Lucene search
+L

91 matches found

nvd
nvd
added yesterday4 views

CVE-2026-62378

RustFS Console is a web management console for the RustFS distributed file system. From 0.1.7 until 0.1.10, the RustFS Console components/object/preview-modal.tsx and components/object/pdf-viewer.tsx extension-based PDF preview path can render HTML content uploaded as .pdf, allowing stored...

9CVSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/07/01 12:0 a.m.14 views

PT-2026-55201

Name of the Vulnerable Software and Affected Versions SUSE Rancher Fleet versions prior to 0.15.2 SUSE Rancher Fleet versions prior to 0.14.6 SUSE Rancher Fleet versions prior to 0.13.11 SUSE Rancher Fleet versions prior to 0.12.15 Description Missing validation of valuesFrom references in the He...

9.9CVSS5.8AI score0.00585EPSS
Exploits0References8
nvd
nvd
added 2026/06/30 8:17 p.m.6 views

CVE-2026-10134

IBM Langflow OSS 1.0.0 through 1.9.3 allows an attacker to read every secret available to the Langflow process, read and modify every flow, conversation, message, file upload, and saved component in the Langflow database, can connect to internal services, abuse cloud metadata endpoints, laterally...

10CVSS0.00314EPSS
Exploits0References1
osv
osv
added 2026/06/30 6:20 p.m.5 views

GHSA-8WCJ-MFRC-JX5Q Fission builder pods auto-mount the fission-builder ServiceAccount token in the user-supplied builder container

Summary Fission builder pods were created with ServiceAccountName: fission-builder and no AutomountServiceAccountToken: false, so the kubelet auto-mounted the service-account token into every container in the pod — including the user-supplied builder image. Details The user controls the builder...

4.9CVSS5.8AI score0.00255EPSS
Exploits0References6
osv
osv
added 2026/06/30 6:15 p.m.4 views

GHSA-VJHC-CF4P-72Q4 Fission: Cross-namespace Environment reference in Package allows build-time command execution and SA token exfiltration

Summary Fission's buildermgr controller processed Package CRDs without verifying that Package.spec.environment.namespace matched Package.metadata.namespace. Details An attacker with packages.fission.io/create in their own namespace could set spec.environment.namespace to any other tenant's...

7.7CVSS5.9AI score0.00231EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/30 12:0 a.m.15 views

PT-2026-53956

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.9.3 Description A code injection flaw allows an unauthenticated remote attacker to gain full control over the system without user interaction. This enables the attacker to read all secrets available to...

10CVSS5.9AI score0.00314EPSS
Exploits0References7
nvd
nvd
added 2026/06/25 5:16 a.m.7 views

CVE-2026-11379

GitLab has remediated an issue in GitLab EE affecting all versions from 13.11 prior to 18.11.6, 19.0 prior to 19.0.3, and 19.1 prior to 19.1.1 in which incorrect authorization in DAST site profile management could allow a user with Developer role to exfiltrate DAST site profile secrets under...

5.3CVSS0.00188EPSS
Exploits0References2
cve
cve
added 2026/06/24 12:0 a.m.19 views

CVE-2026-49269

Apple M1 GPUs expose a cross-process register state leakage: a sandboxed Metal attacker can read stale values from another sandboxed process’s compute shader dispatches, potentially recovering a 128-bit secret that was loaded into GPU registers. In proof-of-concept, a victim app writes a fresh se...

8.6CVSS5.8AI score0.00303EPSS
Exploits0References1
nvd
nvd
added 2026/06/12 4:16 p.m.14 views

CVE-2026-47190

IPAM is the IP address Manager for Cluster API Provider Metal3. Prior to versions 1.11.7, 1.12.4, and 1.13.0, the IPAM controller's ClusterRole granted full CRUD permissions create, delete, get, list, patch, update, watch on core/v1 Secrets. The controller never accesses Secrets during normal...

