Lucene search
K

1281 matches found

OSV
OSV
added 2026/06/29 6:2 a.m.4 views

BIT-GITLAB-2026-5796 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with Reporter-level group permissions to view package metadata from projects with the...

4.3CVSS5.8AI score0.00193EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 5:16 a.m.14 views

CVE-2026-5796

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with Reporter-level group permissions to view package metadata from projects with the...

4.3CVSS0.00193EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 4:34 a.m.5 views

EUVD-2026-39174

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with Reporter-level group permissions to view package metadata from projects with the...

4.3CVSS5.9AI score0.00193EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 4:34 a.m.101 views

CVE-2026-5796

GitLab CE/EE contains a fixed vulnerability (CVE-2026-5796) that could allow an authenticated user with Reporter-level group permissions to view package metadata from projects when the Package Registry is disabled. Affected versions include all 13.6.x prior to 18.11.6, 19.0.x prior to 19.0.3, and...

4.3CVSS5.9AI score0.00193EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:34 a.m.80 views

CVE-2026-5796

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with Reporter-level group permissions to view package metadata from projects with the...

4.3CVSS5.9AI score0.00193EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/25 4:34 a.m.37 views

CVE-2026-5796 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with Reporter-level group permissions to view package metadata from projects with the...

4.3CVSS0.00193EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.13 views

PT-2026-52205

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 13.6 through 18.11.5 GitLab CE/EE versions 19.0 through 19.0.2 GitLab CE/EE versions 19.1 through 19.1.0 Description Incorrect authorization checks in the group packages feature allow an authenticated user with...

4.3CVSS5.8AI score0.00193EPSS
Exploits0References7
OSV
OSV
added 2026/06/24 4:13 a.m.8 views

MAL-2026-6369 Malicious code in hardhat-test-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 741350b4472a82c53151793b413166a5fad36af3d2d14fa1d12afba9eccb9fed Package impersonates the well-known eth-gas-reporter / hardhat-gas-reporter packages: README is titled 'eth-test-log', copies badges and contributor...

6.4AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 8:8 a.m.15 views

Malicious code in ethereum-gas-reporter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7303c828115a527d477ea14684b3015e43fdcd36a7fa94041c16ccb3c2fbcfcc index.js line 144 contains require'chai-assert-kit' appended after the module's normal exports, with no other reference to chai-assert-kit anywhere i...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/19 8:8 a.m.12 views

MAL-2026-6202 Malicious code in ethereum-gas-reporter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7303c828115a527d477ea14684b3015e43fdcd36a7fa94041c16ccb3c2fbcfcc index.js line 144 contains require'chai-assert-kit' appended after the module's normal exports, with no other reference to chai-assert-kit anywhere i...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/11 12:37 a.m.8 views

CLEANSTART-2026-KV53168 Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU

Security vulnerability affects the kyverno-policy-reporter-kyverno-plugin package. Decoding a maliciously-crafted MIME header containing many invalid encoded-words can consume excessive CPU...

9.8CVSS5.5AI score0.0056EPSS
Exploits0References3
Chainguard
Chainguard
added 2026/06/04 7:17 p.m.13 views

CVE-2026-40898 vulnerabilities

Vulnerabilities for packages: kyverno-policy-reporter-plugins-trivy-fips, kube-metrics-adapter-fips, prometheus-blackbox-exporter, kyverno-policy-reporter-plugins-trivy, k3s, syncthing, spegel, jitsucom-bulker, coredns, kyverno-policy-reporter-fips, opentelemetry-operator-fips,...

7.5CVSS6.1AI score0.00279EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/04 7:17 p.m.8 views

GHSA-VVGJ-X9JQ-8CJ9 vulnerabilities

Vulnerabilities for packages: kyverno-policy-reporter-plugins-trivy-fips, kube-metrics-adapter-fips, prometheus-blackbox-exporter, kyverno-policy-reporter-plugins-trivy, k3s, syncthing, spegel, jitsucom-bulker, coredns, kyverno-policy-reporter-fips, opentelemetry-operator-fips,...

6.1AI score
Exploits0
Snyk
Snyk
added 2026/06/01 3:13 p.m.8 views

Malicious Package

Overview nemo-reporter is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/01 2:5 p.m.17 views

Nezha's authenticated agents can forge service-monitor results for other users' services

Summary Nezha accepts service-monitor TaskResult messages from an authenticated agent based only on whether the reported service ID exists. The dashboard authenticates the agent and derives the reporter server ID from the gRPC stream, but the service-monitor result worker does not verify that the...

7.1CVSS5.8AI score0.00266EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.15 views

PT-2026-45493

Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 0.20.0 through 2.0.11 Description Authenticated agents can forge service-monitor results for services belonging to other users. The system accepts TaskResult messages from an authenticated agent based solely on whethe...

7.1CVSS5.4AI score0.00266EPSS
Exploits0References8
OSV
OSV
added 2026/05/28 6:55 p.m.11 views

GHSA-7J6W-VVW2-5F9C OpenBao's Kerberos Auth Method Accumulates Unaccessible Tokens

Impact In OpenBao's Kerberos auth method on the GET handler, or when an Authorization: Negotiate header is supplied, the response is includes a logical.Auth object in addition to an error message. This results in tokens being created with only the default policy, default TTL, and no entity...

5.3CVSS5.8AI score0.00083EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/28 8:44 a.m.12 views

Malicious code in nemo-reporter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 42a43ec0a345170ad191fa1c25bdd4000595aa8ce733c6b9c69de6b65a1defb2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/28 8:44 a.m.10 views

MAL-2026-4836 Malicious code in nemo-reporter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 42a43ec0a345170ad191fa1c25bdd4000595aa8ce733c6b9c69de6b65a1defb2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/28 3:56 a.m.14 views

SUSE CVE-2026-45907

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix deadlocks between devlink and netdev instance locks In the mentioned "Fixes" commit, various work tasks triggering devlink health reporter recovery were switched to use netdevtrylock to protect against concurrent...

5.8AI score0.00118EPSS
Exploits0References3
Rows per page
Query Builder