58554 matches found
CVE-2026-39961
Aiven Operator allows you to provision and manage Aiven Services from your Kubernetes cluster. From 0.31.0 to before 0.37.0, a developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any other namespace — production database credentials, API keys...
GHSA-4F8G-77MW-3RXC OpenClaw: Gateway plugin HTTP `auth: gateway` widens identity-bearing `operator.read` requests into runtime `operator.write`
Impact Gateway plugin HTTP auth: gateway widens identity-bearing operator.read requests into runtime operator.write. Plugin HTTP routes using gateway auth could receive runtime write scopes even when the upstream trusted-proxy request only declared read. OpenClaw is a user-controlled local...
OpenClaw: Gateway plugin HTTP `auth: gateway` widens identity-bearing `operator.read` requests into runtime `operator.write`
Impact Gateway plugin HTTP auth: gateway widens identity-bearing operator.read requests into runtime operator.write. Plugin HTTP routes using gateway auth could receive runtime write scopes even when the upstream trusted-proxy request only declared read. OpenClaw is a user-controlled local...
OpenClaw `node.pair.approve` placed in `operator.write` scope instead of `operator.pairing` allows unprivileged pairing approval
Impact OpenClaw node.pair.approve placed in operator.write scope instead of operator.pairing allows unprivileged pairing approval. The pairing approval method accepted operator.write instead of the narrower pairing scope and admin requirement for exec-capable nodes. OpenClaw is a user-controlled...
Improper Privilege Management
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Privilege Management via the node.pair.approve function being assigned to the broader operator.write scope instead of the intended operator.pairing scope. An attacker can gain...
OpenClaw: Node Pairing Reconnect Command Escalation Bypasses operator.admin Scope Requirement
Impact Node Pairing Reconnect Command Escalation Bypasses operator.admin Scope Requirement. A previously paired node could reconnect with a broader command set, including exec-capable commands, without forcing the operator/admin re-pairing path. OpenClaw is a user-controlled local assistant. This...
GHSA-5WJ5-87VQ-39XM OpenClaw: Node Pairing Reconnect Command Escalation Bypasses operator.admin Scope Requirement
Impact Node Pairing Reconnect Command Escalation Bypasses operator.admin Scope Requirement. A previously paired node could reconnect with a broader command set, including exec-capable commands, without forcing the operator/admin re-pairing path. OpenClaw is a user-controlled local assistant. This...
CVE-2026-39961
Aiven Operator allows you to provision and manage Aiven Services from your Kubernetes cluster. From 0.31.0 to before 0.37.0, a developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any other namespace — production database credentials, API keys...
CVE-2026-39961
CVE-2026-39961 (Aiven Operator) affects Aiven Operator versions 0.31.0–0.36.x. A developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any namespace. The operator reads the victim’s secret using its ClusterRole (aiven-operator-role) and writes ...
CVE-2026-39961 Aiven Operator has cross-namespace secret exfiltration via ClickhouseUser connInfoSecretSource
Aiven Operator allows you to provision and manage Aiven Services from your Kubernetes cluster. From 0.31.0 to before 0.37.0, a developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any other namespace — production database credentials, API keys...
EUVD-2026-20954
Lychee is a free, open-source photo-management tool. Prior to 7.5.4, a SQL operator-precedence bug in SharingController::listAll causes the orWhereNotNull'usergroupid' clause to escape the ownership filter applied by the when block. Any authenticated non-admin user with upload permission who owns...
GHSA-HFVC-G4FC-PQHX vulnerabilities
Vulnerabilities for packages: containerd, pulumi-language-java, rabbitmq-cluster-operator, teleport, spicedb, kwok, blob-csi, gitlab-kas, cerbos, istio, terraform-provider-google, gcp-compute-persistent-disk-csi-driver, kubernetes-dns-node-cache, descheduler, cluster-api-azure-controller, kserve,...
GHSA-HFVC-G4FC-PQHX vulnerabilities
Vulnerabilities for packages: kcp-0.29, secrets-store-csi-driver-provider-gcp, google-osconfig-agent, opentelemetry-collector, policy-controller, elastic-agent, crossplane-provider-gcp, terraform-provider-google-fips, spicedb-fips, tflint, cloud-provider-gcp-cloud-controller-manager-fips,...
CVE-2026-39883 vulnerabilities
Vulnerabilities for packages: kcp-0.29, secrets-store-csi-driver-provider-gcp, google-osconfig-agent, opentelemetry-collector, policy-controller, elastic-agent, crossplane-provider-gcp, terraform-provider-google-fips, spicedb-fips, tflint, cloud-provider-gcp-cloud-controller-manager-fips,...
CLEANSTART-2026-SQ18258 url
Multiple security vulnerabilities affect the minio-operator-fips package. url. See references for individual vulnerability details...
CLEANSTART-2026-BA09462 OpenTelemetry-Go is the Go implementation of OpenTelemetry
Multiple security vulnerabilities affect the cass-operator-fips package. OpenTelemetry-Go is the Go implementation of OpenTelemetry. See references for individual vulnerability details...
CLEANSTART-2026-UQ00642 Docker CLI for Windows searches for plugin binaries in C:\\\\ProgramData\\\\Docker\\\\cli-plugins, a directory that does not exist by default
Multiple security vulnerabilities affect the minio-operator-fips package. Docker CLI for Windows searches for plugin binaries in C:\\ProgramData\\Docker\\cli-plugins, a directory that does not exist by default. See references for individual vulnerability details...
CLEANSTART-2026-UF78567 net/url package does not set a limit on the number of query parameters in a query
Multiple security vulnerabilities affect the minio-operator-fips package. The net/url package does not set a limit on the number of query parameters in a query. See references for individual vulnerability details...
CLEANSTART-2026-ST75560 During the TLS 1
Multiple security vulnerabilities affect the minio-operator-fips package. During the TLS 1. See references for individual vulnerability details...
CLEANSTART-2026-OT38160 url
Multiple security vulnerabilities affect the minio-operator-fips package. url. See references for individual vulnerability details...