89 matches found
GHSA-F5MR-Q85P-6HH6 vulnerabilities
Vulnerabilities for packages: flux-source-controller, kyverno, kyverno-notation-aws, ratify, kots, aactl, undock, witness, buildah, gitsign, kubescape, podman, skopeo, slsa-verifier, zarf, tekton-chains, falcoctl...
CVE-2026-49478 vulnerabilities
Vulnerabilities for packages: flux-source-controller, kyverno, kyverno-notation-aws, ratify, kots, aactl, undock, witness, buildah, gitsign, kubescape, podman, skopeo, slsa-verifier, zarf, tekton-chains, falcoctl...
GHSA-RM3J-F69W-WQMQ vulnerabilities
Vulnerabilities for packages: kargo, prometheus, argo-events, cilium-cli, pulumi-kubernetes-operator, terragrunt, gatus, crossplane-provider-aws-lambda, traefik, kubernetes-dashboard, sops, kyverno, docker-cli-buildx, rancher, wal-g, opentelemetry-collector, crossplane-provider-azure-authorizatio...
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: kargo, prometheus, argo-events, cilium-cli, pulumi-kubernetes-operator, terragrunt, gatus, kubernetes-dashboard, sops, kyverno, docker-cli-buildx, rancher, wal-g, opentelemetry-collector, crossplane-provider-azure-authorization, gomplate, docker, policy-controller,...
GHSA-F5WC-C3C7-36MC vulnerabilities
Vulnerabilities for packages: prometheus, argo-events, cilium-cli, pulumi-kubernetes-operator, terragrunt, kubernetes-dashboard, kyverno, docker-cli-buildx, rancher, opentelemetry-collector, gomplate, act, snyk-cli, kubescape, step, dagger, go-discover, flux-image-automation-controller, teleport,...
CVE-2026-10056
CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account...
EUVD-2026-33262
CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account...
CVE-2026-10056
CVE-2026-10056 – Nx Witness VMS : A CORS misconfiguration in the REST API (pre-6.1.2) running in Standard security mode on Linux/Windows allows an unauthenticated attacker to exfiltrate a user session token and perform Administrator Account Takeover via a malicious cross-origin page. The High sec...
Network Optix Nx Witness VMS 安全漏洞
Network Optix Nx Witness VMS is a video management system developed by the American company Network Optix. Versions of Network Optix Nx Witness VMS prior to version 6.1.2 contained security vulnerabilities. These vulnerabilities were caused by incorrect CORS configurations in the REST API, which...
PT-2026-44762
CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account...
midnight-ownpublickey-attack
Bounty 295: Why ownPublicKey Can't Be Trusted for Access...
CVE-2026-44714
The bitcoinj library is a Java implementation of the Bitcoin protocol. Prior to 0.17.1, ScriptExecution.correctlySpends contains two fast-path verification bugs for standard P2PKH and native P2WPKH spends in core/src/main/java/org/bitcoinj/script/ScriptExecution.java. In both branches, bitcoinj...
CVE-2026-44714 bitcoinj: ScriptExecution P2PKH/P2WPKH Verification Bypass
The bitcoinj library is a Java implementation of the Bitcoin protocol. Prior to 0.17.1, ScriptExecution.correctlySpends contains two fast-path verification bugs for standard P2PKH and native P2WPKH spends in core/src/main/java/org/bitcoinj/script/ScriptExecution.java. In both branches, bitcoinj...
CVE-2026-44714
CVE-2026-44714 affects the bitcoinj Java library prior to 0.17.1. The issue lives in ScriptExecution.correctlySpends() and creates two fast-path verification bugs for P2PKH and native P2WPKH spends. In both paths, the code validates an attacker-controlled signature/public-key pair but does not ve...
GHSA-HFCF-V2F8-X9PC bitcoinj has a ScriptExecution P2PKH/P2WPKH Verification Bypass
Summary ScriptExecution.correctlySpends contains two fast-path verification bugs for standard P2PKH and native P2WPKH spends in core/src/main/java/org/bitcoinj/script/ScriptExecution.java. In both branches, bitcoinj verifies an attacker-controlled signature/public-key pair but fails to verify tha...
PT-2026-39293
Summary ScriptExecution.correctlySpends contains two fast-path verification bugs for standard P2PKH and native P2WPKH spends in core/src/main/java/org/bitcoinj/script/ScriptExecution.java. In both branches, bitcoinj verifies an attacker-controlled signature/public-key pair but fails to verify tha...
CVE-2026-39984 vulnerabilities
Vulnerabilities for packages: kyverno-notation-aws, ratify, tflint, cosign, zot, neuvector-sigstore-interface, trivy-operator, buildkitd, kyverno, docker-cli-buildx, vexctl, docker, policy-controller, ko, zarf, aactl, skaffold, goreleaser, gitsign, kubescape, tkn, flux-source-controller, gh,...
GHSA-XM5M-WGH2-RRG3 vulnerabilities
Vulnerabilities for packages: kyverno-notation-aws, ratify, tflint, cosign, zot, neuvector-sigstore-interface, trivy-operator, buildkitd, kyverno, docker-cli-buildx, vexctl, docker, policy-controller, ko, zarf, aactl, skaffold, goreleaser, gitsign, kubescape, tkn, flux-source-controller, gh,...
GHSA-X4JJ-H2V8-HQQV vulnerabilities
Vulnerabilities for packages: gitlab-kas-fips, kaf, tkn, aws-flb-cloudwatch, commercial-chainloop-cli, kbld, libnvidia-container, sonobuoy, commercial-grafana, kubernetes, crossplane, mesosphere-vsphere-csi-fips, ingress-nginx-controller, traefik-fips, xeol-fips, crossplane-fips, k9s-fips, task,...
CVE-2026-32288 vulnerabilities
Vulnerabilities for packages: gitlab-kas-fips, kaf, tkn, aws-flb-cloudwatch, commercial-chainloop-cli, kbld, libnvidia-container, sonobuoy, commercial-grafana, kubernetes, crossplane, mesosphere-vsphere-csi-fips, ingress-nginx-controller, traefik-fips, xeol-fips, crossplane-fips, k9s-fips, task,...