314 matches found
EUVD-2026-42987
MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools kubectlget, kubectldescribe, kubectldelete that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType and name parameters with leading dashes. Attackers can...
CVE-2026-61459 MCP Server Kubernetes < 3.9.0 Argument Injection via kubectl Structured Tools
MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools kubectlget, kubectldescribe, kubectldelete that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType and name parameters with leading dashes. Attackers can...
CVE-2026-13323
In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint serves user-supplied HTML files with Content-Type: text/html and without a Content-Security-Policy or Content-Disposition: attachment response header. An unauthenticated attacker can register a publisher account, upload a VSIX...
EUVD-2026-40945
In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint serves user-supplied HTML files with Content-Type: text/html and without a Content-Security-Policy or Content-Disposition: attachment response header. An unauthenticated attacker can register a publisher account, upload a VSIX...
CVE-2026-13323
Vulnerability CVE-2026-13323 affects Open VSX Registry before 1.0.2. The /vscode/unpkg/ endpoint serves user-supplied HTML without CSP or Content-Disposition headers, enabling a publisher to upload a crafted VSIX and lure authenticated users to visit the URL. This inline rendering in the open-vsx...
PT-2026-54628
Name of the Vulnerable Software and Affected Versions Open VSX Registry versions prior to 1.0.2 Description The '/vscode/unpkg/' endpoint serves user-supplied HTML files with a text/html Content-Type and lacks a Content-Security-Policy or Content-Disposition: attachment response header. This allo...
GHSA-VJHC-CF4P-72Q4 Fission: Cross-namespace Environment reference in Package allows build-time command execution and SA token exfiltration
Summary Fission's buildermgr controller processed Package CRDs without verifying that Package.spec.environment.namespace matched Package.metadata.namespace. Details An attacker with packages.fission.io/create in their own namespace could set spec.environment.namespace to any other tenant's...
PYSEC-2026-366 Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP
The nbconvert HTTP handlers in jupyterserver render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default non-sanitizing behavior, a notebook carrying an HTML payload in a displaydata outpu...
Cross-site Scripting (XSS)
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Scripting XSS via the useragent field in the participant logging process. An attacker can execute arbitrary JavaScript in the browser of a privileged us...
CVE-2026-54304
Summary: CVE-2026-54304 affects n8n where the SecurityScorecard node could exfiltrate the API token to a user-controlled URL if an attacker-controlled report download target is configured. Affected versions: n8n prior to 1.123.55, 2.25.7, and 2.26.1. Root cause: Authenticated user with workflow p...
CVE-2026-54304
n8n is an open source workflow automation platform. Prior to 1.123.55, 2.25.7, and 2.26.1, an authenticated user with permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains could configure the SecurityScorecard node's report download...
Malicious code in date-format-helper2 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 66c1775ce65ad47476ee1a0f1c7c5373e61466ec3eb4543cc658e67d2de22960 Package is advertised as a React date-formatting utility, but its postinstall.js performs targeted credential harvesting on npm install. The script...
CVE-2026-10609
A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...
EUVD-2026-38448
A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...
CVE-2026-10609 Openshift/cluster-logging-operator: cluster logging operator creates and forwards serviceaccount tokens without verifying clf creator authorization
A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...
CVE-2026-12726
A flaw was found in the AWX GitHub webhook integration. When processing GitHub pullrequest webhooks, the controller stores the pullrequest.statusesurl value from the webhook payload without validating that it points to a trusted GitHub API endpoint. If a job template is configured with a GitHub...
CVE-2026-12726
A flaw was found in the AWX GitHub webhook integration. When processing GitHub pullrequest webhooks, the controller stores the pullrequest.statusesurl value from the webhook payload without validating that it points to a trusted GitHub API endpoint. If a job template is configured with a GitHub...
PT-2026-51010
Name of the Vulnerable Software and Affected Versions AWX affected versions not specified Description A flaw exists in the GitHub webhook integration where the controller stores the pull request.statuses url value from a pull request webhook payload without validating if it points to a trusted...
GHSA-FCW5-X6J4-CCMP Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP
The nbconvert HTTP handlers in jupyterserver render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default non-sanitizing behavior, a notebook carrying an HTML payload in a displaydata outpu...
Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP
The nbconvert HTTP handlers in jupyterserver render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default non-sanitizing behavior, a notebook carrying an HTML payload in a displaydata outpu...