Lucene search
K

263 matches found

EUVD
EUVD
added 2026/07/02 8:42 a.m.8 views

EUVD-2026-41271

A vulnerability was discovered on StormShield Network Security 4.3.0 to 4.3.41 included, 4.8.0 to 4.8.15 included , 5.0.0 to 5.0.5 included There is a possible leak of secret information if administration commands have been passed with the CLI command line tool. Someone with SSH access to the...

4.3CVSS5.8AI score0.00212EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/19 9:42 p.m.7 views

Insertion of Sensitive Information Into Sent Data

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data disclosure through the ParseLiveQueryServer event serialization in...

5.1CVSS6AI score0.00386EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/01 6:51 a.m.41 views

CVE-2026-45192 Apache Airflow: Incomplete Redaction of Sensitive Fields in Connection Extra API Response

A bug in the GET /api/v2/connections/connectionid REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in a Connection's extra JSON blob under field names not present in the redaction allowlist DEFAULTSENSITIVEFIELDS —...

0.0041EPSS
Exploits0References2
NVD
NVD
added 2026/05/29 4:16 p.m.19 views

CVE-2026-10101

ACM/MCE assisted-service writes raw referenced pull-secret contents into InfraEnv.status.conditions.message when pull-secret validation fails. A namespace principal with the stock view ClusterRole cannot directly read Secrets, but can read InfraEnv objects and recover the referenced Secret's...

6.3CVSS0.00182EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/29 3:23 p.m.10 views

CVE-2026-10101

ACM/MCE assisted-service writes raw referenced pull-secret contents into InfraEnv.status.conditions.message when pull-secret validation fails. A namespace principal with the stock view ClusterRole cannot directly read Secrets, but can read InfraEnv objects and recover the referenced Secret's...

6.3CVSS5.8AI score0.00182EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 3:23 p.m.13 views

EUVD-2026-33342

ACM/MCE assisted-service writes raw referenced pull-secret contents into InfraEnv.status.conditions.message when pull-secret validation fails. A namespace principal with the stock view ClusterRole cannot directly read Secrets, but can read InfraEnv objects and recover the referenced Secret's...

6.3CVSS5.8AI score0.00182EPSS
Exploits0References2
CVE
CVE
added 2026/05/29 3:23 p.m.27 views

CVE-2026-10101

The CVE-2026-10101 issue affects the OpenShift ACM/MCE assisted-service: pull-secret validation failures cause raw referenced pull-secret content to be written into InfraEnv.status.conditions[].message. A namespace viewer with only the view ClusterRole can read InfraEnv objects and reconstruct th...

6.3CVSS5.8AI score0.00182EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.16 views

PT-2026-44890

Name of the Vulnerable Software and Affected Versions ACM/MCE assisted-service affected versions not specified Description The assisted-service writes raw referenced pull-secret contents into the InfraEnv.status.conditions.message field when pull-secret validation fails. This allows a namespace...

6.3CVSS6AI score0.00182EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/19 3:54 p.m.12 views

Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the HideSecretData function that fails to mask predictedLive argument for --server-side-diff command. An attacker can extract last-applied-configuration which may...

6.3CVSS5.8AI score0.00034EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.17 views

PT-2026-41971

Name of the Vulnerable Software and Affected Versions Argo CD affected versions not specified Description An incomplete fix in the server-side diff functionality allows authenticated users to view sensitive Kubernetes Secret values. When using the argocd app diff --server-side-diff command, the...

6.3CVSS5.9AI score0.00034EPSS
Exploits0References154
GithubExploit
GithubExploit
added 2026/05/14 10:14 a.m.304 views

Lodash-CVE-poc

🔴 CVE-2019-10744 | CVE-2018-16487 | CVE-2018-3721 | CVE-2021-2...

9.1CVSS7AI score0.2241EPSS
Exploits6
SUSE CVE
SUSE CVE
added 2026/05/13 3:35 a.m.13 views

SUSE CVE-2026-43336

In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permutedstate before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permutedstate' is sufficient to compute the original 'state', and thus the key, even after the...

4.7CVSS5.8AI score0.00425EPSS
Exploits0References9
NVD
NVD
added 2026/05/07 11:16 p.m.20 views

CVE-2026-42880

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext...

9.6CVSS0.00505EPSS
Exploits2References7
ATTACKERKB
ATTACKERKB
added 2026/05/07 10:20 p.m.9 views

CVE-2026-42880

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext...

9.6CVSS5.7AI score0.00505EPSS
Exploits2References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 1:56 a.m.45 views

ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction

Summary There is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext Kubernetes Secret data from etcd via the Kubernetes API server's Server-Side Apply dry-run mechanism. Details Argo CD masks Secret...

9.6CVSS5.8AI score0.00505EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2026/05/07 1:56 a.m.4 views

GHSA-3V3M-WC6V-X4X3 ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction

Summary There is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext Kubernetes Secret data from etcd via the Kubernetes API server's Server-Side Apply dry-run mechanism. Details Argo CD masks Secret...

9.6CVSS5.8AI score0.00505EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2026/05/02 1:20 a.m.3 views

CVE-2026-43824

In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data...

7.7CVSS5.8AI score0.00225EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/02 1:20 a.m.6 views

CVE-2026-43824

In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data...

7.7CVSS5.8AI score0.00225EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/02 1:20 a.m.35 views

CVE-2026-43824

In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data...

7.7CVSS0.00225EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/22 10:6 p.m.7 views

Malicious code in xinference (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1d006f6a08c959393160456d4ace221fd165b6d609fc8356ebfb041979aef93d Versions 2.6.0, 2.6.1, 2.6.2 were compromised. Following a malicious pull request that exfiltrated sensitive data from the CI runner, three malicious PyPI...

5.4AI score
Exploits0References6
Rows per page
Query Builder