Lucene search
K

21 matches found

SUSE CVE
SUSE CVE
added 2026/04/28 1:34 a.m.19 views

SUSE CVE-2026-41414

Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIMRSBOTPRIVATEKEY and GITHUBTOKEN contents:write. No gates prevent exploitation - any...

7.4CVSS5.4AI score0.00281EPSS
Exploits1References3
NVD
NVD
added 2026/04/24 7:17 p.m.7 views

CVE-2026-41414

Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIMRSBOTPRIVATEKEY and GITHUBTOKEN contents:write. No gates prevent exploitation - any...

7.4CVSS0.00281EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/25 3:31 p.m.5 views

EUVD-2026-15404

When a certificate and its private key are installed in the Windows machine certificate store using Network and Security tool, access rights to the private key are unnecessarily granted to the operator group. Installations based on Panorama Suite 2025 25.00.004 are vulnerable unless...

6.8CVSS5.8AI score0.00122EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.9 views

Codra Panorama Suite 安全漏洞

Codra Panorama Suite is an industrial process monitoring software platform developed by the French company Codra. Version 25.00.004 of Codra Panorama Suite has a security vulnerability, which stems from improper granting of private key access permissions...

7.5CVSS5.8AI score0.00122EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.6 views

PT-2026-27762

When a certificate and its private key are installed in the Windows machine certificate store using Network and Security tool, access rights to the private key are unnecessarily granted to the operator group. Installations based on Panorama Suite 2025 25.00.004 are vulnerable unless...

6.8CVSS5.8AI score0.00122EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/05 7:20 p.m.7 views

CVE-2025-64420 Coolify members can see private key of root user

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions prior to and including v4.0.0-beta.434, low privileged users are able to see the private key of the root user on the Coolify instance. This allows them to ssh to the server and...

9.9CVSS6.4AI score0.00495EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-3227

Malware in sbrugna...

2.1CVSS9.2AI score0.00376EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2007-4681

Malware in sbrugna...

7.5CVSS6.4AI score0.01759EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-3003

Malware in sbrugna...

6.5CVSS5.6AI score0.01248EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-34666

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00474EPSS
Exploits0References4
OSV
OSV
added 2025/06/13 9:30 a.m.4 views

GHSA-4J59-VV55-Q6H3 Salt's salt.auth.pki module does not properly authenticate callers

The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication...

6.4CVSS7.3AI score0.00132EPSS
Exploits0References6
OSV
OSV
added 2025/03/24 7:7 p.m.8 views

GHSA-46MP-8W32-6G94 Kyverno ignores subjectRegExp and IssuerRegExp

Summary Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by unexpected certificate. Details Kyverno checks only subject and issuer fields when verifying an...

5.8CVSS7.4AI score0.00317EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/07/01 12:0 a.m.5 views

PT-2024-4827 · Jetbrains · Teamcity

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2024.03.3 Description: The issue is related to insufficient protection of registration data in the continuous integration and delivery CI/CD system, allowing a remote attacker to gain unauthorized access t...

5.3CVSS7.4AI score0.0028EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/05/02 12:0 a.m.4 views

DELL ECS Connection Manager 安全漏洞

DELL ECS Connection Manager is a software from Dell USA for managing enterprise cloud storage. A security vulnerability exists in DELL ECS Connection Manager that originates from allowing an unauthenticated attacker to access computers on the same network in an HA or cluster group via an IP...

7.5CVSS6.5AI score0.00379EPSS
Exploits0References3
Prion
Prion
added 2024/01/31 5:15 a.m.14 views

Design/Logic Flaw

A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...

2.6CVSS6.9AI score0.00878EPSS
Exploits0References4Affected Software2
CNNVD
CNNVD
added 2023/09/29 12:0 a.m.6 views

HashiCorp Vault Security Breach

HashiCorp Vault is a private key access management tool from the US-based HashiCorp. A security vulnerability exists in HashiCorp Vault that stems from the presence of a denial of service vulnerability...

4.9CVSS6.7AI score0.00451EPSS
Exploits0References3
OSV
OSV
added 2022/02/25 3:15 p.m.4 views

CVE-2022-24334

In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server...

5.3CVSS6.1AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/02/25 3:15 p.m.6 views

CVE-2022-24334

In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server...

5.3CVSS6.1AI score0.00681EPSS
Exploits0References3
CVE
CVE
added 2020/03/10 4:36 p.m.61 views

CVE-2012-1096

CVE-2012-1096 affects NetworkManager 0.9 and earlier. The flaw allows local users to access other users’ certificates or private keys when establishing a connection via a file path during addition of a new connection. This is a local-attack exposure with a confidentiality impact reported as high ...

5.5CVSS5.4AI score0.0071EPSS
Exploits0References6Affected Software1
ICS
ICS
added 2015/12/10 12:0 a.m.413 views

Advantech EKI Vulnerabilities (Update B)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-15-344-01A Advantech EKI Vulnerabilities that was published December 15, 2015, on the NCCIC/ICS-CERT web site. --------- Begin Update B Part 1 of 3 -------- HD Moore of Rapid7 identified several vulnerabilities in...

10CVSS0.7AI score0.99999EPSS
Exploits216References20
Rows per page
Query Builder