Security Bulletin: Due to the use of helm, IBM Kubecost Self Hosted is affected by stack overflow and memory exhaustion

Summary helm is used by IBM Kubecost Self Hosted as part of the cluster-controller component CVE-2025-32387, CVE-2025-32386 Vulnerability Details CVEID:CVE-2025-32387 DESCRIPTION: Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply...

PT-2025-117: Server‑Side Request Forgery (SSRF) in FreeScout

The vulnerability was identified in FreeScout , versions 1.8.182. The discovered vulnerability allows an attacker to make requests to both local and external resources, mask their own IP address and retrieve data from protected network segments. Vulnerability status: Confirmed by vendor Date of...

PT-2025-96: Deserialization of untrusted data leads to Remote code execution (RCE) in FreeScout

The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to deserialize arbitrary objects and fully control their properties, leading to total compromise of the web‑application logic and remote code execution RCE. Vulnerability status:...

Security update for afterburn

This update for afterburn fixes the following issues: Update to version 5.8.2: cargo: Afterburn release 5.8.2 docs/release-notes: update for release 5.8.2 cargo: update dependencies cargo: Afterburn release 5.8.1 cargo: Afterburn release 5.8.0 docs/release-notes: update for release 5.8.0 cargo:...

PT-2025-42: Insufficient Protection Against CRLF-injection in FreeScout

The vulnerability was identified in FreeScout, versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to inject special characters into string‑formatting functions because user input is not properly validated, leading to CRLF‑injection attacks. Vulnerability status:...