58911 matches found
CVE-2025-71373 picklescan - Remote Code Execution via operator.methodcaller Detection Bypass
picklescan before 0.0.33 fails to detect operator.methodcaller function calls in pickle files, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle payloads using operator.methodcaller that execute arbitrary code when loaded, compromising systems relying on...
EUVD-2025-210421
picklescan before 0.0.34 fails to detect operator.attrgetter function calls in pickle payloads, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using operator.attrgetter in reduce methods to execute arbitrary code when pickle.load processes the file...
CVE-2025-71367
picklescan before 0.0.34 fails to detect operator.attrgetter function calls in pickle payloads, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using operator.attrgetter in reduce methods to execute arbitrary code when pickle.load processes the file...
CVE-2025-71367 picklescan - Remote Code Execution via _operator.attrgetter Detection Bypass
picklescan before 0.0.34 fails to detect operator.attrgetter function calls in pickle payloads, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using operator.attrgetter in reduce methods to execute arbitrary code when pickle.load processes the file...
CVE-2025-71367
CVE-2025-71367 affects picklescan before 0.0.34. The root cause is a failure to detect _operator.attrgetter calls inside pickle payloads, allowing remote attackers to craft malicious pickle files using _operator.attrgetter in reduce methods and achieve arbitrary code execution when pickle.load() ...
CVE-2026-44162 vulnerabilities
Vulnerabilities for packages: kube-logging-operator...
GHSA-XV9W-7V6Q-HPJH vulnerabilities
Vulnerabilities for packages: kube-logging-operator...
GHSA-Q675-QJ96-32M9 vulnerabilities
Vulnerabilities for packages: seaweedfs, seaweedfs-operator-fips, seaweedfs-fips, seaweedfs-rocksdb, seaweedfs-rocksdb-fips, seaweedfs-operator, gitlab-workhorse-ce...
CVE-2026-44162 vulnerabilities
Vulnerabilities for packages: kube-logging-operator...
GHSA-XV9W-7V6Q-HPJH vulnerabilities
Vulnerabilities for packages: kube-logging-operator...
CVE-2026-11769
A flaw was found in the Grafana Operator. This vulnerability allows a malicious user, who can create Dashboard or LibraryPanel resources for a Grafana instance, to exploit a path traversal issue within the jsonnet data templating language. This exploitation can lead to privilege escalation and...
GHSA-XR4F-MJXJ-W6W5 OpenClaw: Non-owner chat senders could issue device-pairing bootstrap codes
Summary The bundled device-pair plugin exposed /pair on normal chat command surfaces. In affected releases, authorized non-owner chat senders could issue device-pairing bootstrap codes without having owner, admin, or pairing scope. This issue does not affect unauthenticated users. The caller must...
GHSA-QJPC-QF9M-XWMR OpenClaw: Trusted-proxy Control UI WebSocket accepted client-declared scopes before pairing
Summary In trusted-proxy Control UI mode, OpenClaw accepted a WebSocket client's declared operator scopes before those scopes were bound to a server-approved pairing or trusted-proxy authorization baseline. This issue affects trusted-proxy Control UI deployments. It does not apply to shared-secre...
GHSA-83W9-H5WV-J9XM OpenClaw: Node pairing reconnection could confuse approval scope state
Summary Node pairing reconnection could confuse approval scope state. In affected versions, a paired or reconnecting node session could mutate pairing state in a way that changed the approval scope decision. This advisory is scoped to the named feature and configuration. It does not change...
GHSA-P2FH-F5FC-44HR OpenClaw: memory-wiki ingest could read local files with operator.write scope
Summary memory-wiki ingest could read local files with operator.write scope. In affected versions, a Gateway caller with operator.write access to the plugin tool could read arbitrary local file paths instead of staying within the intended ingest sources. This advisory is scoped to the named featu...
GHSA-9R4W-JG96-92MV vulnerabilities
Vulnerabilities for packages: teleport-operator-fips, teleport, tbot...
GHSA-8XWF-RJM4-XVHV vulnerabilities
Vulnerabilities for packages: kubescape-operator-fips, opentofu-fips, envoy-gateway-fips, opentofu, ratify-fips, kgateway, rancher, tw, chaos-mesh, cert-manager-cmctl-fips, kargo, k8ssandra-client-fips, falcoctl, vcluster-fips, kube-mgmt-fips, kube-arangodb, kubescape-server-fips, cloudbeat-fips,...
GHSA-XF85-363P-868W vulnerabilities
Vulnerabilities for packages: kubescape-operator-fips, opentofu-fips, envoy-gateway-fips, opentofu, ratify-fips, kgateway, rancher, tw, chaos-mesh, cert-manager-cmctl-fips, kargo, k8ssandra-client-fips, falcoctl, vcluster-fips, kube-mgmt-fips, kube-arangodb, kubescape-server-fips, cloudbeat-fips,...
CVE-2026-50162 vulnerabilities
Vulnerabilities for packages: kubescape-operator-fips, opentofu-fips, envoy-gateway-fips, opentofu, ratify-fips, kgateway, rancher, tw, chaos-mesh, cert-manager-cmctl-fips, kargo, k8ssandra-client-fips, falcoctl, vcluster-fips, kube-mgmt-fips, kube-arangodb, kubescape-server-fips, cloudbeat-fips,...
GHSA-VH4V-2XQ2-G5CG vulnerabilities
Vulnerabilities for packages: kubescape-operator-fips, opentofu-fips, envoy-gateway-fips, opentofu, ratify-fips, kgateway, rancher, tw, chaos-mesh, cert-manager-cmctl-fips, kargo, k8ssandra-client-fips, falcoctl, vcluster-fips, kube-mgmt-fips, kube-arangodb, kubescape-server-fips, cloudbeat-fips,...