Cisco SSM On-Prem <= 8-202206 - Password Reset Account Takeover

A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process...

OPENSUSE-SU-2026:10943-1 amazon-ssm-agent-3.3.4624.0-1.1 on GA media

These are all security issues fixed in the amazon-ssm-agent-3.3.4624.0-1.1 package on the GA media of openSUSE Tumbleweed...

amazon-ssm-agent-3.3.4515.0-1.1 on GA media (moderate)

amazon-ssm-agent-3.3.4515.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10872-1 Rating: moderate Cross-References: CVE-2026-39821 CVSS scores: CVE-2026-39821 SUSE : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2026-39821 SUSE : 9.1...

CVE-2026-38808

SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote attacker to obtain sensitive information via the ProductMapper.xml and /OrderUtil.java components...

OPENSUSE-SU-2026:10872-1 amazon-ssm-agent-3.3.4515.0-1.1 on GA media

These are all security issues fixed in the amazon-ssm-agent-3.3.4515.0-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-38808

SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote attacker to obtain sensitive information via the ProductMapper.xml and /OrderUtil.java components...

CVE-2026-38808

CVE-2026-38808 is a SQL Injection vulnerability affecting uzy-ssm-mall v1.1.0. The issue is reachable via the ProductMapper.xml and OrderUtil.java components, enabling a remote attacker to obtain sensitive information. The CVSS 3.1 vector indicates network access, low attack complexity, no privil...

PT-2026-44049

SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote attacker to obtain sensitive information via the ProductMapper.xml and /OrderUtil.java components...

CVE-2026-38808

SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote attacker to obtain sensitive information via the ProductMapper.xml and /OrderUtil.java components...

CVE-2026-38808

SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote attacker to obtain sensitive information via the ProductMapper.xml and /OrderUtil.java components...

CVE-2026-42526

In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...

CVE-2026-42526 Apache Airflow Amazon provider: Prevent unauthorized access to team-scoped secrets in AWS Secrets Manager and SSM Parameter Store backends

In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...

CVE-2026-42526

The CVE-2026-42526 vulnerability affects apache-airflow-providers-amazon backends for AWS Secrets Manager and SSM Parameter Store prior to 9.28.0. The team-scoping logic could resolve a conn_id containing a slash (for example a_team/conn) to the same path as another team’s secret when the caller ...

CVE-2026-42526 Apache Airflow Amazon provider: Prevent unauthorized access to team-scoped secrets in AWS Secrets Manager and SSM Parameter Store backends

In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...

PT-2026-42004

Name of the Vulnerable Software and Affected Versions apache-airflow-providers-amazon versions prior to 9.28.0 Description In the AWS Secrets Manager and SSM Parameter Store secrets backends, the team-scoping logic could resolve a conn id containing a / for example, "my team/conn" to the same pat...

OPENSUSE-SU-2026:10765-1 amazon-ssm-agent-3.3.4268.0-2.1 on GA media

These are all security issues fixed in the amazon-ssm-agent-3.3.4268.0-2.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-41506 vulnerabilities

Vulnerabilities for packages: amazon-ssm-agent-fips, nuclei, pulumi, k9s, kubescape-server-fips, redpanda-console, kots, melange, cerbos-fips, grype-fips, flux-image-automation-controller, steampipe, pulumi-language-dotnet, argo-events, gitlab-runner, chainloop-cli, grafana-fips, terragrunt-fips,...

tough-kms (>=0.2.0 <=0.5.0), tough-ssm (>=0.5.0 <=0.8.0) +1 more potentially affected by CVE-2026-6966 via tough (>=0.10.0 <=0.1.0)

tough CARGO version =0.10.0, =0.2.0, =0.5.0, =0.1.0, =0.9.0 Source cves: CVE-2026-6966 Source advisory: OSV:GHSA-8M7C-8M39-RV4X...

CVE-2026-32288 vulnerabilities

Vulnerabilities for packages: amazon-ssm-agent-fips, commercial-grafana, pulumi, tkn-fips, falcoctl, rclone, localstack, libnvidia-container, crane-fips, argo-cd-fips, dive, image-factory-fips, rancher-helm, tekton-chains-fips, nemo, caddy, calico, neuvector-scanner, fscrypt, gh, kubevela-fips,...

GHSA-X4JJ-H2V8-HQQV vulnerabilities

Vulnerabilities for packages: amazon-ssm-agent-fips, commercial-grafana, pulumi, tkn-fips, falcoctl, rclone, localstack, libnvidia-container, crane-fips, argo-cd-fips, dive, image-factory-fips, rancher-helm, tekton-chains-fips, nemo, caddy, calico, neuvector-scanner, fscrypt, gh, kubevela-fips,...