Lucene search
K

96 matches found

SUSE CVE
SUSE CVE
added 2026/04/27 1:50 a.m.6 views

SUSE CVE-2009-0895

Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and 8.8.x before 8.8.5.2 allows remote attackers to execute arbitrary code via an NDS Verb 0x1 request containing a large integer value that triggers a heap-based buffer overflow...

10CVSS6.5AI score0.06822EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2026/02/24 12:24 a.m.3 views

SUSE CVE-2026-27111

Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the abili...

5.3CVSS5.8AI score0.00175EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/22 1:28 a.m.6 views

CVE-2026-27111

Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the abili...

5.3CVSS5.6AI score0.00175EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 10:16 p.m.5 views

CVE-2026-27111

Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the abili...

5.3CVSS0.00175EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/20 9:17 p.m.27 views

CVE-2026-27111 Kargo has Missing Authorization Vulnerabilities in Approval & Promotion REST API Endpoints

Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the abili...

5.3CVSS0.00175EPSS
Exploits0References2
OSV
OSV
added 2026/02/20 9:17 p.m.4 views

CVE-2026-27111 Kargo has Missing Authorization Vulnerabilities in Approval & Promotion REST API Endpoints

Kargo manages and automates the promotion of software artifacts. From v1.9.0 to v1.9.2, Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the abili...

5.3CVSS5.6AI score0.00175EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/19 3:16 p.m.5 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the REST API, Kargo’s authorization model fails to enforce the non-standard promote "dolphin verb" across three specific endpoints. While this sensitive operation is correctly gated in the legacy gRPC API, the...

5.3CVSS5.7AI score0.00175EPSS
Exploits0References2
OSV
OSV
added 2026/02/19 3:16 p.m.4 views

GHSA-5VVM-67PJ-72G4 Kargo has Missing Authorization Vulnerabilities in Approval & Promotion REST API Endpoints

Summary Kargo's authorization model includes a promote verb -- a non-standard Kubernetes "dolphin verb" -- that gates the ability to advance Freight through a promotion pipeline. This verb exists to separate the ability to manage promotion-related resources from the ability to trigger promotions,...

5.3CVSS5.9AI score0.00175EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.7 views

PT-2026-21302

Name of the Vulnerable Software and Affected Versions Kargo versions 1.9.0 through 1.9.2 Description Kargo manages and automates the promotion of software artifacts. The authorization model includes a 'promote' verb intended to control access to promotion pipelines. While correctly enforced in th...

9.9CVSS5.2AI score0.27661EPSS
Exploits45References115
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2014-5073

Malware in sbrugna...

7.5CVSS6.4AI score0.01956EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-17364

Malware in sbrugna...

8.8CVSS8.6AI score0.05732EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-14338

Malware in sbrugna...

4.3CVSS4.8AI score0.00888EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-26026

Malware in sbrugna...

8.1CVSS8.2AI score0.01101EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2022-35580

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.0161EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/08/27 6:47 p.m.8 views

CVE-2025-58050 PCRE2: heap-buffer-overflow read in match_ref due to missing boundary restoration in SCS

The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the scs:... Scan SubString verb when combined with...

6.9CVSS0.00693EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/08/27 12:0 a.m.3 views

PT-2025-34928

Name of the Vulnerable Software and Affected Versions: PCRE2 library versions prior to 10.46 Description: The PCRE2 library contains a heap-buffer-overflow read vulnerability in the regular expression matching engine. The issue occurs within the handling of the scs:... Scan SubString verb when...

9.4CVSS5.9AI score0.00693EPSS
Exploits1References30
Vulnrichment
Vulnrichment
added 2024/10/08 3:21 a.m.11 views

CVE-2024-45282 HTTP Verb Tampering in SAP S/4 HANA(Manage Bank Statements)

Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations...

4.3CVSS7AI score0.00293EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/08 3:21 a.m.19 views

CVE-2024-45282 HTTP Verb Tampering in SAP S/4 HANA(Manage Bank Statements)

Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations...

4.3CVSS0.00293EPSS
Exploits0References2
CVE
CVE
added 2024/10/08 3:21 a.m.52 views

CVE-2024-45282

CVE-2024-45282 affects SAP S/4HANA, specifically the Manage Bank Statements component and its Bank Statement Draft. Fields in the read-only state can be modified via the MERGE method, leading to integrity violations in an OData entity. Root cause: lack of protection against external modifications...

5.3CVSS4.8AI score0.00293EPSS
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.204 views

HTTP Verb Authentication Bypass Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP Verb Authentication Bypass Scanner', 'Description' = %q This module test for authentication bypass using different HTTP verbs. , 'Author' =...

7.4AI score
Exploits0
Rows per page
Query Builder