1710 matches found
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the podGCFromPod function when parsing the workflows.argoproj.io/pod-gc-strategy annotation. An attacker can cause the controller process to crash and enter a persistent crash loop by creating a...
EUVD-2026-25267
Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows Controller...
Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows Controller
Summary An unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed workflows.argoproj.io/pod-gc-strategy annotation. Because the panic occurs inside an informer goroutine outside the controller's recover scope, it...
GHSA-5JV8-H7QH-RF5P Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows Controller
Summary An unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed workflows.argoproj.io/pod-gc-strategy annotation. Because the panic occurs inside an informer goroutine outside the controller's recover scope, it...
CVE-2026-40886
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed...
CVE-2026-40886 Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows controller
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed...
CVE-2026-40886 Argo Workflows: Unchecked annotation parsing in pod informer crashes Argo Workflows controller
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed...
CVE-2026-40886
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod function causes a controller-wide panic when a workflow pod carries a malformed...
CVE-2026-40886
The CVE describes an unchecked array index in Argo Workflows’ pod informer, specifically in podGCFromPod(), which can cause a controller-wide panic when a workflow pod has a malformed workflows.argoproj.io/pod-gc-strategy annotation. Affected versions span 3.6.5 through 4.0.4, with the panic occu...
br.com.archbase:archbase-annotation-processor (>=2.0.0 <=2.1.17), br.com.archbase:archbase-app-framework (>=2.0.0 <=2.1.17) +1579 more potentially affected by CVE-2026-22751 via org.springframework.security:spring-security-core (>=6.5.0 <=6.5.1)
org.springframework.security:spring-security-core MAVEN version =6.5.0, =2.0.0, =2.0.0, =2.0.0, =2.0.1, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.1.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.1.17 and more Source cves: CVE-2026-22751 Source advisory: OSV:GHSA-X2WQ-9X2F-FHJ7...
Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007051)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007051 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/bridge: tpd12s015: Drop buggy exit annotation for remove function With tpd12s015remove marked...
EUVD-2026-23293
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a JDBC parameter blocklist bypass vulnerability in the MySQL datasource configuration. The Mysql class uses Lombok's @Data annotation, which auto-generates a public setter for the...
CLSA-2026-1775817651 poppler: Fix of CVE-2025-52886
CVE-2025-52886: limit amount of annotations per document/page to prevent use-after-free via reference count overflow...
EUVD-2026-17753
The application does not validate the presence of required appearance AP data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a...
CVE-2026-3776
The application does not validate the presence of required appearance AP data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a...
CVE-2026-3776 Null pointer dereference in Foxit PDF Editor/Reader when accessing stamp annotation
The application does not validate the presence of required appearance AP data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a...
CVE-2026-3776 Null pointer dereference in Foxit PDF Editor/Reader when accessing stamp annotation
The application does not validate the presence of required appearance AP data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a...
CVE-2026-3776
CVE-2026-3776 is a null pointer dereference in Foxit PDF Editor/Reader when handling stamp annotations that lack appearance (AP) data. The affected code dereferences the related object without checking for null/valid AP data, allowing a crafted PDF to crash the application and cause a denial of s...
PT-2026-29436
The application does not validate the presence of required appearance AP data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a...
EUVD-2026-17042
Ghidra versions prior to 12.0.3 improperly process annotation directives embedded in automatically extracted binary data, resulting in arbitrary command execution when an analyst interacts with the UI. Specifically, the @execute annotation which is intended for trusted, user-authored comments is...