Important: Red Hat Security Advisory: Red Hat OpenShift Pipelines Release 1.20.5

The 1.20.5 GA release of Red Hat OpenShift Pipelines Operator.. For more details see product documentation. The 1.20.5 release of Red Hat OpenShift Pipelines Operator...

Important: Red Hat Security Advisory: Red Hat OpenShift Pipelines Release 1.20.5

The 1.20.5 GA release of Red Hat OpenShift Pipelines Operator.. For more details see product documentation. The 1.20.5 release of Red Hat OpenShift Pipelines Operator...

GHSA-VP5W-XCFC-73WF Hashicorp Vault and Vault Enterprise vulnerable to a denial of service when processing JSON

Vault and Vault Enterprise "Vault" are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for +HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/76393...

CVE-2025-12044

CVE-2025-12044: Vault and Vault Enterprise are vulnerable to unauthenticated DoS when processing JSON due to a rate-limit regression from HCSEC-2025-24. Affected: Vault Community 1.20.3–1.20.4; Vault Enterprise 1.16.25–1.16.26, 1.19.9–1.19.10, 1.18.14–1.18.15. Fixed in Vault Community 1.21.0 and ...

PT-2025-43549

Name of the Vulnerable Software and Affected Versions HashiCorp Vault versions prior to 1.16.27 HashiCorp Vault Enterprise versions prior to 1.16.27 HashiCorp Vault versions prior to 1.19.11 HashiCorp Vault Enterprise versions prior to 1.19.11 HashiCorp Vault versions prior to 1.20.5 HashiCorp...

EUVD-2023-53841

Malicious code in bioql PyPI...

Temporal Server Denial of Service

Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If left unchecked, the task containing the invalid...

GHSA-WMXC-V39R-P9WF Temporal Server Denial of Service

Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If left unchecked, the task containing the invalid...

CVE-2024-2689

Summary: CVE-2024-2689 is a Temporal Server DoS affecting versions 1.20.5, 1.21.6 and 1.22.7 where an authenticated user with workflow permissions can submit an invalid UTF-8 string to trigger a crashloop, causing queue lag and eventual resource exhaustion. The logs may reveal the failing workflo...

PT-2023-31419 · Forgejo · Forgejo

Name of the Vulnerable Software and Affected Versions: Forgejo versions prior to 1.20.5-1 Description: The issue allows remote attackers to test for the existence of private user accounts by appending .rss or another extension to a URL. Recommendations: For versions prior to 1.20.5-1, update to...

PT-2023-31417 · Forgejo · Forgejo

Name of the Vulnerable Software and Affected Versions: Forgejo versions prior to 1.20.5-1 Description: The issue allows remote attackers to perform unauthorized actions due to certain endpoints not checking whether an object belongs to a repository for which permissions are being checked. This...

Incorrect Privilege Assignment

Overview std/runtime is a Go standard library package std/runtime Affected versions of this package are vulnerable to Incorrect Privilege Assignment. Go Vulnerability Report:On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be...

CVE-2022-3558 Import and export users and customers < 1.20.5 - Subscriber+ CSV Injection

The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files...

PT-2022-22908 · WordPress · Export/Import Users/Customers

Name of the Vulnerable Software and Affected Versions: Import and export users and customers WordPress plugin versions prior to 1.20.5 Description: The issue concerns the improper escaping of data when exporting it via CSV files. This could potentially lead to security issues, although specific...

CVE-2013-2031

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox...

Fedora 19 : mediawiki-1.20.5-1.fc19 (2013-7654)

Changes since 1.20.4 - bug 46590 Add hook AbortChangePassword to Special:ChangePassword - bug 47304 SECURITY: Check SVG xml encoding against whitelist - Localisation updates from http://translatewiki.net. - mwdocgen.php: Implement --version option. - Remove svnstat stuff used in Doxygen generatio...