Lucene search
K

12 matches found

CVE
CVE
added 6 days ago5 views

CVE-2026-56250

Capgo before 12.128.2 is affected. The issue enables upload-scoped API keys to modify the mutable app_versions.r2_path via PostgREST, allowing retargeting of to arbitrary R2 bundle objects. An attacker can patch r2_path to point to victim objects, soft-delete the attacker-controlled version, and ...

8.7CVSS6AI score0.00258EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago4 views

EUVD-2026-42250

Capgo before 12.128.2 allows upload-scoped API keys to modify the mutable appversions.r2path field through PostgREST, enabling retargeting to arbitrary R2 bundle objects. Attackers can patch r2path to point to victim objects, soft-delete the attacker-controlled version, and trigger the...

8.7CVSS6AI score0.00258EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 2:8 p.m.14 views

CVE-2026-5135

CVE-2026-5135 concerns Foreman and describes a broken access control vulnerability where an authenticated user with host-edit permissions can retarget an existing lookup value override to a different host by modifying the match field via nested host attributes, effectively bypassing authorisation...

6.5CVSS5.7AI score0.00242EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/03/21 12:42 a.m.9 views

CVE-2026-32043

OpenClaw has a TOCTOU vulnerability affecting versions before 2026.2.25 in the approval-bound system.run execution path. The cwd is validated at approval but resolved at execution time, allowing an attacker to retarget a symlinked cwd between approval and execution and bypass command restrictions...

7CVSS6.3AI score0.00099EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/21 12:42 a.m.28 views

CVE-2026-32043 OpenClaw < 2026.2.25 - Time-of-Check-Time-of-Use via Mutable Symlink in system.run cwd Parameter

OpenClaw versions prior to 2026.2.25 contain a time-of-check-time-of-use vulnerability in approval-bound system.run execution where the cwd parameter is validated at approval time but resolved at execution time. Attackers can retarget a symlinked cwd between approval and execution to bypass comma...

6.5CVSS0.00099EPSS
Exploits0References3
OSV
OSV
added 2026/02/26 10:49 p.m.5 views

GHSA-465P-V42X-3FMJ Sealed Secrets for Kubernetes: Rotate API Allows Scope Widening from Strict/Namespace-Wide to Cluster-Wide via Untrusted Template Annotations

This report shows a scope-widening issue in the rotate re-encrypt flow: the output scope can be derived from untrusted spec.template.metadata.annotations on the input sealed secret. If a victim sealed secret is strict- or namespace-scoped, an attacker who can submit it to the rotate endpoint can...

4.9CVSS5.6AI score0.00352EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/02/26 10:49 p.m.8 views

Sealed Secrets for Kubernetes: Rotate API Allows Scope Widening from Strict/Namespace-Wide to Cluster-Wide via Untrusted Template Annotations

This report shows a scope-widening issue in the rotate re-encrypt flow: the output scope can be derived from untrusted spec.template.metadata.annotations on the input sealed secret. If a victim sealed secret is strict- or namespace-scoped, an attacker who can submit it to the rotate endpoint can...

4.9CVSS5.5AI score0.00352EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/02/26 12:50 a.m.25 views

CVE-2026-22728 sealed-secrets /v1/rotate can widen sealing scope to cluster-wide via attacker-controlled template annotations

Bitnami Sealed Secrets is vulnerable to a scope-widening attack during the secret rotation /v1/rotate flow. The rotation handler derives the sealing scope for the newly encrypted output from untrusted spec.template.metadata.annotations present in the input SealedSecret. By submitting a victim...

4.9CVSS0.00352EPSS
Exploits0References1
OSV
OSV
added 2026/02/26 12:50 a.m.4 views

CVE-2026-22728 sealed-secrets /v1/rotate can widen sealing scope to cluster-wide via attacker-controlled template annotations

Bitnami Sealed Secrets is vulnerable to a scope-widening attack during the secret rotation /v1/rotate flow. The rotation handler derives the sealing scope for the newly encrypted output from untrusted spec.template.metadata.annotations present in the input SealedSecret. By submitting a victim...

4.9CVSS7.2AI score0.00352EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/10/03 9:34 a.m.10 views

CVE-2023-37891 WordPress Exit Popups & Onsite Retargeting by OptiMonk Plugin <= 2.0.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in OptiMonk OptiMonk: Popups, Personalization & A/B Testing plugin = 2.0.4 versions...

4.3CVSS7.1AI score0.00214EPSS
Exploits0References1
Akamai Blog
Akamai Blog
added 2023/03/22 2:0 p.m.13 views

Chatbots, Celebrities, and Victim Retargeting: Why Crypto Giveaway Scams Are Still So Successful

...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/03/11 8:50 p.m.31 views

HBO sued for sharing subscriber data with Facebook

HBO Max subscribers Angel McDaniel and Constance Simon filed a class-action lawsuit against HBO on Tuesday, alleging that the company has violated their privacy by sharing subscriber viewing data with Facebook. Bursor & Fisher filed the case on behalf of McDaniel and Simon. According to case...

0.9AI score
Exploits0
Rows per page
Query Builder