Lucene search
K

649 matches found

CNNVD
CNNVD
added 2026/05/14 12:0 a.m.8 views

gittuf 安全漏洞

Gittuf is a cross-platform Git repository security protection tool developed by Gittuf. Versions of Gittuf prior to 0.14.0 contained security vulnerabilities. These vulnerabilities were due to a policy rollback issue, which could allow attackers to roll back the current policy to any previous...

4.9CVSS5.8AI score0.00198EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-44544

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gittuf is a platform-agnostic Git security system. Prior to 0.14.0, an attacker with push access to gittuf's Reference State Log RSL can roll back the current...

4.9CVSS5.5AI score0.00198EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/05/11 12:0 a.m.9 views

LITMUS: Benchmarking Behavioral Jailbreaks of LLM Agents in Real OS Environments

The rapid proliferation of LLM-based autonomous agents in real operating system environments introduces a new category of safety risk beyond content safety: behavior jailbreak, where an adversary induces an agent to execute dangerous OS-level operations with irreversible consequences. Existing...

5.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2026/05/08 12:37 p.m.16 views

Zero Chaos: Scaling Detection Engineering at the Speed of Software, with Detection As Code

Every engineering team in your organization ships code through a pipeline. They branch, test, review, and deploy. If something breaks, they roll back. If someone asks "what changed?", the answer is in the commit history. This isn't heroic discipline to process; it's just how software gets built...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/07 3:34 a.m.5 views

GHSA-VXVC-CG7J-RWQJ gittuf's policy can be rolled back to prior valid versions

Summary An attacker with push access to gittuf's Reference State Log RSL can roll back the current policy to any previous policy trusted by the current set of root keys. Impact gittuf determines the policy to load by inspecting the RSL. Except for the very first policy which is automatically...

6CVSS5.7AI score0.00198EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/07 3:34 a.m.10 views

gittuf's policy can be rolled back to prior valid versions

Summary An attacker with push access to gittuf's Reference State Log RSL can roll back the current policy to any previous policy trusted by the current set of root keys. Impact gittuf determines the policy to load by inspecting the RSL. Except for the very first policy which is automatically...

4.9CVSS5.7AI score0.00198EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.13 views

PT-2026-38414

Name of the Vulnerable Software and Affected Versions gittuf versions prior to 0.14.0 Description An attacker with push access to the Reference State Log RSL can roll back the current policy to any previous policy trusted by the current set of root keys. This occurs because gittuf determines the...

4.9CVSS5.8AI score0.00198EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/05/06 1:41 a.m.11 views

SUSE CVE-2026-43012

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix switchdev mode rollback in case of failure If for some internal reason switchdev mode fails, we rollback to legacy mode, before this patch, rollback will unregister the uplink netdev and leave it unregistered causin...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References5
OSV
OSV
added 2026/05/05 8:49 p.m.6 views

GHSA-7JRR-XW9C-MJ39 Nginx-UI: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollback

Summary An authenticated user can call GET /api/settings and retrieve sensitive configuration values, including node.secret. The same node.secret is accepted by AuthRequired through the X-Node-Secret header or nodesecret query parameter, causing the request to be treated as authenticated via the...

6.5CVSS5.7AI score0.00299EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/05 8:49 p.m.13 views

Nginx-UI: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollback

Summary An authenticated user can call GET /api/settings and retrieve sensitive configuration values, including node.secret. The same node.secret is accepted by AuthRequired through the X-Node-Secret header or nodesecret query parameter, causing the request to be treated as authenticated via the...

6.5CVSS5.7AI score0.00299EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/05 12:0 a.m.16 views

Nginx-UI: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollback

An authenticated user can call GET /api/settings and retrieve sensitive configuration values, including node.secret. The same node.secret is accepted by AuthRequired through the X-Node-Secret header or nodesecret query parameter, causing the request to be treated as authenticated via the...

6.5CVSS5.8AI score0.00299EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/05/04 8:8 p.m.37 views

CVE-2026-42220 nginx-ui: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollback

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, an authenticated user can call GET /api/settings and retrieve sensitive configuration values, including node.secret. The same node.secret is accepted by AuthRequired through the X-Node-Secret header or nodesecret...

6.5CVSS0.00299EPSS
Exploits1References2
CVE
CVE
added 2026/05/04 8:8 p.m.22 views

CVE-2026-42220

Nginx UI (nginx-ui) prior to version 2.3.8 exposes a vulnerability where an authenticated user can call GET /api/settings to retrieve sensitive values, including node.secret. The node.secret is accepted by AuthRequired() via the X-Node-Secret header (or node_secret query parameter), allowing the ...

6.5CVSS5.7AI score0.00299EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-43012

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/mlx5: Fix switchdev mode rollback in case of failure If for some internal reason switchdev mode fails, we rollback to legacy mode, before this patch, rollba...

5.5CVSS6.6AI score0.00122EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/01 4:24 p.m.5 views

CVE-2026-43012

A flaw was found in the Linux kernel's net/mlx5 driver. This vulnerability occurs when the switchdev mode fails to initialize or transition correctly, leading to an improper rollback to legacy mode. During this rollback, the system attempts to unregister an already unregistered uplink network...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References4
NVD
NVD
added 2026/05/01 3:16 p.m.5 views

CVE-2026-43012

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix switchdev mode rollback in case of failure If for some internal reason switchdev mode fails, we rollback to legacy mode, before this patch, rollback will unregister the uplink netdev and leave it unregistered causin...

5.5CVSS0.00122EPSS
Exploits0References4
NVD
NVD
added 2026/05/01 2:16 p.m.6 views

CVE-2026-3143

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxclicancel' function in all versions up to, and including, 1.17.1. This makes it possible for...

5.3CVSS0.00257EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/05/01 2:15 p.m.4 views

CVE-2026-43012

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix switchdev mode rollback in case of failure If for some internal reason switchdev mode fails, we rollback to legacy mode, before this patch, rollback will unregister the uplink netdev and leave it unregistered causin...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/05/01 2:15 p.m.5 views

EUVD-2026-26611

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix switchdev mode rollback in case of failure If for some internal reason switchdev mode fails, we rollback to legacy mode, before this patch, rollback will unregister the uplink netdev and leave it unregistered causin...

5.8AI score0.00122EPSS
Exploits0References4
CVE
CVE
added 2026/05/01 2:15 p.m.22 views

CVE-2026-43012

CVE-2026-43012 refers to a Linux kernel issue in the net/mlx5 driver where a failed switchdev mode rollback could cause a kernel panic during an attempted rollback to legacy mode. The public descriptions from NVD/SUSE/Red Hat detail that if switchdev mode initialization/transition fails, the code...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder