CVE-2026-32945

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a Heap-based Buffer Overflowvulnerability in the DNS parser's name length handler. Thisimpacts applications using PJSIP's built-in DNS resolver, such as those configured with...

PT-2026-26552

Name of the Vulnerable Software and Affected Versions PJSIP versions 2.16 and below Description PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a Heap-based Buffer Overflow in the DNS parser's name length handler. This impacts...

PJSIP 安全漏洞

PJSIP is an open-source, free and open-source multimedia communication library developed in C language. It implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. PJSIP versions 2.16 and earlier contained a security vulnerability caused by a stack buffer overflow in the D...

Path traversal in Tekton Pipelines git resolver allows reading arbitrary files from the resolver pod

Summary The Tekton Pipelines git resolver is vulnerable to path traversal via the pathInRepo parameter. A tenant with permission to create ResolutionRequests e.g. by creating TaskRuns or PipelineRuns that use the git resolver can read arbitrary files from the resolver pod's filesystem, including...

GHSA-J5Q5-J9GM-2W5C Path traversal in Tekton Pipelines git resolver allows reading arbitrary files from the resolver pod

Summary The Tekton Pipelines git resolver is vulnerable to path traversal via the pathInRepo parameter. A tenant with permission to create ResolutionRequests e.g. by creating TaskRuns or PipelineRuns that use the git resolver can read arbitrary files from the resolver pod's filesystem, including...

dynaconf Affected by Remote Code Execution (RCE) via Insecure Template Evaluation in @jinja Resolver

Summary Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in configuration values without a sandboxed environment. If an attacker can...

GHSA-PXRR-HQ57-Q35P dynaconf Affected by Remote Code Execution (RCE) via Insecure Template Evaluation in @jinja Resolver

Summary Dynaconf is vulnerable to Server-Side Template Injection SSTI due to unsafe template evaluation in the @jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template expressions embedded in configuration values without a sandboxed environment. If an attacker can...

PT-2026-26201

Name of the Vulnerable Software and Affected Versions dynaconf versions prior to 3.2.13 Description dynaconf is susceptible to Server-Side Template Injection SSTI due to insecure template evaluation within the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template...

PT-2026-26214

Name of the Vulnerable Software and Affected Versions Tekton Pipelines versions 1.0.0 through 1.10.0...

Improper Check for Unusual or Exceptional Conditions

Overview Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions through the GenerateDeterministicNameFromSpec function in pkg/resolution/resource/name.go. An attacker can crash the controller and block all TaskRun/PipelineRun reconciliation by...

Tekton Pipelines controller panic via long resolver name in TaskRun/PipelineRun

Summary A user with permission to create or update a TaskRun or PipelineRun can crash the Tekton Pipelines controller by setting .spec.taskRef.resolver or .spec.pipelineRef.resolver to a string of 31 characters or more, causing a denial of service for all reconciliation. Details The controller...

GHSA-CV4X-93XX-WGFJ Tekton Pipelines controller panic via long resolver name in TaskRun/PipelineRun

Summary A user with permission to create or update a TaskRun or PipelineRun can crash the Tekton Pipelines controller by setting .spec.taskRef.resolver or .spec.pipelineRef.resolver to a string of 31 characters or more, causing a denial of service for all reconciliation. Details The controller...

GHSA-46G3-37RH-V698 Egress Policy Bypass via DNS over HTTPS (DoH) in Harden-Runner (Community Tier)

Summary A vulnerability exists in the Community Tier of Harden-Runner that allows bypassing the egress-policy: block network restriction using DNS over HTTPS DoH. Harden-Runner secures GitHub Actions workflows on runners by applying network policies, including an allowed-endpoints configuration...

glibc: glibc: Information disclosure via zero-valued network query

A flaw was found in glibc, the GNU C Library. When an application calls the getnetbyaddr or getnetbyaddrr functions to resolve a network address, and the system's nsswitch.conf file is configured to use a DNS Domain Name System backend for network lookups, a query for a zero-valued network can le...

PT-2026-25993

Summary A user with permission to create or update a TaskRun or PipelineRun can crash the Tekton Pipelines controller by setting .spec.taskRef.resolver or .spec.pipelineRef.resolver to a string of 31 characters or more, causing a denial of service for all reconciliation. Details The controller...

Malicious code in f0-abstraction-resolver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 224dc9dfb692343ce6baa1f2e8ce95e413f8a4d8d9991bea7c7272923cd7498c The package f0-abstraction-resolver was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-1347 Malicious code in f0-abstraction-resolver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 224dc9dfb692343ce6baa1f2e8ce95e413f8a4d8d9991bea7c7272923cd7498c The package f0-abstraction-resolver was found to contain malicious code. Source: ossf-package-analysis...

CVE-2026-31837

A flaw was found in Istio. A user of Istio could be impacted if the JSON Web Key Set JWKS resolver becomes unavailable or fails to fetch keys. This vulnerability can lead to the exposure of hardcoded default settings, potentially bypassing authentication mechanisms and allowing unauthorized acces...

Use of Hard-coded Credentials

Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials in the JWKS resolver, which can be exposed if a fetch operation fails. An attacker can obtain private keys by forcing such a failure. Note: The keys are exposed even if RequestAuthentication is in use...

Use of Hard-coded Credentials

Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials in the JWKS resolver, which can be exposed if a fetch operation fails. An attacker can obtain private keys by forcing such a failure. Note: The keys are exposed even if RequestAuthentication is in use...