1790 matches found
ethical-hacking-security-labs
Ethical Hacking & Network Security Lab Portfolio A hands-on...
Systems-and-Cyber-Security-Coursework
CSI6SCS2526 — Systems and Cyber Security Coursework Gr...
CVE-2026-39910
STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT...
CVE-2026-39910
The CVE-2026-39910 entry concerns STACKIT IaaS API: a missing authorization check lets an authenticated, low-privileged attacker attach arbitrary service accounts to owned virtual machines, escalating to full org compromise. The attacker can use the unvalidated PUT /servers/service-accounts endpo...
CVE-2026-39910 STACKIT IaaS API Privilege Escalation via Service Account Attachment
STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT...
EUVD-2026-35128
STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT...
CVE-2026-39910 STACKIT IaaS API Privilege Escalation via Service Account Attachment
STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT...
CVE-2026-39910
STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT...
CVE-2026-46295
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Do IRR scan in kvmapicupdateirr even if PIR is empty Fall back to apicfindhighestvector when PID.ON is set but PIR turns out to be empty, to correctly report the highest pending interrupt from the existing IRR. In a...
PT-2026-47345
STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary service accounts to virtual machines they control. Attackers can exploit the unvalidated PUT...
CVE-2026-35337
Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6. Description: When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using ObjectInputStream.readObject without any class filtering or...
CVE-2026-34177
Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden lxd/project/limits/permissions.go, which omits raw.apparmor and raw.qemu.conf from the set of keys blocked under the restricted.virtual-machines.lowlevel=block project restriction. A remote...
Malicious Package
Overview @cloudplatform-single-spa/vcenter-virtual-machines is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...
Formal Verification of Secure Encrypted Virtualization
Trusted execution environments TEEs provide a secure environment for data and code in use, ensuring that they are protected with respect to confidentiality and integrity. Virtual machine VM-based TEEs utilize virtualization technology to create isolated execution spaces that can support a complet...
NICE: A Framework for Declarative and Machine-Checkable Vulnerability Reproduction
Reproducing software vulnerabilities is fundamental to security researchers, open-source maintainers, and educators. Yet, vulnerabilities remain hard to reproduce today, and even when they can be reproduced, recreating a software environment where the vulnerability can be exploited becomes harder...
CVE-2025-35979
A flaw was found in the kernel. This vulnerability, affecting some IntelR Processors, involves shared microarchitectural predictor state that influences transient execution within VMX non-root guest operation. An unprivileged software adversary with an authenticated user can exploit this locally ...
[SECURITY] Fedora 44 Update: xen-4.21.1-3.fc44
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...
[SECURITY] Fedora 43 Update: xen-4.20.3-3.fc43
This package contains the XenD daemon and xm command line tools, needed to manage virtual machines running under the Xen hypervisor...
[SECURITY] Fedora 43 Update: rust-coreos-installer-0.26.0-2.fc43
coreos-installer installs Fedora CoreOS or RHEL CoreOS to bare-metal machines or, occasionally, to virtual machines...
[SECURITY] Fedora 44 Update: rust-coreos-installer-0.26.0-2.fc44
coreos-installer installs Fedora CoreOS or RHEL CoreOS to bare-metal machines or, occasionally, to virtual machines...