GHSA-C66C-VQ6W-FVH5 Omni: Operator can traverse image-factory API paths via unsanitized `talos_version` in CreateSchematic

Summary managementServer.CreateSchematic internal/backend/grpc/schematics.go passes the caller-controlled TalosVersion field directly to imageFactoryClient.OverlaysVersions, which embeds it verbatim into a fmt.Sprintf"/version/%s/overlays/official", talosVersion path template. url.URL.JoinPath...

Omni: Operator can traverse image-factory API paths via unsanitized `talos_version` in CreateSchematic

Summary managementServer.CreateSchematic internal/backend/grpc/schematics.go passes the caller-controlled TalosVersion field directly to imageFactoryClient.OverlaysVersions, which embeds it verbatim into a fmt.Sprintf"/version/%s/overlays/official", talosVersion path template. url.URL.JoinPath...

PT-2026-46988

Summary managementServer.CreateSchematic internal/backend/grpc/schematics.go passes the caller-controlled TalosVersion field directly to imageFactoryClient.OverlaysVersions, which embeds it verbatim into a fmt.Sprintf"/version/%s/overlays/official", talosVersion path template. url.URL.JoinPath...

CVE-2026-1229 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-efs, terraform-provider-azurerm-fips, databricks-cli-fips, gitaly-fips, gitlab-rails-ce, cerbos-fips, helm-fips, docker-cli-buildx-fips, kyverno, atlantis-fips, crossplane-provider-family-aws-fips, terraform-fips,...

CVE-2026-24686 vulnerabilities

Vulnerabilities for packages: flux-source-controller, buildkitd, cosign, kyverno, cosign-fips, tflint, gitsign, tekton-chains, zot, crossplane, policy-controller-fips, skaffold-fips, vexctl, kyverno-policy-reporter-plugins-kyverno, falcoctl, teleport, tekton-chains-fips, cg, trivy-operator-fips,...

GHSA-JQC5-W2XX-5VQ4 vulnerabilities

Vulnerabilities for packages: flux-source-controller, buildkitd, cosign, kyverno, cosign-fips, tflint, gitsign, tekton-chains, zot, crossplane, policy-controller-fips, skaffold-fips, vexctl, kyverno-policy-reporter-plugins-kyverno, falcoctl, teleport, tekton-chains-fips, cg, trivy-operator-fips,...

Horde - Horde_Image::factory driver Argument Local File Inclusion

Horde - HordeImage::factory driver Argument Local File Inclusion Exploit Title: Horde HordeImage::factory driver Argument Local File Inclusion Google Dork: intitle:horde Date: 10-02-2011 Author: skysbsb Software Link: http://www.horde.org/download/ Version: Horde 3.3.2 Tested on: linux CVE :...

Horde Local File Inclusion

Exploit Title: Horde HordeImage::factory driver Argument Local File Inclusion Google Dork: intitle:horde Date: 10-02-2011 Author: skysbsb Software Link: http://www.horde.org/download/ Version: Horde 3.3.2 Tested on: linux CVE : CVE-2009-0932 The original disclosure was done by Gunnar Wrobel from...