CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1063 matches found

Packet Storm News•added 2025/04/20 12:0 a.m.•1 views

Decoupling Identity from Access: Credential Broker Patterns for Secure CI/CD

Credential brokers offer a way to separate identity from access in CI/CD systems. This paper shows how verifiable identities issued at runtime, such as those from SPIFFE, can be used with brokers to enable short-lived, policy-driven credentials for pipelines and workloads. We walk through practic...

6.9AI score

Exploits0

hivepro•added 2025/04/18 2:19 p.m.•3 views

You Can’t Secure What You Can’t See: The Real Pain CAASM Solves

Running short on time but still want to stay in the know? Well, we’ve got you covered! We’ve condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. Click right here to hear it all! Let’s cut through the marketing haze for a moment. There’s a reas...

7AI score

Exploits0

Imperva Blog•added 2025/04/17 11:7 p.m.•9 views

The Future of SSL Certificate Management: Adapting to Shortened Renewal Periods

The industry is evolving yet again. With the CA/Browser Forum's recent decision to reduce the maximum SSL/TLS certificate lifecycle to 47 days by 2029, the way organizations manage their certificates is going to change significantly—and sooner than most realize. This update builds on the trend of...

7.1AI score

Exploits0

OSV•added 2025/04/14 10:57 a.m.•16 views

BIT-ARGO-WORKFLOWS-2024-53862 Argo Workflows Allows Access to Archived Workflows with Fake Token in `client` mode

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using --auth-mode=client, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: /api/v1/workflows/namespace/name or when using...

7.5CVSS6AI score0.00638EPSS

Exploits1References3

RedhatCVE•added 2025/04/12 3:7 a.m.•21 views

CVE-2025-26479

Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an out-of-bounds write vulnerability. An attacker could potentially exploit this vulnerability in NFS workflows, leading to data integrity issues...

3.1CVSS7.2AI score0.00215EPSS

Exploits0References3

OSV•added 2025/04/10 3:15 a.m.•1 views

CVE-2025-26479

3.1CVSS5.8AI score0.00215EPSS

Exploits0References1

NVD•added 2025/04/10 3:15 a.m.•10 views

CVE-2025-26479

3.1CVSS0.00215EPSS

Exploits0References1

Vulnrichment•added 2025/04/10 2:32 a.m.•8 views

CVE-2025-26479

3.1CVSS6.9AI score0.00215EPSS

Exploits0References1

CVE•added 2025/04/10 2:32 a.m.•62 views

CVE-2025-26479

Dell PowerScale OneFS contains an out-of-bounds write vulnerability affecting versions 9.4.0.0 through 9.10.0.0, exploitable via NFS workflows and potentially causing data integrity issues. The issue stems from an application boundary error when processing untrusted input. Public references consi...

3.1CVSS4.1AI score0.00215EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2025/04/07 12:0 a.m.•2 views

PT-2025-15890 · Dell · Dell Powerscale Onefs

Name of the Vulnerable Software and Affected Versions: Dell PowerScale OneFS versions 9.4.0.0 through 9.10.0.0 Description: The issue is an out-of-bounds write vulnerability that could be exploited by an attacker in NFS workflows, potentially leading to data integrity issues. Recommendations: For...

3.1CVSS6.1AI score0.00215EPSS

Exploits0References9

CVE•added 2025/04/04 12:0 a.m.•67 views

CVE-2025-32111

CVE-2025-32111 affects the acme.sh Docker image built from a .github/workflows/dockerhub.yml workflow. The root cause is that actions/checkout lacked persist-credentials: false, potentially exposing credentials. The provided metrics indicate high impact (CVSS 3.1: AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/...

8.7CVSS7.2AI score0.00335EPSS

Exploits0References3

Microsoft Secure•added 2025/03/31 4:0 p.m.•13 views

Analyzing open-source bootloaders: Finding vulnerabilities faster with AI

By leveraging Microsoft Security Copilot to expedite the vulnerability discovery process, Microsoft Threat Intelligence uncovered several vulnerabilities in multiple open-source bootloaders, impacting all operating systems relying on Unified Extensible Firmware Interface UEFI Secure Boot as well ...

8.8CVSS8.7AI score0.01284EPSS

Exploits2