Lucene search
K

806 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.11 views

CVE-2026-48861

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In lib/mint/http1/request.ex, the encoderequestline/2 function splices the caller-supplied method and target arguments directly into the HTTP/1...

2.1CVSS5.7AI score0.00166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.9 views

CVE-2026-49753

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.contentlengthheader/1 in...

6.3CVSS5.5AI score0.00301EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.10 views

CVE-2026-27349

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPFunnels Team Mail Mint allows Retrieve Embedded Sensitive Data. This issue affects Mail Mint: from n/a through 1.19.5...

4.3CVSS5.5AI score0.00171EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.11 views

CVE-2026-49754

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client HTTP/2 CONTINUATION flood. When Mint's HTTP/2 receive path observes a HEADERS frame without the ENDHEADERS flag, the unparsed...

8.2CVSS5.6AI score0.00384EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 12:16 p.m.10 views

CVE-2026-10843

A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive actions rather than being restricted to cluster-owned resources, enabling cross-scope impact after credential compromise...

7.2CVSS0.00328EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/04 12:4 p.m.9 views

CVE-2026-10843 Cloud-credential-operator: cco mint-mode credentialsrequest manifests grant account-wide iam access beyond cluster scope on aws

A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive actions rather than being restricted to cluster-owned resources, enabling cross-scope impact after credential compromise...

7.2CVSS5.7AI score0.00328EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 12:4 p.m.11 views

CVE-2026-10843

A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive actions rather than being restricted to cluster-owned resources, enabling cross-scope impact after credential compromise...

7.2CVSS5.7AI score0.00328EPSS
Exploits0References3
CVE
CVE
added 2026/06/04 12:4 p.m.20 views

CVE-2026-10843

OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS allow operator credentials to have account-wide permissions for destructive actions, rather than being restricted to cluster-owned resources. This enables cross-scope impact after credential compromise. The CVE-2026-10843 entry do...

7.2CVSS5.7AI score0.00328EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/04 12:4 p.m.37 views

CVE-2026-10843 Cloud-credential-operator: cco mint-mode credentialsrequest manifests grant account-wide iam access beyond cluster scope on aws

A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive actions rather than being restricted to cluster-owned resources, enabling cross-scope impact after credential compromise...

7.2CVSS0.00328EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/04 12:4 p.m.11 views

CVE-2026-10843

A flaw was found in the OpenShift Cloud Credential Operator Mint-mode IAM policies for AWS. Operator credentials are provisioned with account-wide scope for destructive actions rather than being restricted to cluster-owned resources, enabling cross-scope impact after credential compromise...

7.2CVSS5.8AI score0.00328EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/04 10:3 a.m.17 views

CVE-2026-48597

Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Adapter.Mint.openconn/2 converts the URL scheme of every outgoing request to a BEAM atom via String.toatomuri.scheme with no...

8.2CVSS5.8AI score0.00301EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.22 views

PT-2026-46192

Name of the Vulnerable Software and Affected Versions OpenShift Cloud Credential Operator affected versions not specified Description A flaw exists in the Mint-mode IAM policies for AWS within the OpenShift Cloud Credential Operator. Operator credentials are provisioned with account-wide scope fo...

7.2CVSS5.4AI score0.00328EPSS
Exploits0References4
NVD
NVD
added 2026/06/02 8:16 p.m.21 views

CVE-2026-48597

Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Adapter.Mint.openconn/2 converts the URL scheme of every outgoing request to a BEAM atom via String.toatomuri.scheme with no...

8.2CVSS0.00301EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/02 7:8 p.m.40 views

CVE-2026-48597 Atom table exhaustion via untrusted URL scheme in Tesla.Adapter.Mint

Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Adapter.Mint.openconn/2 converts the URL scheme of every outgoing request to a BEAM atom via String.toatomuri.scheme with no...

8.2CVSS0.00301EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/02 7:8 p.m.8 views

CVE-2026-48597 Atom table exhaustion via untrusted URL scheme in Tesla.Adapter.Mint

Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Adapter.Mint.openconn/2 converts the URL scheme of every outgoing request to a BEAM atom via String.toatomuri.scheme with no...

8.2CVSS5.8AI score0.00301EPSS
Exploits0References4
OSV
OSV
added 2026/06/02 7:8 p.m.12 views

EEF-CVE-2026-48597 Atom table exhaustion via untrusted URL scheme in Tesla.Adapter.Mint

Summary Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Adapter.Mint.openconn/2 converts the URL scheme of every outgoing request to a BEAM atom via String.toatomuri.scheme wit...

8.2CVSS5.8AI score0.00301EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:8 p.m.9 views

CVE-2026-48597

Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Adapter.Mint.openconn/2 converts the URL scheme of every outgoing request to a BEAM atom via String.toatomuri.scheme with no...

8.2CVSS5.8AI score0.00301EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/06/02 7:8 p.m.31 views

CVE-2026-48597

The vulnerability CVE-2026-48597 affects elixir-tesla (Tesla) where Tesla.Adapter.Mint.open_conn/2 converts each outgoing request URL scheme to a BEAM atom using String.to_atom(uri.scheme) without an allow-list. Since BEAM atoms are not garbage-collected, an attacker who can influence the request...

8.2CVSS5.8AI score0.00301EPSS
Exploits0References4
NVD
NVD
added 2026/06/02 4:16 p.m.19 views

CVE-2026-48861

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In lib/mint/http1/request.ex, the encoderequestline/2 function splices the caller-supplied method and target arguments directly into the HTTP/1...

2.1CVSS0.00166EPSS
Exploits0References4
NVD
NVD
added 2026/06/02 4:16 p.m.11 views

CVE-2026-48862

Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client via PUSHPROMISE flooding. In lib/mint/http2.ex, Mint.HTTP2.decodepushpromiseheadersandaddresponse/5 inserts a :reservedremote entry...

8.2CVSS0.00384EPSS
Exploits0References4
Rows per page
Query Builder