Lucene search
+L

103 matches found

osv
osv
added 6 days ago1 views

MINI-VPC7-XPGQ-3G9H

Bulletin has no description...

6.1CVSS6.1AI score0.00182EPSS
Exploits0
osv
osv
added 2026/07/09 1:16 p.m.2 views

SUSE-RU-2026:2816-1 Recommended update for python-aioresponses, python-google-api-core, python-google-api-python-client, python-google-auth, python-google-auth-httplib2, python-google-cloud-appengine-logging, python-google-cloud-artifact-registry, python-google-cloud-audit-log, python-google-cloud-build, python-google-cloud-compute, python-google-cloud-core, python-google-cloud-dns, python-google-cloud-domains, python-google-cloud-iam, python-google-cloud-kms, python-google-cloud-kms-inventory, python-google-cloud-logging, python-google-cloud-run, python-google-cloud-secret-manager, python-google-cloud-service-directory, python-google-cloud-spanner, python-google-cloud-storage, python-google-cloud-vpc-access, python-google-crc32c, python-google-resumable-media, python-googleapis-common-protos, python-grpc-google-iam-v1, python-grpc-interceptor, python-mmh3, python-mypy, python-opentelemetry-resourcedetector-gcp, python-poetry-core, python-proto-plus, python-pytest-asyncio, python-syrupy, python-typed-ast, python-uritemplate, python-dnspython, python-trio, python-websocket-client

This update for python-aioresponses, python-google-api-core, python-google-api-python-client, python-google-auth, python-google-auth-httplib2, python-google-cloud-appengine-logging, python-google-cloud-artifact-registry, python-google-cloud-audit-log, python-google-cloud-build,...

7CVSS6.8AI score0.01857EPSS
Exploits1References4
cgr
cgr
added 2026/06/26 8:22 p.m.19 views

GHSA-Q4H4-GMJ2-QVW2 vulnerabilities

Vulnerabilities for packages: external-secrets-operator-fips, crossplane-provider-azure-synapse, gh, falcoctl, ko-fips, flux-source-controller-fips, spire-server, gitlab-workhorse-ce, grype-fips, crossplane-provider-azure-powerbidedicated, opentofu, zitadel, commercial-grafana, prometheus,...

6.1AI score
Exploits0
cgr
cgr
added 2026/06/26 8:22 p.m.9 views

GHSA-RM3J-F69W-WQMQ vulnerabilities

Vulnerabilities for packages: external-secrets-operator-fips, crossplane-provider-azure-synapse, gh, falcoctl, ko-fips, flux-source-controller-fips, spire-server, gitlab-workhorse-ce, grype-fips, crossplane-provider-azure-powerbidedicated, opentofu, zitadel, commercial-grafana, prometheus,...

6.1AI score
Exploits0
nvd
nvd
added 2026/06/22 6:16 p.m.14 views

CVE-2026-54287

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attribute...

5.3CVSS0.00186EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/22 5:18 p.m.4 views

CVE-2026-54288

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, the Body Limit Middleware trusts the request's Content-Length header to decide whether a body is within the limit. On AWS Lambda API Gateway v1/v2, ALB, VPC Lattice, and Lambda@Edge the body is...

6.5CVSS5.8AI score0.00103EPSS
Exploits0References2Affected Software1
snyk
snyk
added 2026/06/16 2:8 p.m.10 views

Improper Encoding or Escaping of Output

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the AWS Lambda adapter's handling of multiple Set-Cookie headers. An attacker can cause clients to drop or misinterpret cookies by triggering...

6.9CVSS5.9AI score0.00186EPSS
Exploits0References2
github
github
added 2026/06/16 2:8 p.m.16 views

hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice

Summary On AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attributes for example Expires dates, clients cannot split the value back into individual cookies and...

