Lucene search
K

89 matches found

Wolfi
Wolfi
added 2026/07/01 8:21 p.m.16 views

GHSA-F5MR-Q85P-6HH6 vulnerabilities

Vulnerabilities for packages: flux-source-controller, kyverno, kyverno-notation-aws, ratify, kots, aactl, undock, witness, buildah, gitsign, kubescape, podman, skopeo, slsa-verifier, zarf, tekton-chains, falcoctl...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/07/01 8:21 p.m.14 views

CVE-2026-49478 vulnerabilities

Vulnerabilities for packages: flux-source-controller, kyverno, kyverno-notation-aws, ratify, kots, aactl, undock, witness, buildah, gitsign, kubescape, podman, skopeo, slsa-verifier, zarf, tekton-chains, falcoctl...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.15 views

GHSA-RM3J-F69W-WQMQ vulnerabilities

Vulnerabilities for packages: kargo, prometheus, argo-events, cilium-cli, pulumi-kubernetes-operator, terragrunt, gatus, crossplane-provider-aws-lambda, traefik, kubernetes-dashboard, sops, kyverno, docker-cli-buildx, rancher, wal-g, opentelemetry-collector, crossplane-provider-azure-authorizatio...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.8 views

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: kargo, prometheus, argo-events, cilium-cli, pulumi-kubernetes-operator, terragrunt, gatus, kubernetes-dashboard, sops, kyverno, docker-cli-buildx, rancher, wal-g, opentelemetry-collector, crossplane-provider-azure-authorization, gomplate, docker, policy-controller,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.6 views

GHSA-F5WC-C3C7-36MC vulnerabilities

Vulnerabilities for packages: prometheus, argo-events, cilium-cli, pulumi-kubernetes-operator, terragrunt, kubernetes-dashboard, kyverno, docker-cli-buildx, rancher, opentelemetry-collector, gomplate, act, snyk-cli, kubescape, step, dagger, go-discover, flux-image-automation-controller, teleport,...

6.1AI score
Exploits0
NVD
NVD
added 2026/05/29 9:16 a.m.15 views

CVE-2026-10056

CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account...

7.5CVSS0.00242EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 8:4 a.m.16 views

EUVD-2026-33262

CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account...

7.5CVSS5.8AI score0.00242EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 8:4 a.m.19 views

CVE-2026-10056

CVE-2026-10056 – Nx Witness VMS : A CORS misconfiguration in the REST API (pre-6.1.2) running in Standard security mode on Linux/Windows allows an unauthenticated attacker to exfiltrate a user session token and perform Administrator Account Takeover via a malicious cross-origin page. The High sec...

7.5CVSS5.8AI score0.00242EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

Network Optix Nx Witness VMS 安全漏洞

Network Optix Nx Witness VMS is a video management system developed by the American company Network Optix. Versions of Network Optix Nx Witness VMS prior to version 6.1.2 contained security vulnerabilities. These vulnerabilities were caused by incorrect CORS configurations in the REST API, which...

7.5CVSS5.9AI score0.00242EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.10 views

PT-2026-44762

CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account...

7.5CVSS5.8AI score0.00242EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/19 1:30 a.m.104 views

midnight-ownpublickey-attack

Bounty 295: Why ownPublicKey Can't Be Trusted for Access...

6.2AI score
Exploits0
NVD
NVD
added 2026/05/15 5:16 p.m.46 views

CVE-2026-44714

The bitcoinj library is a Java implementation of the Bitcoin protocol. Prior to 0.17.1, ScriptExecution.correctlySpends contains two fast-path verification bugs for standard P2PKH and native P2WPKH spends in core/src/main/java/org/bitcoinj/script/ScriptExecution.java. In both branches, bitcoinj...

