Lucene search
K

9 matches found

NVD
NVD
added 2026/04/09 9:16 p.m.3 views

CVE-2026-40109

Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any...

3.1CVSS0.00127EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/09 9:6 p.m.22 views

CVE-2026-40109 Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering

Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any...

3.1CVSS0.00127EPSS
Exploits0References3
CVE
CVE
added 2025/12/04 10:4 p.m.51 views

CVE-2025-66506

CVE-2025-66506 affects Fulcio prior to 1.8.3. The identity.extractIssuerURL function splits the untrusted OIDC identity token on periods, which can incur O(n) memory allocations when receiving tokens with many dots. This could lead to resource consumption under malicious input. The issue is fixed...

7.5CVSS6.6AI score0.00191EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/12/04 7:16 p.m.9 views

AZL-71513 CVE-2025-65637 affecting package containerized-data-importer for versions less than 1.62.0-1

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...

7.5CVSS5.8AI score0.00585EPSS
Exploits1References1
OSV
OSV
added 2025/12/04 7:16 p.m.6 views

AZL-71566 CVE-2025-65637 affecting package containerized-data-importer for versions less than 1.55.0-27

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...

7.5CVSS7.3AI score0.00585EPSS
Exploits1References1
OSV
OSV
added 2025/12/04 7:16 p.m.11 views

AZL-71632 CVE-2025-65637 affecting package moby-compose for versions less than 2.17.3-13

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving...

7.5CVSS7.1AI score0.00585EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-28625

Malicious code in bioql PyPI...

6.9CVSS6.6AI score0.00377EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/09/22 6:32 p.m.9 views

WordPress Product Catalog Simple Plugin <= 1.8.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Product Catalog Simple versions = 1.8.2...

6.5CVSS6.1AI score0.00196EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/21 5:20 p.m.3 views

CVE-2025-57768 Stored XSS in “hours” fields when creating or editing an issue, using SQLite database

Phproject is a high performance full-featured project management system. From 1.8.0 to before 1.8.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Planned Hours field when creating a new project. When sending a POST request to /issues/new/, the value provided in the Planned Hours...

6.9CVSS5.6AI score0.00377EPSS
Exploits0References1
Rows per page
Query Builder