CVE-2026-44301

Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could...

CVE-2026-44301

Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could...

whistle 路径遍历漏洞

whistle is a Node-based implementation of a cross-platform packet-catching debugging tool by avenwu's individual developers. A path traversal vulnerability exists in whistle version 2.9.98 due to a path traversal error in the parameter filename in the file /cgi-bin/sessions/get-temp-file...

Incorrect Authorization

Cilium is vulnerable to Incorrect Authorization. The vulnerability is due to improper enforcement of node-based network policies due to misconfigured fromNodes and toNodes rules, which incorrectly permit traffic to or from non-node endpoints that share the specified labels...

BIT-CILIUM-2025-30163 Node based network policies may incorrectly allow workload traffic

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Node based network policies fromNodes and toNodes will incorrectly permit traffic to/from non-node endpoints that share the labels specified in fromNodes and toNodes sections of network policies. Node based...

BIT-CILIUM-OPERATOR-2025-30163 Node based network policies may incorrectly allow workload traffic

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Node based network policies fromNodes and toNodes will incorrectly permit traffic to/from non-node endpoints that share the labels specified in fromNodes and toNodes sections of network policies. Node based...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the misconfiguration in the fromNodes and toNodes fields. By exploiting the label mismatches, an attacker can bypass network policies and access unauthorized network endpoints. Note: This is only exploitable...

CVE-2025-30163 Node based network policies may incorrectly allow workload traffic

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Node based network policies fromNodes and toNodes will incorrectly permit traffic to/from non-node endpoints that share the labels specified in fromNodes and toNodes sections of network policies. Node based...

TCL LinkHub Mesh Wifi confctl_get_guest_wlan information disclosure vulnerability

Talos Vulnerability Report TALOS-2022-1503 TCL LinkHub Mesh Wifi confctlgetguestwlan information disclosure vulnerability August 1, 2022 CVE Number CVE-2022-27633 SUMMARY An information disclosure vulnerability exists in the confctlgetguestwlan functionality of TCL LinkHub Mesh Wifi MS1G0001.0014...

Unauthorized Access Vulnerability in Whistle Web Debugger

whistle is based on Node implementation of cross-platform web debugging agent . Whistle Web Debugger suffers from an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information...