58514 matches found
GHSA-3G76-F9XQ-8VP6 vulnerabilities
Vulnerabilities for packages: wildfly, keycloak, keycloak-fips, apache-pulsar, request-9047-keycloak-fips, apache-pulsar-fips, kafka-bridge, spark-kubernetes-operator, apicurio-registry, apache-camel-karavan-devmode, spark-fips, spark...
GHSA-PMWQ-PJRM-6P5R vulnerabilities
Vulnerabilities for packages: docker, ko, gh, neuvector-sigstore-interface, buildkitd, docker-compose, kyverno-notation-aws, crossplane, ratify, trivy, zarf, tkn, kubescape, slsa-verifier, tekton-chains, gitsign, gitlab-runner, kyverno, policy-controller, guac, falcoctl, docker-cli-buildx, aactl,...
GHSA-C4RQ-3M3G-8WGX vulnerabilities
Vulnerabilities for packages: ruby4.0-rails, ruby3.4-rails, ruby3.3-rails, ruby3.2-rails, kube-logging-operator...
CVE-2025-15633
An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data site names, versions, and configuration variables and bypass privilege requirements via unprotected endpoints lacking adequate security headers...
CVE-2025-15633 HCL BigFix WebUI is affected by an improper authorization vulnerability
An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data site names, versions, and configuration variables and bypass privilege requirements via unprotected endpoints lacking adequate security headers...
CVE-2025-15633
The CVE describes an improper authorization flaw in HCL BigFix WebUI. An authenticated user lacking Master Operator privileges can access internal data (site names, versions, configuration variables) via unprotected endpoints that do not enforce security headers. This indicates a privilege check ...
CVE-2025-15633 HCL BigFix WebUI is affected by an improper authorization vulnerability
An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data site names, versions, and configuration variables and bypass privilege requirements via unprotected endpoints lacking adequate security headers...
Exploit for Operator Precedence Logic Error in Freebsd
CVE-2026-7270 FreeBSD local privilege escalation via exec...
PT-2026-39320
Name of the Vulnerable Software and Affected Versions HCL BigFix WebUI affected versions not specified Description An improper authorization issue in HCL BigFix WebUI allows an authenticated user who lacks Master Operator privileges to bypass privilege requirements. This is possible due to...
in-toto-golang and in-toto-python have inconsistent negation behavior
Impact What kind of vulnerability is it? Who is impacted? in-toto-golang and in-toto-python both support glob patterns in artifact rules to indicate the artifacts that a rule applies to. Both support negations in character classes to indicate what should not be matched, but they used different...
gmaps-mcp's unauthenticated HTTP transport allows unlimited Google Maps API calls at operator expense
Unauthenticated HTTP Transport Allows Unlimited Google Maps API Calls at Operator Expense The gmaps-mcp codebase was reviewed at commit e671db68c804c9e67d51582d3280839ffa65f127 and three issues worth flagging were discovered — one high-severity, one medium, one structural. There were no...
CVE-2026-34984 vulnerabilities
Vulnerabilities for packages: external-secrets-operator...
GHSA-R2PG-R6H7-CRF3 vulnerabilities
Vulnerabilities for packages: external-secrets-operator...
CVE-2026-34984 vulnerabilities
Vulnerabilities for packages: external-secrets-operator...
GHSA-R2PG-R6H7-CRF3 vulnerabilities
Vulnerabilities for packages: external-secrets-operator...
CVE-2026-8063
An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resolving a view, the server inspects the aggregation pipeline to determine whether it begins with an Atlas Search stage. For $rankFusion and $scoreFusion, this inspection reads...
EUVD-2026-28170
OpenClaw before 2026.4.10 contains an insufficient access control vulnerability in Nostr plugin HTTP profile routes that allows operators with write permissions to persist profile configuration without requiring admin authority. Attackers with operator.write scope can modify Nostr profile setting...
CVE-2026-43579 OpenClaw < 2026.4.10 - Insufficient Access Control in Nostr Profile Mutation Routes
OpenClaw before 2026.4.10 contains an insufficient access control vulnerability in Nostr plugin HTTP profile routes that allows operators with write permissions to persist profile configuration without requiring admin authority. Attackers with operator.write scope can modify Nostr profile setting...
CVE-2026-43579
OpenClaw before 2026.4.10 contains an insufficient access control vulnerability in Nostr plugin HTTP profile routes that allows operators with write permissions to persist profile configuration without requiring admin authority. Attackers with operator.write scope can modify Nostr profile setting...
CVE-2026-41889 vulnerabilities
Vulnerabilities for packages: falcosidekick, pgtimetable, ory-kratos, sftpgo-plugin-eventstore, chainloop-control-plane-fips, keda, openbao, openfga, bento, caddy-fips, goose-fips, falcosidekick-fips, dapr-fips, kubeflow-pipelines, cerbos, timescaledb-parallel-copy, temporal-fips, sftpgo, src,...