7.5CVSS0.0027EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/15 4:51 p.m.7 views

CVE-2026-44714 bitcoinj: ScriptExecution P2PKH/P2WPKH Verification Bypass

The bitcoinj library is a Java implementation of the Bitcoin protocol. Prior to 0.17.1, ScriptExecution.correctlySpends contains two fast-path verification bugs for standard P2PKH and native P2WPKH spends in core/src/main/java/org/bitcoinj/script/ScriptExecution.java. In both branches, bitcoinj...

7.5CVSS5.9AI score0.0027EPSS
Exploits0References3
CVE
CVE
added 2026/05/15 4:51 p.m.25 views

CVE-2026-44714

CVE-2026-44714 affects the bitcoinj Java library prior to 0.17.1. The issue lives in ScriptExecution.correctlySpends() and creates two fast-path verification bugs for P2PKH and native P2WPKH spends. In both paths, the code validates an attacker-controlled signature/public-key pair but does not ve...

7.5CVSS5.9AI score0.0027EPSS
Exploits0References3
OSV
OSV
added 2026/05/08 5:43 p.m.48 views

GHSA-HFCF-V2F8-X9PC bitcoinj has a ScriptExecution P2PKH/P2WPKH Verification Bypass

Summary ScriptExecution.correctlySpends contains two fast-path verification bugs for standard P2PKH and native P2WPKH spends in core/src/main/java/org/bitcoinj/script/ScriptExecution.java. In both branches, bitcoinj verifies an attacker-controlled signature/public-key pair but fails to verify tha...

7.5CVSS5.9AI score0.0027EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.16 views

PT-2026-39293

Summary ScriptExecution.correctlySpends contains two fast-path verification bugs for standard P2PKH and native P2WPKH spends in core/src/main/java/org/bitcoinj/script/ScriptExecution.java. In both branches, bitcoinj verifies an attacker-controlled signature/public-key pair but fails to verify tha...

7.5CVSS5.9AI score0.0027EPSS
Exploits0References7
Wolfi
Wolfi
added 2026/04/17 1:48 a.m.13 views

CVE-2026-39984 vulnerabilities

Vulnerabilities for packages: kyverno-notation-aws, ratify, tflint, cosign, zot, neuvector-sigstore-interface, trivy-operator, buildkitd, kyverno, docker-cli-buildx, vexctl, docker, policy-controller, ko, zarf, aactl, skaffold, goreleaser, gitsign, kubescape, tkn, flux-source-controller, gh,...

5.5CVSS7AI score0.00099EPSS
Exploits0
Wolfi
Wolfi
added 2026/04/17 1:48 a.m.14 views

GHSA-XM5M-WGH2-RRG3 vulnerabilities

Vulnerabilities for packages: kyverno-notation-aws, ratify, tflint, cosign, zot, neuvector-sigstore-interface, trivy-operator, buildkitd, kyverno, docker-cli-buildx, vexctl, docker, policy-controller, ko, zarf, aactl, skaffold, goreleaser, gitsign, kubescape, tkn, flux-source-controller, gh,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/04/11 2:18 a.m.8 views

GHSA-X4JJ-H2V8-HQQV vulnerabilities

Vulnerabilities for packages: gitlab-kas-fips, kaf, tkn, aws-flb-cloudwatch, commercial-chainloop-cli, kbld, libnvidia-container, sonobuoy, commercial-grafana, kubernetes, crossplane, mesosphere-vsphere-csi-fips, ingress-nginx-controller, traefik-fips, xeol-fips, crossplane-fips, k9s-fips, task,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/04/11 2:18 a.m.10 views

CVE-2026-32288 vulnerabilities

Vulnerabilities for packages: gitlab-kas-fips, kaf, tkn, aws-flb-cloudwatch, commercial-chainloop-cli, kbld, libnvidia-container, sonobuoy, commercial-grafana, kubernetes, crossplane, mesosphere-vsphere-csi-fips, ingress-nginx-controller, traefik-fips, xeol-fips, crossplane-fips, k9s-fips, task,...

5.5CVSS6.2AI score0.0029EPSS
Exploits0
Rows per page
Query Builder