Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/12/16 5:2 a.m.5 views

CVE-2025-14777

A flaw was found in Keycloak. An IDOR Broken Access Control vulnerability exists in the admin API endpoints for authorization resource management, specifically in ResourceSetService and PermissionTicketService. The system checks authorization against the resourceServer client ID provided in the A...

6CVSS6AI score0.00315EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/10/02 11:22 p.m.2 views

SUSE CVE-2025-59538

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. For versions 2.9.0-rc1 through 2.14.19, 3.0.0-rc1 through 3.2.0-rc1, 3.1.6 and 3.0.17, when the webhook.azuredevops.username and webhook.azuredevops.password are not set in the default configuration, the /api/webhook endpoi...

5.3CVSS7AI score0.00549EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/10/01 9:9 p.m.8 views

CVE-2025-59538 Argo CD is Vulnerable to Unauthenticated Remote DoS via malformed Azure DevOps git.push webhook

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. For versions 2.9.0-rc1 through 2.14.19, 3.0.0-rc1 through 3.2.0-rc1, 3.1.6 and 3.0.17, when the webhook.azuredevops.username and webhook.azuredevops.password are not set in the default configuration, the /api/webhook endpoi...

7.5CVSS0.00549EPSS
Exploits1References2
Snyk
Snyk
added 2025/09/30 6:32 p.m.2 views

Improper Check or Handling of Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check or Handling of Exceptional Conditions in the /api/webhook endpoint. An attacker can cause the server process to crash by sending an Azure DevOps Push event with an empty resource.refUpdates array. Note: This is only...

8.7CVSS6.9AI score0.00549EPSS
Exploits1References3
Rows per page
Query Builder