Lucene search
K

246 matches found

OSV
OSV
added 2026/06/30 6:19 p.m.5 views

GHSA-GX55-F84R-V3R7 Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape

Summary Fission's Environment CRD exposes spec.runtime.podSpec and spec.builder.podSpec, which are merged into the Kubernetes pod specs for runtime and builder pods. The merge logic propagated hostNetwork, hostPID, hostIPC, container privileged, and serviceAccountName from the user-supplied podsp...

9.9CVSS5.8AI score0.00274EPSS
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2026/05/09 8:1 a.m.28 views

xfrm: esp: avoid in-place decrypt on shared skb frags

...

8.8CVSS6AI score0.93235EPSS
Exploits31
OSV
OSV
added 2026/05/05 10:18 p.m.17 views

GHSA-JRM4-4PCF-4763 ciguard: Container image runs as root (no USER directive)

Summary The published ghcr.io/jo-jo98/ciguard container image inherits the default root user because the Dockerfile lacks a USER directive. ciguard is a static analyser with no need for root privileges; running as root inside a container makes any future container-runtime escape CVE more impactfu...

3CVSS5.8AI score0.00122EPSS
Exploits0References5
OSV
OSV
added 2026/04/01 8:41 a.m.3 views

BIT-GRAFANA-2026-27877 Public dashboards discloses all direct mode datasources

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...

7.5CVSS5.8AI score0.00309EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2026/03/31 8:31 a.m.7 views

SUSE CVE-2026-27877

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...

7.5CVSS5.8AI score0.00309EPSS
Exploits0References11
Grafana
Grafana
added 2026/03/30 12:0 a.m.11 views

Public dashboards discloses all direct mode datasources

When using public dashboards and direct data-sources, all direct data-sources’ passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...

7.5CVSS5.8AI score0.00309EPSS
Exploits0
OSV
OSV
added 2026/03/27 3:30 p.m.5 views

GHSA-3Q27-7QJQ-P9C5 Grafana public dashboards disclose all direct mode datasources

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...

6.5CVSS5.9AI score0.00309EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/27 3:30 p.m.6 views

Grafana public dashboards disclose all direct mode datasources

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...

7.5CVSS5.8AI score0.00309EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/27 3:16 p.m.3 views

UBUNTU-CVE-2026-27877

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...

7.5CVSS5.8AI score0.00309EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/03/27 3:16 p.m.10 views

CVE-2026-27877

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...

7.5CVSS5.8AI score0.00309EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/27 2:2 p.m.6 views

CVE-2026-27877

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...

7.5CVSS5.8AI score0.00309EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2026/03/27 2:2 p.m.4 views

CVE-2026-27877

When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve...

7.5CVSS5.2AI score0.00309EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.5 views

PT-2026-28370

Name of the Vulnerable Software and Affected Versions Versions affected versions not specified Description When using public dashboards and direct data-sources, passwords for direct data-sources are exposed even if they are not actively used in dashboards. Passwords for proxied data-sources are n...

7.5CVSS5.6AI score0.00309EPSS
Exploits0References117
Packet Storm News
Packet Storm News
added 2026/03/20 12:0 a.m.3 views

Full Network Nonlocality Based Security in Quantum Key Distribution

In the last decade research of quantum nonlocality has moved beyond the regime of standard Bell nonlocality to consider network-based experimental set-ups involving multiple independent sources. Notion of full network nonlocality has emerged as some truly network phenomena that cannot be realized...

5.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/03/18 11:19 a.m.16 views

Apple patches WebKit bug that could let sites access your data

Apple has released a Background Security Improvement to patch a flaw that could allow malicious websites to bypass browser protections and access data from other sites. What is it? The patched WebKit vulnerability is described as: “A cross-origin issue in the Navigation API was addressed with...

5.4CVSS5.7AI score0.00354EPSS
Exploits2
Microsoft CVE
Microsoft CVE
added 2026/01/15 9:6 a.m.5 views

ip6_gre: make ip6gre_header() robust

...

9.8CVSS5.4AI score0.00114EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/23 12:0 a.m.5 views

On the Effectiveness of Instruction-Tuning Local LLMs for Identifying Software Vulnerabilities

Large Language Models LLMs show significant promise in automating software vulnerability analysis, a critical task given the impact of security failure of modern software systems. However, current approaches in using LLMs to automate vulnerability analysis mostly rely on using online API-based LL...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/14 10:9 p.m.8 views

EUVD-2024-19274

Memos' Access Tokens Stay Valid after User Password Change...

7.1CVSS6.4AI score0.00254EPSS
Exploits1References4
OSV
OSV
added 2025/11/14 10:9 p.m.3 views

GHSA-MR34-8733-GRR2 Memos' Access Tokens Stay Valid after User Password Change

Summary Access Tokens are used to authenticate application access. When a user changes their password, the existing list of Access Tokens stay valid instead of expiring. If a user finds that their account has been compromised, they can update their password. The bad actor though will still have...

7.1CVSS6.9AI score0.00254EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-6329

Malware in sbrugna...

9.8CVSS9AI score0.02505EPSS
Exploits0References2
Rows per page
Query Builder