Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.18.6 security update

Important: Red Hat OpenShift GitOps v1.18.6 security update An update is now available for Red Hat OpenShift GitOps...

BIT-HUBBLE-RELAY-2026-26963 Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6...

BIT-CILIUM-2026-26963 Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6...

CVE-2026-26963

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6...

CVE-2026-26963

CVE-2026-26963 affects Cilium: vulnerable in versions 1.18.0–1.18.5 where traffic from Pods on other nodes can bypass isolation when Native Routing, WireGuard and Node Encryption are enabled. Root cause is the eBPF datapath handling allowing cross-node traffic leakage under those configurations. ...

Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled

Impact Host Policies will incorrectly permit traffic from Pods on other nodes when all of the following configurations are enabled: Native Routing WireGuard Node Encryption beta These options are disabled by default in Cilium. Patches This issue was fixed by 42892. This issue affects: Cilium v1.1...

PT-2026-20966

Name of the Vulnerable Software and Affected Versions Cilium versions 1.18.0 through 1.18.5 Description Cilium, a networking, observability, and security solution utilizing an eBPF-based dataplane, is affected by an issue where traffic from Pods on other nodes may be incorrectly permitted. This...

EUVD-2020-0357

Malware in sbrugna...

CVE-2025-59570

CVE-2025-59570 describes an SQL injection in Mail Mint (WordPress Mail Mint plugin) due to improper neutralization of special elements in SQL commands. Affected: Mail Mint versions up to 1.18.6. CVSSv3.1 base score 7.6 (HIGH); attack vector: NETWORK; privileges required: HIGH; user interaction: N...

CVE-2025-59570 WordPress Mail Mint Plugin <= 1.18.6 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPFunnels Mail Mint allows SQL Injection. This issue affects Mail Mint: from n/a through 1.18.6...

CVE-2025-59570 WordPress Mail Mint Plugin <= 1.18.6 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPFunnels Mail Mint mail-mint allows SQL Injection.This issue affects Mail Mint: from n/a through = 1.18.6...

Copyparty 1.18.6 Cross Site Scripting

Copyparty versions 1.18.6 and below suffer from a cross site scripting vulnerability...

CVE-2025-54589

Copyparty ≤1.18.6 is vulnerable to reflected XSS via the filter parameter on the /?ru endpoint. The input is echoed into a script block without proper escaping, enabling arbitrary JavaScript execution in victim browsers for both authenticated and unauthenticated users. The issue is fixed in versi...

CVE-2025-54589 copyparty Reflected XSS via Filter Parameter

Copyparty is a portable file server. In versions 1.18.6 and below, when accessing the recent uploads page at /?ru, users can filter the results using an input field at the top. This field appends a filter parameter to the URL, which reflects its value directly into a block without proper escaping...

Copyparty 安全漏洞

Copyparty is a portable file server for ed individual developers. A security vulnerability exists in Copyparty 1.18.6 and earlier versions, which stems from vulnerability to a reflective cross-site scripting attack that could lead to the execution of arbitrary JavaScript code...

CVE-2020-5301

SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in SimpleSAML\Module that processes requests for pages hosted by modules, has code to identify paths ending with .php and process those as PHP code. If no other suitable way of handling the...

CVE-2023-43187

A remote code execution RCE vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests...

CVE-2021-26505

Prototype pollution vulnerability in MrSwitch hello.js version 1.18.6, allows remote attackers to execute arbitrary code via hello.utils.extend function...

CVE-2021-26505

Prototype pollution vulnerability in MrSwitch hello.js version 1.18.6, allows remote attackers to execute arbitrary code via hello.utils.extend function...

Amazon Linux AMI : golang (ALAS-2023-1760)

The version of golang installed on the remote host is prior to 1.18.6-1.44. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1760 advisory. html/template: improper sanitization of CSS values Angle brackets were not considered dangerous characters when inserted...