37 matches found
EUVD-2026-39512
K3s: ZIP Archive Path Traversal Vulnerability in etcd Snapshot Decompression...
CVE-2026-54250
K3s is a fully conformant production-ready Kubernetes distribution. Prior to 1.35.3+k3s1, 1.34.6+k3s1, v1.33.10+k3s1, a path traversal vulnerability exists in K3s's etcd snapshot decompression functionality. Zip files containing archive members with maliciously crafted names can be written to...
PT-2026-52538
Name of the Vulnerable Software and Affected Versions K3s versions prior to 1.35.3+k3s1 K3s versions prior to 1.34.6+k3s1 K3s versions prior to 1.33.10+k3s1 Description A path traversal issue exists in the etcd snapshot decompression functionality. This occurs when an administrator restores a...
CLEANSTART-2026-UW03847 Security fixes for CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-68119, CVE-2026-24051, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33186, CVE-2026-33810, CVE-2026-35469, CVE-2026-39883, ghsa-9h8m-3fm2-qjrq, ghsa-p77j-4mvh-x3m3, ghsa-pc3f-x583-g7j2 applied in versions: 1.34.2-r0, 1.35.0-r0, 1.35.3-r0, 1.35.3-r1, 1.35.3-r2
Multiple security vulnerabilities affect the kubernetes package. These issues are resolved in later releases. See references for individual vulnerability details...
agentiq-semantic-kernel (>=1.0.0 <=1.1.0a20250428), aiqtoolkit-semantic-kernel (>=1.1.0 <=1.2.0rc4) +4 more potentially affected by CVE-2026-26030 via semantic-kernel (>=1.0.0rc1 <=1.35.3)
semantic-kernel PYPI version =1.0.0rc1, =1.0.0, =1.1.0, =0.1.1, =0.2.0, =1.2.0, =0.0.1, =0.0.4 Source cves: CVE-2026-26030 Source advisory: SNYK:PYTHON-SEMANTICKERNEL-15323118...
CVE-2026-26012
CVE-2026-26012 affects vaultwarden (unofficial Bitwarden server in Rust). Prior to 1.35.3, a regular organization member could retrieve all ciphers within an organization via the /ciphers/organization-details endpoint, which internally uses Cipher::find_by_org and returns ciphers with CipherSyncT...
PT-2026-7721
Name of the Vulnerable Software and Affected Versions vaultwarden versions prior to 1.35.3 Description vaultwarden, an unofficial Bitwarden compatible server written in Rust, previously known as bitwarden rs, had a flaw where a standard organization member could access all ciphers within an...
Vaultwarden 安全漏洞
Vaultwarden is an alternative implementation of the Bitwarden server API, developed by Daniel García using Rust. Versions of Vaultwarden prior to 1.35.3 contained a security vulnerability. This vulnerability stemmed from improper access control for endpoints, ciphers, and organization-details,...
CVE-2025-66460
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, Lookyloo passed improperly escaped values to cells rendered in datatables using the orthogonal-data feature. It is definitely exploitable from the popu...
CVE-2025-66459
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, a XSS vulnerability can be triggered when a user submits a list of URLs to capture, one of them contains a HTML element, and the capture fails. Then, t...
CVE-2025-66460
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, Lookyloo passed improperly escaped values to cells rendered in datatables using the orthogonal-data feature. It is definitely exploitable from the popu...
CVE-2025-66459
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, a XSS vulnerability can be triggered when a user submits a list of URLs to capture, one of them contains a HTML element, and the capture fails. Then, t...
CVE-2025-66458
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, there are multiple XSS due to unsafe use of f-strings in Markup. The issue requires a malicious 3rd party server responding with a JSON document...
CVE-2025-66460 Lookyloo vulnerable to XSS due to lack of escaping in HTML elements passed to Datatables
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, Lookyloo passed improperly escaped values to cells rendered in datatables using the orthogonal-data feature. It is definitely exploitable from the popu...
CVE-2025-66460 Lookyloo vulnerable to XSS due to lack of escaping in HTML elements passed to Datatables
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, Lookyloo passed improperly escaped values to cells rendered in datatables using the orthogonal-data feature. It is definitely exploitable from the popu...
CVE-2025-66459 Lookyloo vulnerable to XSS due to unescaped error message passed to innerHTML
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, a XSS vulnerability can be triggered when a user submits a list of URLs to capture, one of them contains a HTML element, and the capture fails. Then, t...
CVE-2025-66459 Lookyloo vulnerable to XSS due to unescaped error message passed to innerHTML
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, a XSS vulnerability can be triggered when a user submits a list of URLs to capture, one of them contains a HTML element, and the capture fails. Then, t...
EUVD-2025-200304
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, a XSS vulnerability can be triggered when a user submits a list of URLs to capture, one of them contains a HTML element, and the capture fails. Then, t...
CVE-2025-66459
CVE-2025-66459 affects Lookyloo prior to version 1.35.3. The vulnerability is an XSS caused by unescaped/error message content that is propagated to innerHTML when a capture fails and the list of URLs includes an HTML element. Multiple connected sources (NVD, Red Hat, CVE list, OSV, CNNVD, etc.) ...
CVE-2025-66459 Lookyloo vulnerable to XSS due to unescaped error message passed to innerHTML
Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, a XSS vulnerability can be triggered when a user submits a list of URLs to capture, one of them contains a HTML element, and the capture fails. Then, t...