20745 matches found
GHSA-2CW7-V8FF-P88R vulnerabilities
Vulnerabilities for packages: ruby3.2-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset, ruby3.3-fluentd-kubernetes-daemonset...
GHSA-FM7P-MPRW-WJM9 vulnerabilities
Vulnerabilities for packages: ruby3.2-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset, ruby3.3-fluentd-kubernetes-daemonset...
GHSA-VWM4-62GF-X745 vulnerabilities
Vulnerabilities for packages: ruby3.2-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset, ruby3.3-fluentd-kubernetes-daemonset...
CVE-2026-54901 vulnerabilities
Vulnerabilities for packages: ruby3.2-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset, ruby3.3-fluentd-kubernetes-daemonset...
CVE-2026-54896 vulnerabilities
Vulnerabilities for packages: ruby3.2-fluentd-kubernetes-daemonset, ruby3.4-fluentd-kubernetes-daemonset, ruby3.3-fluentd-kubernetes-daemonset...
CVE-2026-52782
OpenProject versions prior to 17.3.3 and 17.4.1 are affected by an IDOR in /projects//settings/project_storages/ via PATCH parameter storages_project_storage[project_folder_id], allowing a project-admin to hijack another project’s managed Nextcloud/OneDrive folder on the same storage. The vulnera...
CVE-2026-52784
CVE-2026-52784 (OpenProject) is a CSRF vulnerability in OpenProject’s web UI. The issue allows CSRF on a user-targeted action via POST to /users/:id with the parameter user[admin], enabling unauthorized state changes without user interaction. Affected software versions are prior to 17.3.3 and 17....
CVE-2026-48743
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, Envoy can translate a downstream HTTP/3 request that is complete at the transport layer HEADERS with FIN / headers-only close but still carries a nonzero...
EUVD-2026-39823
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.18.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the router filter contains a null pointer dereference vulnerability when handling HTTP 303 See Other internal redirects for body-less non-GET/HEAD requests...
CVE-2026-47221 Envoy: Null pointer deref in internal redirects
Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.18.0 until 1.35.13, 1.36.9, 1.37.5, and 1.38.3, the router filter contains a null pointer dereference vulnerability when handling HTTP 303 See Other internal redirects for body-less non-GET/HEAD requests...
CVE-2026-48743
Envoy (open source edge/service proxy) contains a HTTP/3 to HTTP/1 request smuggling vulnerability prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1. A downstream HTTP/3 request that is complete at the transport layer with a nonzero Content-Length can be mistranslated into a complete upstream...
CVE-2026-55686
Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the WORKDIR path contains a symlink can create a directory or modify ownership on the host filesystem. Modified ownership is less likely to happen as that requires help from an...
EUVD-2025-210358
Contributor Local File Inclusion in Splash - Sport Club WordPress Theme for Basketball, Football, Hockey = 4.4.3 versions...
EUVD-2026-39772
A heap overflow in the FSViewer.exe process of FastStone Image Viewer v8.3 allows attackers to cause a execute arbitrary code in the context of the current process via supplying a crafted JPEG 2000 JP2 file...
EUVD-2025-210353
Contributor Broken Access Control in Live Copy Paste for Elementor = 1.5.3 versions...
CVE-2026-57649
Subscriber Broken Access Control in Shoppable Images Lite = 1.3 versions...
CVE-2026-56047
Unauthenticated Cross Site Scripting XSS in perfmatters = 2.6.3 versions...
CVE-2026-56032
Subscriber PHP Object Injection in Buddyboss Platform = 3.0.4 versions...
CVE-2026-54847
Unauthenticated Broken Access Control in Stylish Cost Calculator = 8.3.9 versions...
CVE-2026-54834
Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone = 2.3.2 versions...