GHSA-W8RR-5GCM-PP58 vulnerabilities

Vulnerabilities for packages: cg, opentelemetry-collector-contrib-fips, cloudprober, beats-fips, kubescape-operator-fips, keda, caddy, gitlab-cng-fips, spicedb, cerbos-fips, datadog-agent-fips, kubescape, headlamp-fips, loki, opentelemetry-collector-fips, argo-workflows-fips, spicedb-fips,...

CVE-2026-39882 vulnerabilities

Vulnerabilities for packages: cg, opentelemetry-collector-contrib-fips, cloudprober, beats-fips, kubescape-operator-fips, keda, caddy, gitlab-cng-fips, spicedb, cerbos-fips, datadog-agent-fips, kubescape, headlamp-fips, loki, opentelemetry-collector-fips, argo-workflows-fips, spicedb-fips,...

BIT-MINIO-2026-33419 MinIO: LDAP login brute-force via user enumeration and missing rate limit

MinIO is a high-performance object storage system. Prior to 2026.03.17, MinIO AIStor's STS Security Token Service AssumeRoleWithLDAPIdentity endpoint is vulnerable to LDAP credential brute-forcing due to two combined weaknesses: 1 distinguishable error responses that enable username enumeration,...

CVE-2026-33419

MinIO AIStor STS endpoint AssumeRoleWithLDAPIdentity is vulnerable to LDAP credential brute-forcing due to username enumeration via distinguishable error responses and no rate limiting. An unauthenticated attacker can enumerate LDAP usernames and perform unlimited password guesses to obtain tempo...

GHSA-JV87-32HW-HH99 MinIO LDAP login brute-force via user enumeration and missing rate limit

Impact What kind of vulnerability is it? Who is impacted? MinIO AIStor's STS Security Token Service AssumeRoleWithLDAPIdentity endpoint is vulnerable to LDAP credential brute-forcing due to two combined weaknesses: 1 distinguishable error responses that enable username enumeration, and 2 absence ...

CVE-2026-23759

Perle IOLAN STS/SCS terminal server models with firmware versions prior to 6.0 allow authenticated OS command injection via the restricted shell accessed over Telnet or SSH. The shell 'ps' command does not perform proper argument sanitization and passes user-supplied parameters into an 'sh -c'...

CVE-2026-23759

Perle IOLAN STS/SCS terminal server models with firmware versions prior to 6.0 allow authenticated OS command injection via the restricted shell accessed over Telnet or SSH. The shell 'ps' command does not perform proper argument sanitization and passes user-supplied parameters into an 'sh -c'...

CVE-2026-23759

CVE-2026-23759 affects Perle IOLAN STS/SCS terminal server models with firmware earlier than 6.0. The issue is an authenticated OS command injection via the restricted shell accessed over Telnet or SSH. The shell's handling of the ps subcommand does not sanitize arguments, passing user-supplied p...

CVE-2019-16791

In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy...

Exploit for CVE-2025-62506

CVE-2025-62506 Vulnerability Verification Script !中文https...

EUVD-2020-0149

Malware in sbrugna...

EUVD-2018-11648

Malware in sbrugna...

SUSE CVE-2025-52477

Octo-STS is a GitHub App that acts like a Security Token Service STS for the GitHub API. Octo-STS versions before v0.5.3 are vulnerable to unauthenticated SSRF by abusing fields in OpenID Connect tokens. Malicious tokens were shown to trigger internal network requests which could reflect error lo...

GO-2025-3779 Octo STS Unauthenticated SSRF by abusing fields in OpenID Connect tokens in github.com/octo-sts/app

Octo STS Unauthenticated SSRF by abusing fields in OpenID Connect tokens in github.com/octo-sts/app...

GHSA-H3QP-HWVR-9XCQ vulnerabilities

Vulnerabilities for packages: octo-sts...

CVE-2025-52477 vulnerabilities

Vulnerabilities for packages: octo-sts...

CVE-2025-52477 vulnerabilities

Vulnerabilities for packages: octo-sts...

GHSA-H3QP-HWVR-9XCQ vulnerabilities

Vulnerabilities for packages: octo-sts...

CVE-2025-52477

Octo-STS is a GitHub App that acts like a Security Token Service STS for the GitHub API. Octo-STS versions before v0.5.3 are vulnerable to unauthenticated SSRF by abusing fields in OpenID Connect tokens. Malicious tokens were shown to trigger internal network requests which could reflect error lo...

GHSA-H3QP-HWVR-9XCQ Octo STS Unauthenticated SSRF by abusing fields in OpenID Connect tokens

Summary Octo-STS versions before v0.5.3 are vulnerable to unauthenticated SSRF by abusing fields in OpenID Connect tokens. Malicious tokens were shown to trigger internal network requests which could reflect error logs with sensitive information. Please upgrade to v0.5.3 to resolve this issue. Th...