5.3CVSS5.3AI score0.00186EPSS
Exploits0References2Affected Software1
ibm
ibm
added 2026/06/03 3:56 p.m.14 views

Security Bulletin: CockroachDB PostgreSQL for IBM VPC is vulnerable to privilege escalation when using RESTORE SYSTEM USERS functionality (CVE-2026-9839)

Summary CockroachDB PostgreSQL for IBM VPC is vulnerable to privilege escalation when using RESTORE SYSTEM USERS functionality CVE-2026-9839 Vulnerability Details CVEID:CVE-2026-9839 DESCRIPTION: CockroachDB PostgreSQL for IBM VPC is vulnerable to privilege escalation when using RESTORE SYSTEM...

5.8AI score
Exploits0Affected Software1
qualysblog
qualysblog
added 2026/06/02 4:0 p.m.34 views

The HazyBeacon Protocol – How Malware Weaponizes Amazon Web Services (AWS) Lambda Function URLs

Key Takeaways HazyBeacon CL-STA-1020 targets Southeast Asian government networks by abusing AWS Lambda Function URLs configured with AuthType: NONE as stealth command-and-control relays. Attackers use stolen IAM credentials to deploy Lambda functions that proxy malware communications through...

5.7AI score
Exploits0
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-15732

Malware in sbrugna...

7.8CVSS7.6AI score0.01738EPSS
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-50703

Malicious code in bioql PyPI...

6.8CVSS6.5AI score0.00081EPSS
Exploits0References1
ossf
ossf
added 2025/08/14 6:52 p.m.5 views

Malicious code in @epc-infra/vpc-stack (npm)

The package @epc-infra/vpc-stack was found to contain malicious code...

7AI score
Exploits0
osv
osv
added 2025/08/14 6:52 p.m.3 views

MAL-2025-7840 Malicious code in @epc-infra/vpc-stack (npm)

The package @epc-infra/vpc-stack was found to contain malicious code...

7.2AI score
Exploits0
redhatcve
redhatcve
added 2025/05/23 6:51 a.m.6 views

CVE-2024-12236

A security issue exists in Vertex Gemini API for customers using VPC-SC. By utilizing a custom crafted file URI for image input, data exfiltration is possible due to requests being routed outside the VPC-SC security perimeter, circumventing the intended security restrictions of VPC-SC. No further...

6.8CVSS6.9AI score0.00081EPSS
Exploits0References1
wizblog
wizblog
added 2025/03/20 12:0 p.m.24 views

How to use the new CloudTrail network activity events for AWS VPC Endpoints

Learn how AWS VPC Endpoint CloudTrail logs can help you troubleshoot endpoint policies and strengthen your network's security against data exfiltration...

7.3AI score
Exploits0
nvd
nvd
added 2024/12/18 4:15 a.m.12 views

CVE-2024-12432

The WPC Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to account takeover and privilege escalation in all versions up to, and including, 1.2.8. This is due to the 'generatekey' function not producing a sufficiently random value. This makes it possible for authenticated...

8.1CVSS0.00546EPSS
Exploits0References2
cvelist
cvelist
added 2024/12/11 8:57 a.m.22 views

CVE-2024-12004 WPC Order Notes for WooCommerce <= 1.5.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

The WPC Order Notes for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.2. This is due to missing or incorrect nonce validation on the ajaxupdateordernote function. This makes it possible for unauthenticated attackers to injec...

6.1CVSS0.002EPSS
Exploits0References4
nvd
nvd
added 2024/12/10 3:15 p.m.26 views

CVE-2024-12236

A security issue exists in Vertex Gemini API for customers using VPC-SC. By utilizing a custom crafted file URI for image input, data exfiltration is possible due to requests being routed outside the VPC-SC security perimeter, circumventing the intended security restrictions of VPC-SC. No further...

6.8CVSS0.00081EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/12/10 3:7 p.m.6 views

CVE-2024-12236 Use of Custom URI for media inputs with VPC-SC enabled potentially leads to data exfiltration

A security issue exists in Vertex Gemini API for customers using VPC-SC. By utilizing a custom crafted file URI for image input, data exfiltration is possible due to requests being routed outside the VPC-SC security perimeter, circumventing the intended security restrictions of VPC-SC. No further...

6.8CVSS6.9AI score0.00081EPSS
Exploits0References1
Rows per page
Query Builder