CVE-2026-41246

Contour’s Cookie Rewriting feature (Envoy Lua filter) is vulnerable to Lua code injection from v1.19.0 up to before v1.33.4, v1.32.5, and v1.31.6. An attacker with RBAC to create/modify HTTPProxy resources can inject values into spec.routes[].cookieRewritePolicies[].pathRewrite.value (or services...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization. An attacker with the Manage Users permission can prevent legitimate users, including administrators, from accessing the platform by modifying usernames to cause account lockouts or username takeovers. Workaround...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the /meta/proxy endpoint. An attacker can obtain sensitive information by sending requests that cause identifiable data, such as email addresses, to be forwarded to external services through specific HTTP header...

RHEL 6 / 7 : python27-python (RHSA-2016:1628)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:1628 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high leve...

Malicious code in Be.Vlaanԁeren.Basisregisters.NisCоdeService.Proxy.HttpProxy (NuGet)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-4191 Malicious code in Be.Vlaanԁeren.Basisregisters.NisCоdeService.Proxy.HttpProxy (NuGet)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-4416 Malicious code in Bе.Vlaaոderen.Basisregisters.TicketingService.Proxy.HttpProxy (NuGet)

--- -= Per source details. Do not edit below this line.=-...