21 matches found
SUSE CVE-2026-41414
Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIMRSBOTPRIVATEKEY and GITHUBTOKEN contents:write. No gates prevent exploitation - any...
CVE-2026-41414
Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIMRSBOTPRIVATEKEY and GITHUBTOKEN contents:write. No gates prevent exploitation - any...
EUVD-2026-15404
When a certificate and its private key are installed in the Windows machine certificate store using Network and Security tool, access rights to the private key are unnecessarily granted to the operator group. Installations based on Panorama Suite 2025 25.00.004 are vulnerable unless...
Codra Panorama Suite 安全漏洞
Codra Panorama Suite is an industrial process monitoring software platform developed by the French company Codra. Version 25.00.004 of Codra Panorama Suite has a security vulnerability, which stems from improper granting of private key access permissions...
PT-2026-27762
When a certificate and its private key are installed in the Windows machine certificate store using Network and Security tool, access rights to the private key are unnecessarily granted to the operator group. Installations based on Panorama Suite 2025 25.00.004 are vulnerable unless...
CVE-2025-64420 Coolify members can see private key of root user
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions prior to and including v4.0.0-beta.434, low privileged users are able to see the private key of the root user on the Coolify instance. This allows them to ssh to the server and...
EUVD-2014-3227
Malware in sbrugna...
EUVD-2007-4681
Malware in sbrugna...
EUVD-2018-3003
Malware in sbrugna...
EUVD-2022-34666
Malicious code in bioql PyPI...
GHSA-4J59-VV55-Q6H3 Salt's salt.auth.pki module does not properly authenticate callers
The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication...
GHSA-46MP-8W32-6G94 Kyverno ignores subjectRegExp and IssuerRegExp
Summary Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by unexpected certificate. Details Kyverno checks only subject and issuer fields when verifying an...
PT-2024-4827 · Jetbrains · Teamcity
Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2024.03.3 Description: The issue is related to insufficient protection of registration data in the continuous integration and delivery CI/CD system, allowing a remote attacker to gain unauthorized access t...
DELL ECS Connection Manager 安全漏洞
DELL ECS Connection Manager is a software from Dell USA for managing enterprise cloud storage. A security vulnerability exists in DELL ECS Connection Manager that originates from allowing an unauthenticated attacker to access computers on the same network in an HA or cluster group via an IP...
Design/Logic Flaw
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...
HashiCorp Vault Security Breach
HashiCorp Vault is a private key access management tool from the US-based HashiCorp. A security vulnerability exists in HashiCorp Vault that stems from the presence of a denial of service vulnerability...
CVE-2022-24334
In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server...
CVE-2022-24334
In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server...
CVE-2012-1096
CVE-2012-1096 affects NetworkManager 0.9 and earlier. The flaw allows local users to access other users’ certificates or private keys when establishing a connection via a file path during addition of a new connection. This is a local-attack exposure with a confidentiality impact reported as high ...
Advantech EKI Vulnerabilities (Update B)
OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-15-344-01A Advantech EKI Vulnerabilities that was published December 15, 2015, on the NCCIC/ICS-CERT web site. --------- Begin Update B Part 1 of 3 -------- HD Moore of Rapid7 identified several vulnerabilities in...