932 matches found
GHSA-8RFP-98V4-MMR6 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server...
GHSA-GJ48-438W-JH9V vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server...
GHSA-GJ48-438W-JH9V vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server...
GHSA-8RFP-98V4-MMR6 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server...
Important: Red Hat Security Advisory: Red Hat OpenShift Pipelines Release 1.21.2
The 1.21.2 GA release of Red Hat OpenShift Pipelines Operator.. For more details see product documentation. The 1.21.2 release of Red Hat OpenShift Pipelines Operator...
EUVD-2026-36800
Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing. This element is primarily used in debugging pipelines, limiting real-world exposure. A local attacker could...
GHSA-GV7W-RQVM-QJHR vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines, argo-workflows, renovate, langfuse-fips, langfuse, vite, vitess...
GHSA-G7R4-M6W7-QQQR vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines...
GHSA-GV7W-RQVM-QJHR vulnerabilities
Vulnerabilities for packages: vitess, kubeflow-pipelines, renovate, argo-workflows, vite...
GHSA-G7R4-M6W7-QQQR vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines...
Turn specs into evals for any agent with ASSERT
Today, we’re releasing Adaptive Spec-driven Scoring for Evaluation and Regression Testing ASSERT, an open-source framework for turning natural-language behavior specifications into executable evaluations. Every team building an AI system starts with a clear intention for the behaviors they want t...
Layer Order Semantics for Automata-Based Cybersecurity
Layered cybersecurity pipelines transform evidence before they decide on it, and the order of those transformations determines which security facts become visible to which layer. This paper gives layer order a finite-state semantics built from a layer-order automaton, deterministic sequential...
When Discovery Outpaces Remediation: Modeling AI-Accelerated Vulnerability Discovery in Interconnected Systems
Advanced AI systems for code analysis, binary analysis, fuzzing orchestration, and penetration-test planningmay significantly increase the rate at which latent vulnerabilities are discovered. While improved discovery can benefit defenders, it can also overload remediation pipelines and accelerate...
Important: Red Hat Security Advisory: Red Hat OpenShift Pipelines Release 1.21.2
The 1.21.2 GA release of Red Hat OpenShift Pipelines Operator.. For more details see product documentation. The 1.21.2 release of Red Hat OpenShift Pipelines Operator...
HackTheBox
HackTheBox — Writeups, Tooling & Exploitation Pipelines A wor...
GitInject: Real-World Prompt Injection Attacks in AI-Powered CI/CD Pipelines
AI-powered agents are increasingly embedded in continuous integration and continuous delivery/deployment CI/CD pipelines to autonomously review pull requests PRs, triage issues, and maintain codebases. These agents ingest untrusted content while operating with elevated repository permissions,...
PT-2026-47173
$1,000 of compute found 21 zero-days in FFmpeg. An autonomous agent called depthfirst scanned roughly 1.5 million lines of C, then wrote a reproducible proof-of-concept for every bug it reported. The shift is that second half. Not a list of suspicious lines for a human to chase, but 21 crashing...
CVE-2026-7466
AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute local Python pipeline files by supplying a user-controlled pipelinepath parameter to the POST /api/runs and POST /api/runs/validate endpoints. Attackers can induce requests to the local AgentFlow API to...
CVE-2026-10840
A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the...
CVE-2026-10840
CVE-2026-10840 concerns the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role. When Kueue or cert-manager CRDs are present, any authenticated...