4.4CVSS0.00333EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/06/12 2:49 p.m.12 views

CVE-2026-47190 IPAM controller service account granted unnecessary full access to Secrets

IPAM is the IP address Manager for Cluster API Provider Metal3. Prior to versions 1.11.7, 1.12.4, and 1.13.0, the IPAM controller's ClusterRole granted full CRUD permissions create, delete, get, list, patch, update, watch on core/v1 Secrets. The controller never accesses Secrets during normal...

4.4CVSS5.2AI score0.00333EPSS
Exploits0References4
cvelist
cvelist
added 2026/06/11 6:19 p.m.30 views

CVE-2026-45178 Idira Secrets Manager Self-Hosted: Improper Access Control in Internal Cluster Endpoints

Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could leverage these endpoints to potentially retrieve unauthorized secrets or cause a denial ...

8.4CVSS0.00361EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/10 5:20 p.m.32 views

CVE-2026-46617 Fission runtime pods automount the fission-fetcher service-account token into the user function container, granting function code namespace-wide secret / configmap read

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, Fission runtime pods were created with ServiceAccountName: fission-fetcher, and the fission-fetcher ServiceAccount was granted...

8.7CVSS0.00276EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/06/05 7:17 p.m.10 views

CVE-2026-6389

IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker that compromises the operator or its service account can exfiltrate sensitive credentials,...

8.8CVSS5.5AI score0.00106EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/02 4:1 p.m.14 views

CVE-2026-45040

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUSTLOG=debug sensitive credentials including SessionToken JWT, SecretAccessKey, and full JWT claims are printed in...

5.3CVSS5.8AI score0.00152EPSS
Exploits0References1
osv
osv
added 2026/05/28 6:35 p.m.3 views

CVE-2026-45040 RustFS: Sensitive Information Leakage (SessionToken and SecretAccessKey) in RustFS Logs [Debug Mode]

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUSTLOG=debug sensitive credentials including SessionToken JWT, SecretAccessKey, and full JWT claims are printed in...

5.3CVSS5.9AI score0.00152EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/05/28 6:35 p.m.9 views

CVE-2026-45040 RustFS: Sensitive Information Leakage (SessionToken and SecretAccessKey) in RustFS Logs [Debug Mode]

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUSTLOG=debug sensitive credentials including SessionToken JWT, SecretAccessKey, and full JWT claims are printed in...

5.3CVSS5.8AI score0.00152EPSS
Exploits0References1
euvd
euvd
added 2026/05/28 6:35 p.m.15 views

EUVD-2026-32997

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUSTLOG=debug sensitive credentials including SessionToken JWT, SecretAccessKey, and full JWT claims are printed in...

5.3CVSS5.8AI score0.00152EPSS
Exploits0References1
cve
cve
added 2026/05/28 6:35 p.m.50 views

CVE-2026-45040

RustFS (Rust-based distributed object storage) prior to version 1.0.0-beta.2 leaks sensitive credentials in logs when RUST_LOG=debug, including SessionToken (JWT), SecretAccessKey, and full JWT claims. The issue’s impact is information disclosure in server logs. Mitigation is upgrading to 1.0.0-b...

5.3CVSS5.8AI score0.00152EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/28 12:0 a.m.14 views

PT-2026-44468

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUST LOG=debug sensitive credentials including SessionToken JWT, SecretAccessKey, and full JWT claims are printed in...

5.3CVSS5.8AI score0.00152EPSS
Exploits0References2
cve
cve
added 2026/05/19 7:17 p.m.25 views

CVE-2026-42526

The CVE-2026-42526 vulnerability affects apache-airflow-providers-amazon backends for AWS Secrets Manager and SSM Parameter Store prior to 9.28.0. The team-scoping logic could resolve a conn_id containing a slash (for example a_team/conn) to the same path as another team’s secret when the caller ...

5.3CVSS5.8AI score0.00413EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder