CVE-2026-49822 Fission: Cross-namespace event leakage via KubernetesWatchTrigger allows persistent tenant surveillance

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a low-privilege developer who could create a KubernetesWatchTrigger KWT in their own namespace was able to establish a persistent...

EUVD-2025-4083

Malicious code in bioql PyPI...

PT-2025-7053 · Zulip · Zulip

Name of the Vulnerable Software and Affected Versions: Zulip affected versions not specified Description: A weekly cron job in Zulip demotes channels to being "inactive" after they have not received traffic for 180 days. However, upon doing so, an event was sent to all users in the organization,...

CVE-2024-39691

matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The fix for GHSA-wm4w-7h2q-3pf7 / CVE-2024-32000 included in matrix-appservice-irc 2.0.0 relied on the Matrix homeserver-provided timestamp to determine whether a user has access to the event they're replying to when...

CVE-2023-38700

matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. Version 1.0.1n fixes this issue. As a workaround, se...

CVE-2023-38700 matrix-appservice-irc events can be crafted to leak parts of targeted messages from other bridged rooms

matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. Version 1.0.1n fixes this issue. As a workaround, se...

CVE-2020-8117

CVE-2020-8117 affects Nextcloud Server 14.0.3, involving improper preservation of permissions that leaks event details when sharing a non-public calendar event. Public references (NVD, CVE listing, SUSE, CNVD, OpenVAS/NC-SA-2020-013) confirm the issue name and description; CVSS metrics from NVD s...

Microsoft Internet Explorer 5/6 Cross-Domain Event Leakage Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9761/info Microsoft Internet Explorer is reported to be prone to an issue that may leak sensitive information across foreign domains. This issue could permit framesets in different domains to leak various events, includin...