12 matches found
CVE-2026-55226
When deploying only the Topic Operator or only the User Operator via the Kafka custom resource, the Entity Operator's ServiceAccount retains RBAC rights for both operators rather than scoping permissions to the one actually deployed. This allows the ServiceAccount to access KafkaUser custom...
PT-2026-50541
Impact When only the Topic or only the User operators are deployed as part of the Entity Operator in the Kafka custom resource, the RBAC rights are not following the principle of least-privilege and the Entity Operator ServiceAccount still has access rights corresponding to both operators. That...
PT-2026-50540
Impact Having the Topic and User operators to watch different namespaces than the one where the Kafka cluster is deployed, is a fully documented feature. When the watchedNamespace field is used within the Topic or User operator as part of the Kafka.spec.entityOperator field, the Cluster Operator...
CVE-2025-55226 Graphics Kernel Remote Code Execution Vulnerability
...
CVE-2025-55226 Graphics Kernel Remote Code Execution Vulnerability
...
CVE-2025-55226
creationtimestamp| type| source ---|---|--- 2025-09-09 16:22:30+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2025-0277 2025-09-09 17:06:15+00:00| seen| https://www.thezdi.com/blog/2025/9/9/the-september-2025-security-update-review...
CVE-2024-55226
creationtimestamp| type| source ---|---|--- 2025-01-09 21:15:37+00:00| seen| https://infosec.exchange/users/cve/statuses/113800468050519291 2025-01-09 21:16:55+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfdlzqb5m72m 2025-01-09 22:47:58+00:00| seen|...
CVE-2024-55226
Vaultwarden v1.32.5 was discovered to contain an authenticated reflected cross-site scripting XSS vulnerability via the component /api/core/mod.rs...
CVE-2024-55226
Vaultwarden v1.32.5 was discovered to contain an authenticated reflected cross-site scripting XSS vulnerability via the component /api/core/mod.rs...
CVE-2024-55226
Vaultwarden v1.32.5 was discovered to contain an authenticated reflected cross-site scripting XSS vulnerability via the component /api/core/mod.rs...
CVE-2024-55226
Vaultwarden v1.32.5 was discovered to contain an authenticated reflected cross-site scripting XSS vulnerability via the component /api/core/mod.rs...
CVE-2024-55226
Vaultwarden v1.32.5 is affected by an authenticated reflected XSS via the /api/core/mod.rs component. The CVE-2024-55226 entry has a CVSS v3.1 base score of 5.4 (Network, Low attack complexity, Privileges Required: Low, User Interaction: Required; Confidentiality/Integrity Low, Availability None)...