yoke 访问控制错误漏洞

Yoke is a Kubernetes package management tool developed by YokeCD. Versions of Yoke prior to 0.19.0 contained an access control vulnerability. This vulnerability stemmed from the lack of proper authentication mechanisms in the Webhook endpoints of the Air Traffic Controller component, allowing any...

Dell iDRAC Service Module 访问控制错误漏洞

The Dell iDRAC Service Module is a lightweight software module developed by the American company Dell. It is designed to enhance the functionality of iDRAC Integrated Dell Remote Access Controller on Dell PowerEdge servers. There were access control vulnerabilities in versions of the Dell iDRAC...

PT-2026-7905

Name of the Vulnerable Software and Affected Versions Yoke versions 0.18.x and earlier Description The Air Traffic Controller ATC component of Yoke lacks proper authentication mechanisms for its webhook endpoints. This allows any pod within the cluster network to send AdmissionReview requests...

PT-2026-7906

Name of the Vulnerable Software and Affected Versions Yoke versions 0.19.0 and earlier Description Yoke's Air Traffic Controller ATC component contains a flaw that allows users with Custom Resource CR create/update permissions to execute arbitrary WASM code. This is achieved by injecting a...

Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes Ingress Controller security vulnerabilities (CVE-2026-24513, CVE-2026-1580, CVE-2026-24514, CVE-2026-24512)

Summary IBM Cloud Kubernetes Service is affected by multiple Kubernetes Ingress Controller security vulnerabilities. - A user with access to create or update Ingress objects can use the rules.http.paths.path Ingress field to inject configuration into nginx CVE-2026-24512 - The...

CVE-2025-24851

Uncaught exception in the firmware for some 100GbE IntelR Ethernet Controller E810 before version cvl fw 1.7.8.x within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable denial of service. This...

CVE-2026-24885

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a Cross-Site Request Forgery CSRF vulnerability exists in the ProjectPermissionController within the Kanboard application. The application fails to strictly enforce the application/json Content-Type for the...

CVE-2026-24885 Kanboard Affected by Cross-Site Request Forgery (CSRF) via Content-Type Misconfiguration in Project Role Assignment

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a Cross-Site Request Forgery CSRF vulnerability exists in the ProjectPermissionController within the Kanboard application. The application fails to strictly enforce the application/json Content-Type for the...

CVE-2025-27243

Summary of CVE-2025-27243 : An out-of-bounds write in the firmware for some Intel(R) Ethernet Controller E810, prior to firmware cvl fw 1.7.8.x, can cause a denial of service. The impact is limited to availability with no confidentiality or integrity effects, but the attack is local and requires ...

CVE-2025-27243

Out-of-bounds write in the firmware for some IntelR Ethernet Controller E810 before version cvl fw 1.7.8.x within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable denial of service. This result m...

CVE-2025-27243

Out-of-bounds write in the firmware for some IntelR Ethernet Controller E810 before version cvl fw 1.7.8.x within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable denial of service. This result m...

CVE-2025-24851

Uncaught exception in the firmware for some 100GbE IntelR Ethernet Controller E810 before version cvl fw 1.7.8.x within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable denial of service. This...

CVE-2025-24851

CVE-2025-24851 affects Intel Ethernet Controller E810 100GbE firmware (cvl fw 1.7.8.x and earlier) running Ring 0 Bare Metal OS. The issue is an uncaught exception that may allow a local, privileged attacker with low complexity and no user interaction to cause denial of service, impacting availab...

CVE-2025-24851

Uncaught exception in the firmware for some 100GbE IntelR Ethernet Controller E810 before version cvl fw 1.7.8.x within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable denial of service. This...

GHSA-8JVR-VH7G-F8GX vulnerabilities

Vulnerabilities for packages: go-spdk-helper-fips, hcl2json-fips, prometheus-mysqld-exporter-fips, gitlab-runner, kube-logging-operator-custom-runner, oras, kubo, litefs, crossplane-provider-gitlab-fips, nri-mysql, k8s-agents-operator, kyverno-policy-reporter-plugins-trivy-fips, rancher-machine,...

BIT-NGINX-INGRESS-CONTROLLER-2025-15566 ingress-nginx auth-proxy-set-headers nginx configuration injection

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...

CVE-2026-1722

The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is due to the plugin not implementing authorization checks in the wcfm-refund-requests-form AJAX controller. This...

kernel: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix NULL pointer dereferences in nvmettcpbuildpduiovec Commit efa56305908b "nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length" added ttag bounds checking and dataoffset validation in...

CVE-2026-2201

A security vulnerability has been detected in ZeroWdd studentmanager up to 2151560fc0a50ec00426785ec1e01a3763b380d9. This impacts the function addLeave of the file src/main/java/com/wdd/studentmanager/controller/LeaveController.java. The manipulation of the argument Reason for Leave leads to cros...

CVE-2026-2190

A security flaw has been discovered in itsourcecode School Management System 1.0. This impacts an unknown function of the file /ramonsys/user/controller.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been released to the...