Lucene search
K

2004 matches found

Nuclei
Nuclei
added 8 hours ago73 views

Puppet Server/PuppetDB - Sensitive Information Disclosure

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints, which may contain sensitive information when left exposed. id: CVE-2020-7943 info: name: Puppet Server/PuppetDB - Sensitive Information Disclosure author: c-sh0 severity: high...

7.5CVSS7AI score0.07884EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/07/04 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-8804

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Puppet resourceapi shipped in Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x does not preserve the sensitive flag on parameters defined via the...

6.7CVSS6AI score0.00082EPSS
Exploits0References3
NVD
NVD
added 2026/07/03 8:16 a.m.8 views

CVE-2026-8804

Puppet resourceapi shipped in Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x does not preserve the sensitive flag on parameters defined via the resource-api, causing values such as passwords to be stored in cleartext in the agent's local transaction state cache. Affected versions of th...

6.7CVSS0.00082EPSS
Exploits0References1
OSV
OSV
added 2026/07/03 8:16 a.m.3 views

UBUNTU-CVE-2026-8804

Puppet resourceapi shipped in Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x does not preserve the sensitive flag on parameters defined via the resource-api, causing values such as passwords to be stored in cleartext in the agent's local transaction state cache. Affected versions of th...

6.7CVSS6.1AI score0.00082EPSS
Exploits0References3
CVE
CVE
added 2026/07/03 7:40 a.m.22 views

CVE-2026-8804

The CVE concerns Puppet’s resource_api (bundled with Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x). A vulnerability exists where the sensitive flag on parameters defined via the resource-api is not preserved, causing values such as passwords to be stored in cleartext in the agent’s l...

6.7CVSS5.9AI score0.00082EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/03 7:40 a.m.8 views

EUVD-2026-41516

Puppet resourceapi shipped in Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x does not preserve the sensitive flag on parameters defined via the resource-api, causing values such as passwords to be stored in cleartext in the agent's local transaction state cache. Affected versions of th...

6.7CVSS5.9AI score0.00082EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/03 7:40 a.m.43 views

CVE-2026-8804 Cleartext Storage of Sensitive Information for Puppet Resource API

Puppet resourceapi shipped in Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x does not preserve the sensitive flag on parameters defined via the resource-api, causing values such as passwords to be stored in cleartext in the agent's local transaction state cache. Affected versions of th...

6.7CVSS0.00082EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/07/03 7:40 a.m.8 views

CVE-2026-8804

Puppet resourceapi shipped in Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x does not preserve the sensitive flag on parameters defined via the resource-api, causing values such as passwords to be stored in cleartext in the agent's local transaction state cache. Affected versions of th...

6.7CVSS5.9AI score0.00082EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.14 views

PT-2026-55507

Name of the Vulnerable Software and Affected Versions resource api versions 1.5.0 through 1.9.1 resource api version 2.0.0 Puppet Core versions prior to 8.20.0 Puppet Enterprise 2023.8 versions prior to 2023.8.10 Puppet Enterprise 2025 versions prior to 2025.11.0 Description The resource api does...

6.7CVSS5.9AI score0.00082EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/07 6:0 p.m.31 views

Important: Red Hat Security Advisory: Satellite 6.16.8 Async Update

An update is now available for Red Hat Satellite 6.16 for RHEL 8 and RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.8CVSS7.2AI score0.00812EPSS
Exploits3References14
The Hacker News
The Hacker News
added 2026/04/05 5:7 a.m.9 views

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent implant. "Every package...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.5 views

Azure Linux 3.0 Security Update: puppet (CVE-2015-1029)

The version of puppet installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2015-1029 advisory. - The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlie...

6.5CVSS5.6AI score0.01647EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 11:29 a.m.8 views

CVE-2021-27026

A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged...

4.4CVSS6.7AI score0.00238EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:58 a.m.8 views

CVE-2020-7944

In Continuous Delivery for Puppet Enterprise CD4PE before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report...

7.7CVSS7AI score0.00859EPSS
Exploits0References1
Veracode
Veracode
added 2025/12/13 5:3 a.m.10 views

Code Injection

org.jenkins-ci.plugins.workflow, puppet-enterprise-pipeline is vulnerable to code injection The vulnerability is due to unsafe values specified in the custom Script Security whitelist, which allows an attacker with the ability to execute Script Security-protected scripts to execute arbitrary code...

9.9CVSS7.7AI score0.0192EPSS
Exploits0References3Affected Software1
Redos
Redos
added 2025/12/03 12:0 a.m.15 views

ROS-20251203-02

A vulnerability in the Pulpcore component of the Pulp software package management platform Pulp is related to with a bug in the puppet-pulpcore configuration when using Gunicorn versions prior to 22.0. Exploitation of this vulnerability could allow an attacker acting remotely to bypass the...

9.8CVSS9.4AI score0.00814EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/10/10 12:0 a.m.5 views

RHEL 8 / 9 : Satellite 6 Client Bug Fix Update (Moderate) (RHSA-2025:17693)

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:17693 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to...

8.7CVSS7.6AI score0.01429EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/10/09 5:21 p.m.9 views

Moderate: Red Hat Security Advisory: Satellite 6 Client Bug Fix Update

Updated Satellite Client packages that fix several bugs are now available for Red Hat Satellite. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

8.7CVSS6.9AI score0.01429EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/10/08 7:24 p.m.10 views

Important: Red Hat Security Advisory: Satellite 6.16.5.4 Async Update

A new release is now available for Red Hat Satellite 6.16 for RHEL 8 and 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.8CVSS7.5AI score0.15602EPSS
Exploits5References8
RedHat Linux
RedHat Linux
added 2025/10/08 7:6 p.m.17 views

Important: Red Hat Security Advisory: Satellite 6.17.5 Async Update

A new release is now available for Red Hat Satellite 6.17 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

9.8CVSS7.2AI score0.15602EPSS
Exploits5References11
Rows per page
Query Builder