Lucene search
K

359 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-481 praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id}

Summary Type: Vertical privilege escalation. The PATCH /workspaces/workspaceid/members/userid endpoint is gated by requireworkspacememberworkspaceid, which defaults to minrole="member" and is never overridden by the route. The handler then calls MemberService.updateroleworkspaceid, userid,...

9.6CVSS5.8AI score0.00032EPSS
Exploits0References5
OSV
OSV
added 2026/06/26 8:50 p.m.3 views

CVE-2026-55069 Kestra BasicAuth Password Stored as SHA-512 Enables Offline Brute-Force Attack

Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAuth authentication component of the Kestra OSS workflow orchestration platform. An attacker who gains read access to the PostgreSQL database can exploit SHA-512's high computatio...

8.7CVSS6AI score0.00158EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.11 views

PT-2026-45066

Name of the Vulnerable Software and Affected Versions praisonai-platform affected versions not specified Description A vertical privilege escalation exists where a user with the lowest privilege level can promote themselves to a workspace owner. The issue occurs because the PATCH...

9.6CVSS5.8AI score0.00032EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.22 views

PT-2026-44332

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description An inconsistency exists in the calculation of sub-sampled plane dimensions within the drm gem fb init with funcs function. While the framebuffer check function uses DIV ROUND UP to round up...

7.8CVSS5.9AI score0.00139EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: fbdev: sisfb: Fixed strbuf array overflow issue. The values of the variables xres and yres are stored in strbuf. These variables are obtained from strbuf1. The strbuf1 array contains digit characters, and a space if the array...

7.8CVSS6.6AI score0.00255EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.12 views

Net::Statsd::Lite 注入漏洞

Net::Statsd::Lite is a lightweight StatsD client developed by Robert Rothenberg, which supports multiple metric data packets. Versions of Net::Statsd::Lite prior to 0.9.0 have a injection vulnerability. This vulnerability arises from the lack of checks for line breaks, colons, or vertical bars in...

6.5CVSS5.8AI score0.00306EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/24 5:26 p.m.5 views

CVE-2026-41680 Marked: OOM Denial of Service via Infinite Recursion in marked Tokenizer

Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service DoS vulnerability exists in marked. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline \x09\x0b\n—an unauthenticated attacker can trigger an infinite recursion loop during...

8.7CVSS5.4AI score0.00342EPSS
Exploits1References1
Wolfi
Wolfi
added 2026/04/11 2:51 a.m.12 views

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: trivy-operator, logstash-exporter, eksctl, kuberlr, opensearch-k8s-operator, aws-s3-controller, portieris, sriov-network-device-plugin, vt-cli, supercronic, nri-postgresql, docker-cli, grafana-rollout-operator, chart-testing, cert-manager-cmctl, s5cmd, gatekeeper,...

7.5CVSS6.9AI score0.00349EPSS
Exploits0
OSV
OSV
added 2026/04/01 9:43 a.m.8 views

CLEANSTART-2026-MQ21261 Security fixes for CVE-2025-47911, CVE-2025-58190, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27141, CVE-2026-27142 applied in versions: 1.5.1-r0, 1.5.1-r1, 1.5.1-r2, 1.5.1-r3

Multiple security vulnerabilities affect the vertical-pod-autoscaler package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS6.9AI score0.00765EPSS
Exploits5References29
OSV
OSV
added 2026/03/20 3:26 p.m.8 views

OPENSUSE-SU-2026:20409-1 Security update for harfbuzz

This update for harfbuzz fixes the following issues: Update to version 11.4.5: Security fixes: - CVE-2026-22693: Fixed a NULL pointer dereference in SubtableUnicodesCache::create bsc1256459. Other fixes: - Bug fixes for “AAT” shaping, and other shaping micro optimizations. - Fix a shaping...

5.3CVSS5.8AI score0.00377EPSS
Exploits1References2
Wolfi
Wolfi
added 2026/03/03 7:48 a.m.5 views

GHSA-8FJ7-8H3W-XWFM vulnerabilities

Vulnerabilities for packages: flux-operator, trivy-operator, crossplane-provider-aws-elasticache, grafana-alloy, apko, flux-kustomize-controller, crossplane-provider-aws-sns, kube-rbac-proxy, cloud-sql-proxy, crossplane-provider-aws-cloudfront, gitlab-pages, kube-vip, opa, descheduler, sops, zot,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/03/03 7:48 a.m.7 views

CVE-2026-27141 vulnerabilities

Vulnerabilities for packages: flux-operator, trivy-operator, crossplane-provider-aws-elasticache, grafana-alloy, apko, flux-kustomize-controller, crossplane-provider-aws-sns, kube-rbac-proxy, cloud-sql-proxy, crossplane-provider-aws-cloudfront, gitlab-pages, kube-vip, opa, descheduler, sops, zot,...

