CLEANSTART-2026-UW03847 Security fixes for CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-68119, CVE-2026-24051, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33186, CVE-2026-33810, CVE-2026-35469, CVE-2026-39883, ghsa-9h8m-3fm2-qjrq, ghsa-p77j-4mvh-x3m3, ghsa-pc3f-x583-g7j2 applied in versions: 1.34.2-r0, 1.35.0-r0, 1.35.3-r0, 1.35.3-r1, 1.35.3-r2

Multiple security vulnerabilities affect the kubernetes package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-CZ42417 Security fixes for CVE-2026-25679, CVE-2026-27139, CVE-2026-27142 applied in versions: 1.35.0-r0

Multiple security vulnerabilities affect the kubernetes-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-RD43272 Security fixes for CVE-2026-25679, CVE-2026-27139, CVE-2026-27142 applied in versions: 1.35.0-r0

Multiple security vulnerabilities affect the kubernetes-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-RZ88142 Security fixes for CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501 applied in versions: 1.35.0-r0, 1.35.4-r0

Multiple security vulnerabilities affect the kubernetes-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the cani callback, which issues SubjectAccessReview requests without enforcing context-aware allow-lists. An attacker can obtain information about RBAC permissions of any user or service account across the...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the cani callback, which issues SubjectAccessReview requests without enforcing context-aware allow-lists. An attacker can obtain information about RBAC permissions of any user or service account across the...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the cani callback, which issues SubjectAccessReview requests without enforcing context-aware allow-lists. An attacker can obtain information about RBAC permissions of any user or service account across the...

CVE-2026-32277

Connect-CMS is a content management system. In versions 1.35.0 through 1.41.0 and 2.35.0 through 2.41.0, a DOM-based Cross-Site Scripting XSS issue exists in the Cabinet Plugin list view. Versions 1.41.1 and 2.41.1 contain a patch...

CVE-2026-32277

Summary: CVE-2026-32277 affects Connect-CMS Cabinet Plugin list view with a DOM-based XSS. Affected versions: 1.x series >= 1.35.0 and = 2.35.0 and

PT-2026-27229

Security Advisory — Cabinet Plugin DOM-based XSS Summary A DOM-based Cross-Site Scripting XSS issue exists in the Cabinet Plugin list view. Affected Versions - 1.x series: = 1.35.0, = 2.35.0, = 2.41.0 Patched Versions - 1.41.1 - 2.41.1 Description In the Cabinet Plugin list view, DOM-based...

OpenSource-WorkShop Connect-CMS 跨站脚本漏洞

OpenSource-WorkShop Connect-CMS is a content management system developed by the OpenSource-WorkShop company, designed for easy website creation. Versions 1.35.0 to 1.41.0 and 2.35.0 to 2.41.0 of OpenSource-WorkShop Connect-CMS contain cross-site scripting vulnerabilities. These vulnerabilities st...

CVE-2026-27801

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Vaultwarden versions 1.34.3 and prior are susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a user’s account can exploit this bypass ...

CVE-2026-27801 Vaultwarden: 2FA Bypass on Protected Actions due to Faulty Rate Limit Enforcement

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Vaultwarden versions 1.34.3 and prior are susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a user’s account can exploit this bypass ...

CVE-2026-27801 Vaultwarden: 2FA Bypass on Protected Actions due to Faulty Rate Limit Enforcement

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Vaultwarden versions 1.34.3 and prior are susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a user’s account can exploit this bypass ...

CVE-2026-26157 affecting package busybox for versions less than 1.35.0-17

CVE-2026-26157 affecting package busybox for versions less than 1.35.0-17. A patched version of the package is available...

AZL-77606 CVE-2026-26158 affecting package busybox for versions less than 1.35.0-17

A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to...

CVE-2022-4904 affecting package grpc 1.35.0-9

CVE-2022-4904 affecting package grpc 1.35.0-9. No patch is available currently...

CVE-2024-48909

SpiceDB is an open source database for scalably storing and querying fine-grained authorization data. Starting in version 1.35.0 and prior to version 1.37.1, clients that have enabled LookupResources2 and have caveats in the evaluation path for their requests can return a permissionship of...

GHSA-3C32-4HQ9-6WGJ SpiceDB calls to LookupResources using LookupResources2 with caveats may return context is missing when it is not

Impact Clients that have enabled LookupResources2 and have caveats in the evaluation path for their requests can return a permissionship of CONDITIONAL with context marked as missing, even then the context was supplied. LookupResources2 is the new default in SpiceDB 1.37.0 and has been opt-in sin...

CVE-2024-48909 SpiceDB calls to LookupResources using LookupResources2 with caveats may return context is missing when it is not

SpiceDB is an open source database for scalably storing and querying fine-grained authorization data. Starting in version 1.35.0 and prior to version 1.37.1, clients that have enabled LookupResources2 and have caveats in the evaluation path for their requests can return a permissionship of...