CVE-2026-10609

A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...

GHSA-4Q63-MR2M-57HF vulnerabilities

Vulnerabilities for packages: virt-operator-fips, virt-controller-fips...

GHSA-25MH-HP8X-CGRV vulnerabilities

Vulnerabilities for packages: virt-operator-fips, virt-controller-fips...

CVE-2024-33394 vulnerabilities

Vulnerabilities for packages: virt-operator-fips, virt-controller-fips...

GHSA-VJHF-6XFR-5P9G vulnerabilities

Vulnerabilities for packages: virt-operator-fips, virt-controller-fips...

CVE-2025-14525 vulnerabilities

Vulnerabilities for packages: virt-operator-fips, virt-controller-fips...

CVE-2024-31420 vulnerabilities

Vulnerabilities for packages: virt-operator-fips, virt-controller-fips...

GHSA-RJFV-PJVX-MJGV vulnerabilities

Vulnerabilities for packages: aws-load-balancer-controller, aws-load-balancer-controller-fips...

GHSA-XHF5-7WJV-PQXP vulnerabilities

Vulnerabilities for packages: trivy, kgateway, newrelic-infrastructure-agent, helm-operator-fips, spegel-fips, grype, chaos-mesh-fips, k9s, grype-fips, skaffold-fips, helm-operator, kube-arangodb, scorecard, kots, trivy-fips, newrelic-infrastructure-agent-fips, docker-compose-fips,...

GHSA-5WRP-CWCJ-Q835 vulnerabilities

Vulnerabilities for packages: kgateway, kiali, gitlab-pages-fips, crossplane-fips, dapr, cloud-provider-azure-fips, ansible-operator-fips, boring-registry, gitlab-operator-fips, kots, aws-iam-authenticator, docker-compose-fips, azurefile-csi-fips, cluster-api-azure-controller-fips, gitlab-cng-fip...

CVE-2026-41178 vulnerabilities

Vulnerabilities for packages: kgateway, kiali, gitlab-pages-fips, crossplane-fips, dapr, cloud-provider-azure-fips, ansible-operator-fips, boring-registry, gitlab-operator-fips, kots, aws-iam-authenticator, docker-compose-fips, azurefile-csi-fips, cluster-api-azure-controller-fips, gitlab-cng-fip...

WCFM WooCommerce Multivendor Marketplace < 3.4.12 - SQL Injection

The wcfmajaxcontroller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections. id: CVE-2021-24849 info: name: WCFM...

Progress ShareFile Storage Zones Controller - Authentication Bypass

Customer Managed ShareFile Storage Zones Controller SZC contains an authentication bypass Execution After Redirect that allows unauthenticated attackers to access restricted configuration pages. This leads to changing system configuration and potential remote code execution. id: CVE-2026-2699 inf...

Joomla! Component Jstore - 'Controller' Local File Inclusion

A directory traversal vulnerability in Jstore comjstore component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-5286 info: name: Joomla! Component Jstore - 'Controller...

Aquatronica Controller System <= 5.1.6 - Information Disclosure

Aquatronica Controller System firmware 5.1.6 and earlier and web interface 2.0 and earlier contain an information disclosure vulnerability caused by unauthenticated access to tcp.php endpoint, letting remote attackers retrieve sensitive configuration data including plaintext credentials, exploit...

Citrix SD-WAN Center - Remote Command Injection

Citrix SD-WAN Center is susceptible to remote command injection via the ping function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through t...

PT-2026-51642

Name of the Vulnerable Software and Affected Versions Snipe-IT affected versions not specified Description An authorization bypass exists in the BulkAssetsController::update function. The system accepts the company id variable directly from user input without utilizing the standard company-scopin...

kernel: can: isotp: fix tx.buf use-after-free in isotp_sendmsg()

A flaw was found in the Linux kernel's Controller Area Network CAN ISO-TP isotp module. This vulnerability, known as a use-after-free, occurs when the system attempts to free a memory region while it is still being used. A local attacker could trigger this condition by sending a signal that...

Citrix SD-WAN Center - Local File Inclusion

Citrix SD-WAN Center is susceptible to local file inclusion via the applianceSettingsFileTransfer function in ApplianceSettingsController. The function does not sufficiently validate or sanitize HTTP request parameter values used to construct a file system path. An attacker can trigger this...

Citrix SD-WAN Center - Remote Command Injection

Citrix SD-WAN Center is susceptible to remote command injection via the apply action in StorageMgmtController. The callStoragePerl function does not sufficiently validate or sanitize HTTP request parameter values that are used to construct a shell command. An attacker can trigger this vulnerabili...