CVE-2026-30917

Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to 2.1.1, a stored XSS can be inserted into any Bucket table field that has a PAGE type, which will execute whenever a user views that table's corresponding Bucket namespace page. This vulnerability is fixed ...

CVE-2026-30917 Stored XSS on Bucket namespace pages

Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to 2.1.1, a stored XSS can be inserted into any Bucket table field that has a PAGE type, which will execute whenever a user views that table's corresponding Bucket namespace page. This vulnerability is fixed ...

CVE-2026-30917

Bucket is a MediaWiki extension for structured data. Before version 2.1.1, there is a stored XSS in any Bucket table field with a PAGE type that executes when users view the corresponding Bucket namespace page. The issue is fixed in 2.1.1. Affected software: MediaWiki Bucket extension; vulnerable...

EUVD-2026-10427

Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to 2.1.1, a stored XSS can be inserted into any Bucket table field that has a PAGE type, which will execute whenever a user views that table's corresponding Bucket namespace page. This vulnerability is fixed ...

CVE-2026-29773

Technical details for CVE-2026-29773 are not provided in the connected documents. The available materials mention read-only access via deprecated APIs but do not specify affected versions, fixes, or explicit exploit details.

CVE-2026-29773 kubewarden-controller cross-namespace data exfiltration via deprecated host callback binding

Kubewarden is a policy engine for Kubernetes. Kubewarden cluster operators can grant permissions to users to deploy namespaced AdmissionPolicies and AdmissionPolicyGroups in their Namespaces. One of Kubewarden promises is that configured users can deploy namespaced policies in a safe manner,...

CVE-2026-29773 kubewarden-controller cross-namespace data exfiltration via deprecated host callback binding

Kubewarden is a policy engine for Kubernetes. Kubewarden cluster operators can grant permissions to users to deploy namespaced AdmissionPolicies and AdmissionPolicyGroups in their Namespaces. One of Kubewarden promises is that configured users can deploy namespaced policies in a safe manner,...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the deprecated host-callback APIs kubernetes/ingresses, kubernetes/namespaces, and kubernetes/services. An attacker can gain unauthorized read access to Ingresses, Namespaces, and Services resources across al...

EUVD-2026-10411

Kubewarden: Cross-namespace data exfiltration via deprecated host callback binding...

GHSA-6R7F-3FWQ-HQ74 Kubewarden: Cross-namespace data exfiltration via deprecated host callback binding

Impact Kubewarden is a policy engine for Kubernetes. Kubewarden cluster operators can grant permissions to users to deploy namespaced AdmissionPolicies and AdmissionPolicyGroups in their Namespaces. One of Kubewarden promises is that configured users can deploy namespaced policies in a safe manne...

EUVD-2026-10410

Kubewarden: Cross-namespace data exfiltration via deprecated host callback binding...

Kubewarden: Cross-namespace data exfiltration via deprecated host callback binding

Impact Kubewarden is a policy engine for Kubernetes. Kubewarden cluster operators can grant permissions to users to deploy namespaced AdmissionPolicies and AdmissionPolicyGroups in their Namespaces. One of Kubewarden promises is that configured users can deploy namespaced policies in a safe manne...

PT-2026-24144

Name of the Vulnerable Software and Affected Versions Kubewarden versions prior to 1.33.0 Description Kubewarden is a policy engine for Kubernetes. An attacker with privileged "AdmissionPolicy" create permissions could leverage three deprecated host-callback APIs: kubernetes/ingresses,...

NewStart CGSL MAIN 6.06 (SP) : pam Multiple Vulnerabilities (NS-SA-2026-0005)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has pam packages installed that are affected by multiple vulnerabilities: - pamnamespace.c in the pamnamespace module in Linux-PAM aka pam before 1.1.3 uses the environment of the invoking application or service during execution of the...

SUSE CVE-2026-26187

lakeFS is an open-source tool that transforms object storage into a Git-like repositories. Prior to 1.77.0, the local block adapter pkg/block/local/adapter.go allows authenticated users to read and write files outside their designated storage boundaries. The verifyRelPath function used...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005426)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005426 advisory. In the Linux kernel, the following vulnerability has been resolved: net: tipc: fix refcount warning in tipcaeadencrypt syzbot reported a refcount warning 1 caused by...

Rancher has downstream cluster privilege escalation through cluster and project role template binding (CRTB/PRTB)

Impact An issue was discovered in Rancher versions up to and including 2.5.15 and 2.6.6 where a flaw with authorization logic allows privilege escalation through cluster role template binding CRTB and project role template binding PRTB. This issue does not affect the local cluster, it affects onl...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005756)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005756 advisory. In the Linux kernel, the following vulnerability has been resolved: net: tipc: fix refcount warning in tipcaeadencrypt syzbot reported a refcount warning 1 caused by...

GHSA-WW6V-V748-X7G9 OpenClaw has a sandbox network isolation bypass via docker.network=container:<id>

Summary In [email protected], sandbox network hardening blocks network=host but still allows network=container:. This can let a sandbox join another container's network namespace and reach services available in that namespace. Preconditions and Trust Model Context This issue requires a...

OpenClaw has a sandbox network isolation bypass via docker.network=container:<id>

Summary In [email protected], sandbox network hardening blocks network=host but still allows network=container:. This can let a sandbox join another container's network namespace and reach services available in that namespace. Preconditions and Trust Model Context This issue requires a...