CLEANSTART-2026-MZ18595 Security fixes for CVE-2025-61730, CVE-2025-61732, CVE-2026-27139, CVE-2026-27142 applied in versions: 3.4.0-r7

Multiple security vulnerabilities affect the fluent-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-UB49656 Security fixes for CVE-2026-24051, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-9h8m-3fm2-qjrq, ghsa-p77j-4mvh-x3m3 applied in versions: 3.5.0-r0, 3.5.0-r1

Multiple security vulnerabilities affect the fluent-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-KA15295 Security fixes for CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-9h8m-3fm2-qjrq, ghsa-p77j-4mvh-x3m3 applied in versions: 3.7.0-r0, 3.7.0.-r1

Multiple security vulnerabilities affect the fluent-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-VS17175 Security fixes for CVE-2026-24051, CVE-2026-27139, CVE-2026-27141, CVE-2026-33186, ghsa-9h8m-3fm2-qjrq, ghsa-p77j-4mvh-x3m3 applied in versions: 3.6.0-r3

Multiple security vulnerabilities affect the fluent-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-CP95927 Security fixes for CVE-2025-61732, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-9h8m-3fm2-qjrq, ghsa-p77j-4mvh-x3m3 applied in versions: 1.28.1-r0, 1.28.1-r1

Multiple security vulnerabilities affect the cass-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-PN56882 Security fixes for CVE-2026-24051 applied in versions: 1.65.0-r0

Security vulnerability affects the jaeger-operator package. This issue is resolved in later releases. See references for vulnerability details...

CLEANSTART-2026-AC65885 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25518, CVE-2026-25679, CVE-2026-26958, CVE-2026-27139, CVE-2026-27142, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 1.18.0-r0, 1.18.0-r1, 1.18.0-r2, 1.18.0-r3

Multiple security vulnerabilities affect the percona-xtradb-cluster-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-TF98824 Security fixes for CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x, ghsa-p436-gjf2-799p applied in versions: 7.1.1-r0, 7.1.1-r1, 7.1.1-r3

Multiple security vulnerabilities affect the minio-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-CB01846 Security fixes for CVE-2025-0913, CVE-2025-4673, CVE-2025-47907, CVE-2025-47911, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-58190, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61732, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142 applied in versions: 2.6.1-r0, 2.6.1-r1, 2.6.1-r7

Multiple security vulnerabilities affect the opensearch-k8s-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-JK84667 Security fixes for CVE-2025-0913, CVE-2025-4673, CVE-2025-47907, CVE-2025-47911, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-58190, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61732, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142 applied in versions: 2.7.0-r7, 2.7.0-r8

Multiple security vulnerabilities affect the opensearch-k8s-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

GHSA-2X4X-CC5G-QMMG OpenClaw: node.pair.approve missing callerScopes validation allows low-privilege operator to approve malicious nodes

Summary The node pairing approval path did not consistently enforce that the approving caller already held every scope requested by the node. Impact A lower-privileged operator could approve a pending node request for broader scopes and extend privileges onto the paired node. Affected Component...

CVE-2026-34733 AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI Guard

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo installation script install/deleteSystemdPrivate.php contains a PHP operator precedence bug in its CLI-only access guard. The script is intended to run exclusively from the command line, but the guard condition...

CVE-2026-34733 AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI Guard

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo installation script install/deleteSystemdPrivate.php contains a PHP operator precedence bug in its CLI-only access guard. The script is intended to run exclusively from the command line, but the guard condition...

CVE-2026-34733

CVE-2026-34733 (AVideo) : AVideo proves vulnerable in versions ≤26.0 via the file install/deleteSystemdPrivate.php, which contains a PHP operator precedence bug in its CLI guard. The check uses !php_sapi_name() === 'cli', which, due to precedence, is always false, allowing unauthenticated HTTP ac...

CVE-2026-34733 AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI Guard

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo installation script install/deleteSystemdPrivate.php contains a PHP operator precedence bug in its CLI-only access guard. The script is intended to run exclusively from the command line, but the guard condition...

CVE-2026-34595

CVE-2026-34595 affects Parse Server LiveQuery: an authenticated user with find class-level permission can bypass the protectedFields guard by submitting a subscription using an array-like object for $or/$and/$nor instead of a real array. This bypass allows the subscription firing to act as a bina...

Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to loss of confidentiality (CVE-2025-68121)

Summary IBM App Connect Enterprise Certified Container operator and DesignerAuthoring, IntegrationRuntime and IntegrationServer operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported vulnerability in Golang module crypto/tls...

CVE-2026-32916

OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization bypass vulnerability where plugin subagent routes execute gateway methods through a synthetic operator client with broad administrative scopes. Remote unauthenticated requests to plugin-owned routes can invoke runtime.subagent...

GHSA-GM2X-2G9H-CCM8 vulnerabilities

Vulnerabilities for packages: k9s-fips, xeol-fips, syft, kaniko, gitea, trufflehog, flux-source-controller-fips, pulumi-language-java, apko-fips, cerbos, flux-source-controller, chainctl-fips, kubescape, gitaly-fips, crossplane, zarf, rancher-fleet, argo-workflows-fips, grype,...

CVE-2026-34165 vulnerabilities

Vulnerabilities for packages: k9s-fips, xeol-fips, syft, kaniko, gitea, trufflehog, flux-source-controller-fips, pulumi-language-java, apko-fips, cerbos, flux-source-controller, chainctl-fips, kubescape, gitaly-fips, crossplane, zarf, rancher-fleet, argo-workflows-fips, grype,...