PT-2026-40276

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.15, 1.18.9, and 1.19.3, the output of cilium-bugtool can contain sensitive data when the tool is run against Cilium deployments with WireGuard encryption enabled. This issue has been...

Nokogiri CSS selector tokenizer has regular expression backtracking

Summary Nokogiri's CSS selector tokenizer contains regular expressions whose construction may result in exponential regex backtracking on adversarial selectors. Three ReDoS vectors are addressed in this release: 1. String-literal tokenization on certain unterminated quoted-string input. 2...

EUVD-2026-20344

Missing Authorization vulnerability in NitroPack NitroPack nitropack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NitroPack: from n/a through = 1.19.3...

CVE-2026-39669

Missing Authorization vulnerability in NitroPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NitroPack: from n/a through 1.19.3...

CVE-2026-39669

CVE-2026-39669 affects the WordPress NitroPack plugin (NitroPack nitropack) up to version 1.19.3, where a Missing Authorization vulnerability arises from an incorrectly configured access control security level. The issue is described across multiple sources (NVD/Red Hat/EUVD/CVE list) as a broken...

CVE-2026-39669 WordPress NitroPack plugin <= 1.19.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in NitroPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NitroPack: from n/a through 1.19.3...

WordPress plugin NitroPack 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

SUSE CVE-2026-25518

cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. In versions from 1.18.0 to before 1.18.5 and from 1.19.0 to before 1.19.3, the cert-manager-controller performs DNS...

CVE-2024-45803 Cross site scripting (XSS) Vulnerability on route /wireui/button?label=Content in wireui

Wire UI is a library of components and resources to empower Laravel and Livewire application development. A potential Cross-Site Scripting XSS vulnerability has been identified in the /wireui/button endpoint, specifically through the label query parameter. Malicious actors could exploit this...

PT-2024-31783 · Wire Ui · Wire Ui

Name of the Vulnerable Software and Affected Versions: Wire UI versions prior to 1.19.3 Wire UI versions prior to 2.1.3 Description: A potential Cross-Site Scripting XSS vulnerability has been identified in the "/wireui/button" endpoint, specifically through the label query parameter. Malicious...

Unbound DNS Resolver <= 1.19.3 Multiple Vulnerabilities (DNSBomb)

Unbound DNS Resolver is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nlnetlabs:unbound"; if...

SUSE: Security Advisory (SUSE-SU-2022:4054-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

npm jquery-validation 安全漏洞

npm jquery-validation is a form insertion validation application provided by npm, Inc. npm jquery-validation version 1.19.3 contains a denial of service vulnerability, which stems from the fact that an attacker who is able to provide arbitrary input to the url2 method can trigger a denial of...

GeoWebCache 代码问题漏洞

GeoWebCache is a Java Web application used to cache map slices from various sources, such as the OGC Web Map Service WMS. A code issue vulnerability exists in GeoWebCache that stems from a disk quota mechanism that can perform unchecked JNDI lookups, which in turn can be used to perform class...

Security fix for the ALT Linux 10 package krb5 version 1.19.3-alt1

1.19.3-alt1 built March 18, 2022 Ivan A. Melnikov in task 296676 --- March 15, 2022 Ivan A. Melnikov - 1.19.3 Fixes: CVE-2021-37750...

UBUNTU-CVE-2021-21252

The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS Regular Expression Denial of Service. This is fixe...

DEBIAN-CVE-2020-8564

In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects v1.19.3, v1.18.10, v1.17.13...

PT-2020-20210 · Linux Foundation +2 · Kubernetes +1

Name of the Vulnerable Software and Affected Versions: Kubernetes versions prior to 1.19.3 Kubernetes versions prior to 1.18.10 Kubernetes versions prior to 1.17.13 Description: The issue arises when a Kubernetes cluster uses a logging level of at least 4 and encounters a malformed docker config...

X.Org Server Information Disclosure Vulnerability

X.Org X Server is an X Window System display server from the X.Org Foundation. A security vulnerability exists in the uninitialized data of the endianness conversion of the Xevent handler in versions of X.Org X Server prior to 1.19.3. An attacker could exploit this vulnerability to gain...

X.Org Server Denial of Service Vulnerability

X.Org X Server is an X Window System display server from the X.Org Foundation. A security vulnerability exists in X.Org X Server versions prior to 1.19.3. An attacker could exploit this vulnerability to cause an X Session crash or execute code in the X Server context...