Lucene search
+L

139 matches found

osv
osv
added 2026/06/19 1:14 p.m.5 views

CVE-2026-49231 Apache APISIX: Identity spoofing issue in APISIX opa plugin

Authentication Bypass by Spoofing vulnerability in opa plugin. An attacker could relay spoofed identity headers to upstream capitalising on non-default configuration in opa plugin. This could allow the attacker to assume higher privileges on the upstream service. This issue affects Apache APISIX:...

2.3CVSS6AI score0.00359EPSS
Exploits0References4
github
github
added 2026/06/04 3:5 p.m.18 views

Nuclio: Missing authorization on project write paths allows any authenticated user to modify or delete any project

This vulnerability exists in Nuclio Dashboard's project management API, allowing any authenticated user without membership in the target project to bypass OPA authorization checks on write paths PUT /api/projects/id, DELETE /api/projects and modify or delete any project along with all its...

6AI score0.00047EPSS
Exploits0References5Affected Software1
osv
osv
added 2026/06/04 3:5 p.m.8 views

GHSA-M8XG-8XG9-MXHM Nuclio: Missing authorization on project write paths allows any authenticated user to modify or delete any project

This vulnerability exists in Nuclio Dashboard's project management API, allowing any authenticated user without membership in the target project to bypass OPA authorization checks on write paths PUT /api/projects/id, DELETE /api/projects and modify or delete any project along with all its...

8.3CVSS6AI score0.00047EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/04 12:0 a.m.16 views

PT-2026-46308

Name of the Vulnerable Software and Affected Versions Nuclio versions 1.15.26 and HEAD commit e185454 Description Nuclio Dashboard contains a missing authorization issue in its project management API. While the read path is correctly protected, the write paths fail to set MemberIds in the...

8.3CVSS5.9AI score0.00047EPSS
Exploits0References7
susecve
susecve
added 2026/03/04 12:26 a.m.5 views

SUSE CVE-2026-26205

opa-envoy-plugun is a plugin to enforce OPA policies with Envoy. Versions prior to 1.13.2-envoy-2 have a vulnerability in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as...

7.1CVSS5.9AI score0.0038EPSS
Exploits0References3
nessus
nessus
added 2026/01/22 12:0 a.m.7 views

Azure Linux 3.0 Security Update: opa (CVE-2025-46569)

The version of opa installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-46569 advisory. - Open Policy Agent OPA is an open source, general-purpose policy engine. Prior to version 1.4.0, when run as a...

7.4CVSS5.8AI score0.0036EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/01/09 12:34 p.m.12 views

CVE-2023-45822

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which a default unsafe rego built-in was allowed to be used when...

5.3CVSS7AI score0.00519EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 10:2 a.m.13 views

CVE-2011-0846

Unspecified vulnerability in the Oracle Sun Java System Access Manager Policy Agent 2.2 allows remote attackers to affect availability via unknown vectors related to Web Proxy Agent...

5CVSS6.5AI score0.01715EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/01/05 12:0 a.m.9 views

PT-2026-1334

Name of the Vulnerable Software and Affected Versions Spinnaker versions prior to 2025.1.6 Spinnaker versions prior to 2025.2.3 Spinnaker versions prior to 2025.3.0 Description Spinnaker, an open source, multi-cloud continuous delivery platform, is susceptible to server-side request forgery. This...

7.9CVSS6.6AI score0.00155EPSS
Exploits0References4
cve
cve
added 2025/10/10 10:23 p.m.21 views

CVE-2025-62159

CVE-2025-62159 affects External Secrets Operator’s BeyondTrust provider (versions 0.10.1–0.19.2). The legacy code retrieved Kubernetes secrets directly without validating namespace context or secret store type, enabling cross‑namespace secret access and security boundary violations. In version 0....

8.7CVSS6.5AI score0.00285EPSS
Exploits0References1
cvelist
cvelist
added 2025/10/10 10:23 p.m.11 views

CVE-2025-62159 External Secrets Operator's BeyondTrust Provider has Insecure Secret Retrieval

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 through 0.19.2. The provider previously...

8.7CVSS0.00285EPSS
Exploits0References1
osv
osv
added 2025/10/10 10:23 p.m.6 views

CVE-2025-62159 External Secrets Operator's BeyondTrust Provider has Insecure Secret Retrieval

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 through 0.19.2. The provider previously...

8.7CVSS6.9AI score0.00285EPSS
Exploits0References3
euvd
euvd
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-7204

Malware in sbrugna...

7.5CVSS7.6AI score0.00554EPSS
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.13 views

EUVD-2023-2711

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00519EPSS
Exploits0References6
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-5090

Malicious code in bioql PyPI...

9.2CVSS8.8AI score0.00913EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-12400

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.00973EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.9 views

EUVD-2023-12557

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.00973EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-6209

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01673EPSS
Exploits1References8
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-6789

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.0127EPSS
Exploits1References9
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-5738

Malicious code in bioql PyPI...

7.5CVSS7.9AI score0.0097EPSS
Exploits0References6
Rows per page
Query Builder