This is fixed in version 2.3.0. ...

9.3CVSS0.0198EPSS
Exploits1References5
OSV
OSV
added 2020/10/26 6:15 p.m.15 views

CVE-2020-15271

In lookatme python/pypi package versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "fileloader" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. This is fixed in version 2.3.0. ...

8.8CVSS8.7AI score
Exploits0References5
OSV
OSV
added 2020/10/26 6:15 p.m.18 views

PYSEC-2020-61

In lookatme python/pypi package versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "fileloader" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. This is fixed in version 2.3.0. ...

9.3CVSS4.8AI score0.0198EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:7 p.m.23 views

Security Bulletin: IBM WebSphere Application Server Liberty Profile vulnerability affects IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2015-1885)

Summary WebSphere Application Server Liberty Profile that is embedded in TADDM could allow a remote attacker to gain elevated privileges on the system when OAuth grant type of password is used. Vulnerability Details CVEID: CVE-2015-1885 DESCRIPTION: WebSphere Application Server Full Profile and...

9.3CVSS0.03437EPSS
Exploits0Affected Software1
Carbon Black Blog
Carbon Black Blog
added 2017/10/03 5:0 p.m.50 views

Cb Defense October 2017 Release Speeds Up Your Response

During a response scenario, every minute counts. The faster you can complete your investigation, the faster you can start taking corrective action. That’s why this week we’re happy to announce the October 2017 update of Cb Defense, which improves search functionality within the Cb Defense console...

6.6AI score
Exploits0
myhack58
myhack58
added 2016/11/03 12:0 a.m.55 views

On the Joomla! Content management system vulnerability briefings-vulnerability warning-the black bar safety net

Recently, the national information security vulnerabilities library CNNVD received Beijing white cap Hui Technology Co., Ltd. on Joomla! Content management system there is a security bypass vulnerabilityCNNVD-2 0 1 6 1 0-7 3 9and the remote mention the right vulnerabilityCNNVD-2 0 1 6 1 0-7 4 0in...

0.5AI score
Exploits0
securityvulns
securityvulns
added 2001/08/01 12:0 a.m.33 views

Pine / IMAP bug?

I am not sure if this is a known issue but here goes: By sending a small message by directly telnetting to port 25 and doing the following I was able to crash Pine: someone@somehost telnet some.mail.server 25 Trying xxx.xxx.xxx.xxx... Connected to some.mail.server. Escape character is '^'. 220...

7AI score
Exploits0
Packet Storm
Packet Storm
added 1999/08/17 12:0 a.m.51 views

netscape4.5-nsform.tmp.txt

02-FEB-99 - http://www.skylab.org/netscape/index.html Yet another browser bug was found late last week. This time in Netscape's Communicator 4.5. The problem appears with the way Netscape handles forms. In many cases, the browser will store data entered on a FORM in C:\WINDOWS\TEMP in a NSFORM.TM...

7.4AI score
Exploits0
Rows per page
Query Builder