CLEANSTART-2026-UY10441 Security fixes for CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33810, CVE-2026-39882, CVE-2026-39883, ghsa-hfvc-g4fc-pqhx, ghsa-w8rr-5gcm-pp58 applied in versions: 0.36.0-r0, 0.36.0-r1

Multiple security vulnerabilities affect the grafana-rollout-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the Rotate function. An attacker can escalate privileges and access sensitive information by submitting a sealed secret with manipulated spec.template.metadata.annotations, allowing the output to be resealed wi...

Flux-Operator security vulnerabilities

Flux-Operator is a lifecycle management software developed by ControlPlane Enterprise for Flux CD. Versions of Flux-Operator from 0.36.0 to 0.40.0 contained security vulnerabilities. These vulnerabilities stemmed from the Web UI authentication code not verifying whether the generated username and...

EUVD-2017-0017

Malware in sbrugna...

EUVD-2022-3638

Malicious code in bioql PyPI...

EUVD-2022-7106

Malicious code in bioql PyPI...

EUVD-2025-7180

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-35186

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gitoxide is a pure Rust implementation of Git. During checkout, gix-worktree-state does not verify that paths point to locations in the working tree. A speciall...

CVE-2022-3971

A vulnerability was found in matrix-appservice-irc up to 0.35.1. It has been declared as critical. This vulnerability affects unknown code of the file src/datastore/postgres/PgDataStore.ts. The manipulation of the argument roomIds leads to sql injection. Upgrading to version 0.36.0 is able to...

CVE-2022-39354

SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the isstatic parameter to determine if the call is executed in a static context via STATICCALL, and thus decide if stateful operations should be done. Prior to version 0.36.0, th...

Redlib allows a Denial of Service via DEFLATE Decompression Bomb in restore_preferences Form

A vulnerability has been identified in Redlib where an attacker can cause a denial-of-service DOS condition by submitting a specially crafted base2048-encoded DEFLATE decompression bomb to the restorepreferences form. This leads to excessive memory consumption and potential system instability,...

CVE-2025-30160

Redlib is an alternative private front-end to Reddit. A vulnerability has been identified in Redlib where an attacker can cause a denial-of-service DOS condition by submitting a specially crafted base2048-encoded DEFLATE decompression bomb to the restorepreferences form. This leads to excessive...

CVE-2025-30160 Redlib allows a Denial of Service via DEFLATE Decompression Bomb in restore_preferences Form

Redlib is an alternative private front-end to Reddit. A vulnerability has been identified in Redlib where an attacker can cause a denial-of-service DOS condition by submitting a specially crafted base2048-encoded DEFLATE decompression bomb to the restorepreferences form. This leads to excessive...

PT-2025-12367

Name of the Vulnerable Software and Affected Versions Redlib versions prior to 0.36.0 Description A denial-of-service condition can be triggered by submitting a specially crafted base2048-encoded DEFLATE decompression bomb to the restore preferences form, leading to excessive memory consumption a...

Redlib 代码问题漏洞

Redlib is a private front-end for Reddit open-sourced by Redlib. A code issue vulnerability exists in Redlib versions prior to 0.36.0 that stems from an attacker being able to cause a denial of service by submitting a specially crafted base2048-encoded DEFLATE decompression bomb that consumes a...

CVE-2024-35186

gitoxide is a pure Rust implementation of Git. During checkout, gix-worktree-state does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of...

OPENSUSE-SU-2024:13987-1 gitoxide-0.36.0-1.1 on GA media

These are all security issues fixed in the gitoxide-0.36.0-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2024-35186

gitoxide is a pure Rust implementation of Git. During checkout, gix-worktree-state does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of...

DEBIAN-CVE-2024-35186

gitoxide is a pure Rust implementation of Git. During checkout, gix-worktree-state does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of...

UBUNTU-CVE-2024-35186

gitoxide is a pure Rust implementation of Git. During checkout, gix-worktree-state does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. This vulnerability leads to a major loss of...