21400 matches found
CVE-2026-7805
REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-3258. Reason: This candidate is a reservation duplicate of CVE-2026-3258. Notes: All CVE users should reference CVE-2026-3258instead of this candidate. All references and descriptions in this candidate have been removed to prevent...
CVE-2026-44544 gittuf: Policy can be rolled back to prior valid version
gittuf is a platform-agnostic Git security system. Prior to 0.14.0, an attacker with push access to gittuf's Reference State Log RSL can roll back the current policy to any previous policy trusted by the current set of root keys. gittuf determines the policy to load by inspecting the RSL. Except...
CVE-2026-44544 gittuf: Policy can be rolled back to prior valid version
gittuf is a platform-agnostic Git security system. Prior to 0.14.0, an attacker with push access to gittuf's Reference State Log RSL can roll back the current policy to any previous policy trusted by the current set of root keys. gittuf determines the policy to load by inspecting the RSL. Except...
CVE-2026-44544
Summary of the vulnerability (CVE-2026-44544) : In gittuf, before version 0.14.0, an attacker with push access to the Reference State Log (RSL) could roll back the current policy to a previously trusted version by inserting an RSL entry that references an older policy. This works because policy l...
EUVD-2026-30348
gittuf is a platform-agnostic Git security system. Prior to 0.14.0, an attacker with push access to gittuf's Reference State Log RSL can roll back the current policy to any previous policy trusted by the current set of root keys. gittuf determines the policy to load by inspecting the RSL. Except...
MINI-96CP-V5G5-GC7H
Bulletin has no description...
MINI-6M55-CX88-P4GV
Bulletin has no description...
EUVD-2026-30322
Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's threadid, can execute graph runs against the user's thread, read the user's full...
CVE-2026-44504 Aegra: Cross-user run injection in /threads/{thread_id}/runs (IDOR)
Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's threadid, can execute graph runs against the user's thread, read the user's full...
MINI-MWMC-C375-M54V
Bulletin has no description...
CVE-2026-42457
vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulnerability via the name field of a templateRef. This can lead to the execution of arbitrary external...
EUVD-2026-30301
vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulnerability via the name field of a templateRef. This can lead to the execution of arbitrary external...
CVE-2026-42457
vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulnerability via the name field of a templateRef. This can lead to the execution of arbitrary external...
CVE-2026-5798
Unsafe object reference IDOR in Stel Order v3.25.1 and earlier versions, specifically in the ‘/app/FrontController’ endpoint, through manipulation of the ‘employeeID’ parameter. An authenticated attacker could exploit this vulnerability to access information about any employee first names, last...
CVE-2026-5798 Unsafe Object Reference (IDOR) vulnerability in Stel Order
Unsafe object reference IDOR in Stel Order v3.25.1 and earlier versions, specifically in the ‘/app/FrontController’ endpoint, through manipulation of the ‘employeeID’ parameter. An authenticated attacker could exploit this vulnerability to access information about any employee first names, last...
CVE-2026-5798 Unsafe Object Reference (IDOR) vulnerability in Stel Order
Unsafe object reference IDOR in Stel Order v3.25.1 and earlier versions, specifically in the ‘/app/FrontController’ endpoint, through manipulation of the ‘employeeID’ parameter. An authenticated attacker could exploit this vulnerability to access information about any employee first names, last...
CVE-2026-5798
Unsafe object reference IDOR in Stel Order v3.25.1 and earlier versions, specifically in the ‘/app/FrontController’ endpoint, through manipulation of the ‘employeeID’ parameter. An authenticated attacker could exploit this vulnerability to access information about any employee first names, last...
CVE-2026-5798
CVE-2026-5798 affects Stel Order v3.25.1 and earlier. The vulnerability is an unsafe object reference (IDOR) in the /app/FrontController endpoint, exploitable by manipulating the employeeID parameter in requests. An authenticated attacker could access information about any employee (e.g., first n...
EUVD-2026-30269
Unsafe object reference IDOR in Stel Order v3.25.1 and earlier versions, specifically in the ‘/app/FrontController’ endpoint, through manipulation of the ‘employeeID’ parameter. An authenticated attacker could exploit this vulnerability to access information about any employee first names, last...
MINI-FX66-RWG9-R4G2
Bulletin has no description...