7.5CVSS7AI score0.00501EPSS
Exploits0
Chainguard
Chainguard
added 2026/03/03 7:17 a.m.6 views

GHSA-8FJ7-8H3W-XWFM vulnerabilities

Vulnerabilities for packages: aws-ebs-csi-driver, kubo-fips, cg, telegraf, flux-operator-fips, external-dns, cloud-sql-proxy-fips, kyverno-policy-reporter-fips, crossplane-provider-aws-iam, apko, crossplane-provider-aws-backup, crossplane-provider-aws-cloudwatchlogs, crossplane-provider-aws-lambd...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/03/03 7:17 a.m.10 views

CVE-2026-27141 vulnerabilities

Vulnerabilities for packages: aws-ebs-csi-driver, kubo-fips, cg, telegraf, flux-operator-fips, external-dns, cloud-sql-proxy-fips, kyverno-policy-reporter-fips, crossplane-provider-aws-iam, apko, crossplane-provider-aws-backup, crossplane-provider-aws-cloudwatchlogs, crossplane-provider-aws-lambd...

7.5CVSS7AI score0.00501EPSS
Exploits0
Wolfi
Wolfi
added 2026/02/10 1:48 p.m.16 views

CVE-2025-61732 vulnerabilities

Vulnerabilities for packages: prometheus-alertmanager, gomplate, logstash-exporter, src-fingerprint, kuberlr, opensearch-k8s-operator, gops, grafana-alloy, aws-s3-controller, portieris, sriov-network-device-plugin, vt-cli, supercronic, octo-sts, flux-kustomize-controller, terraform-provider-googl...

8.6CVSS7AI score0.00472EPSS
Exploits0
Wolfi
Wolfi
added 2026/02/10 1:48 p.m.27 views

CVE-2025-68121 vulnerabilities

Vulnerabilities for packages: prometheus-alertmanager, gomplate, logstash-exporter, src-fingerprint, kuberlr, opensearch-k8s-operator, grafana-alloy, aws-s3-controller, portieris, sriov-network-device-plugin, vt-cli, supercronic, octo-sts, flux-kustomize-controller, terraform-provider-google,...

10CVSS6.8AI score0.00765EPSS
Exploits1
Wolfi
Wolfi
added 2026/02/10 1:48 p.m.11 views

GHSA-H355-32PF-P2XM vulnerabilities

Vulnerabilities for packages: prometheus-alertmanager, gomplate, logstash-exporter, src-fingerprint, kuberlr, opensearch-k8s-operator, grafana-alloy, aws-s3-controller, portieris, sriov-network-device-plugin, vt-cli, supercronic, octo-sts, flux-kustomize-controller, terraform-provider-google,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/02/10 1:17 p.m.15 views

CVE-2025-61732 vulnerabilities

Vulnerabilities for packages: velero-plugin-for-csi-fips, otel-cli, kubernetes-dashboard-metrics-scraper, nri-mssql, velero-plugin-for-gcp, aws-ebs-csi-driver, crossplane-provider-kubernetes-fips, kubo-fips, langfuse, nfpm, hivemind, kubernetes-csi-livenessprobe, kube-conformance, spark-operator,...

8.6CVSS7AI score0.00472EPSS
Exploits0
Chainguard
Chainguard
added 2026/02/10 1:17 p.m.11 views

CVE-2025-68121 vulnerabilities

Vulnerabilities for packages: otel-cli, kubernetes-dashboard-metrics-scraper, nri-mssql, aws-ebs-csi-driver, crossplane-provider-kubernetes-fips, kubo-fips, langfuse, nfpm, kubernetes-csi-livenessprobe, spark-operator, kube-conformance, chartmuseum, kiali, kyverno-policy-reporter-fips, mcp-grafan...

10CVSS6.8AI score0.00765EPSS
Exploits1
Chainguard
Chainguard
added 2026/02/10 1:17 p.m.7 views

GHSA-8JVR-VH7G-F8GX vulnerabilities

Vulnerabilities for packages: velero-plugin-for-csi-fips, otel-cli, kubernetes-dashboard-metrics-scraper, nri-mssql, velero-plugin-for-gcp, aws-ebs-csi-driver, crossplane-provider-kubernetes-fips, kubo-fips, langfuse, nfpm, hivemind, kubernetes-csi-livenessprobe, kube-conformance, spark-operator,...

6.1AI score
Exploits0
Rows per page
Query Builder