CVE-2026-6673

Mattermost Jira plugin (CVE-2026-6673) authenticates poorly during Atlassian Connect install. Affected Mattermost versions (11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x

CVE-2026-42876

External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.1, a user who only has permission to create ExternalSecret resources can cause the operator to create a Secret that Kubernetes will automatically populat...

openSUSE 16 Security Update : docker (openSUSE-SU-2026:20057-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20057-1 advisory. Changes in docker: - Update to Docker 28.5.1-ce. See upstream changelog online at - Update to Docker 28.5.0-ce. See upstream changelog online at - Updat...

Security update for docker-stable

This update for docker-stable fixes the following issues: Note this update contains a already fixed references mostly. Remove git-core recommends on SLE to avoid pulling it in unnecessary. bsc1250508 This feature is mostly intended for developers "docker build git://" so most users already have t...

SUSE-SU-2025:20743-1 Security update for docker

This update for docker fixes the following issues: Update to docker-buildx v0.28.0. See upstream changelog: Update to Docker 28.4.0-ce. See upstream changelog: - Update warnings and errors related to "docker buildx ..." so that they reference our openSUSE docker-buildx packages. - Enable building...

Insecure Variable Substitution in Vela

Impact Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string manipulation — can bypass log masking and expose secrets without the use of the commands block...

Vela Security Breach

Github Vela is an application open-sourced by Github in the United States. It provides an automation framework. A security vulnerability exists in Vela 0.23.1 and earlier versions, which stems from a vulnerability that allows an attacker to replace variables to bypass log masking and inject secre...

UBUNTU-CVE-2022-39264

nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect against this issue. As a workaround, one may apply th...

PT-2022-24854 · Nheko · Nheko

Name of the Vulnerable Software and Affected Versions: nheko versions prior to 0.10.2 Description: nheko is a desktop client for the Matrix communication application. The issue allows homeservers to insert malicious secrets, which could lead to man-in-the-middle attacks. Recommendations: For...

Privilege escalation to cluster admin on multi-tenant environments

Users that can create Kubernetes Secrets, Service Accounts and Flux Kustomization objects, could execute commands inside the kustomize-controller container by embedding a shell script in a Kubernetes Secret. This can be used to run kubectl commands under the Service Account of kustomize-controlle...