CLEANSTART-2026-UW03847 Security fixes for CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-68119, CVE-2026-24051, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33186, CVE-2026-33810, CVE-2026-35469, CVE-2026-39883, ghsa-9h8m-3fm2-qjrq, ghsa-p77j-4mvh-x3m3, ghsa-pc3f-x583-g7j2 applied in versions: 1.34.2-r0, 1.35.0-r0, 1.35.3-r0, 1.35.3-r1, 1.35.3-r2

Multiple security vulnerabilities affect the kubernetes package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-CZ42417 Security fixes for CVE-2026-25679, CVE-2026-27139, CVE-2026-27142 applied in versions: 1.35.0-r0

Multiple security vulnerabilities affect the kubernetes-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-RD43272 Security fixes for CVE-2026-25679, CVE-2026-27139, CVE-2026-27142 applied in versions: 1.35.0-r0

Multiple security vulnerabilities affect the kubernetes-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-RZ88142 Security fixes for CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501 applied in versions: 1.35.0-r0, 1.35.4-r0

Multiple security vulnerabilities affect the kubernetes-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the cani callback, which issues SubjectAccessReview requests without enforcing context-aware allow-lists. An attacker can obtain information about RBAC permissions of any user or service account across the...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the cani callback, which issues SubjectAccessReview requests without enforcing context-aware allow-lists. An attacker can obtain information about RBAC permissions of any user or service account across the...

OpenSource-WorkShop Connect-CMS 跨站脚本漏洞

OpenSource-WorkShop Connect-CMS is a content management system developed by the OpenSource-WorkShop company, designed for easy website creation. Versions 1.35.0 to 1.41.0 and 2.35.0 to 2.41.0 of OpenSource-WorkShop Connect-CMS contain cross-site scripting vulnerabilities. These vulnerabilities st...

CVE-2026-27801 Vaultwarden: 2FA Bypass on Protected Actions due to Faulty Rate Limit Enforcement

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Vaultwarden versions 1.34.3 and prior are susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a user’s account can exploit this bypass ...

CVE-2026-27801 Vaultwarden: 2FA Bypass on Protected Actions due to Faulty Rate Limit Enforcement

Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Vaultwarden versions 1.34.3 and prior are susceptible to a 2FA bypass when performing protected actions. An attacker who gains authenticated access to a user’s account can exploit this bypass ...

AZL-77606 CVE-2026-26158 affecting package busybox for versions less than 1.35.0-17

A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to...

CVE-2022-4904 affecting package grpc 1.35.0-9

CVE-2022-4904 affecting package grpc 1.35.0-9. No patch is available currently...

CVE-2024-48909

SpiceDB is an open source database for scalably storing and querying fine-grained authorization data. Starting in version 1.35.0 and prior to version 1.37.1, clients that have enabled LookupResources2 and have caveats in the evaluation path for their requests can return a permissionship of...

CVE-2024-48909 SpiceDB calls to LookupResources using LookupResources2 with caveats may return context is missing when it is not

SpiceDB is an open source database for scalably storing and querying fine-grained authorization data. Starting in version 1.35.0 and prior to version 1.37.1, clients that have enabled LookupResources2 and have caveats in the evaluation path for their requests can return a permissionship of...

PT-2024-33261 · Spicedb +1 · Spicedb +1

Name of the Vulnerable Software and Affected Versions: SpiceDB versions 1.35.0 through 1.37.0 Description: SpiceDB is an open source database for scalably storing and querying fine-grained authorization data. Clients that have enabled LookupResources2 and have caveats in the evaluation path for...

CVE-2023-42363 affecting package busybox for versions less than 1.35.0-11

CVE-2023-42363 affecting package busybox for versions less than 1.35.0-11. A patched version of the package is available...

WordPress plugin YITH WooCommerce Tab Manager cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2024-26646 · Yith · Yith Woocommerce Tab Manager

Name of the Vulnerable Software and Affected Versions: YITH WooCommerce Tab Manager versions 1.35.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...

WordPress YITH WooCommerce Tab Manager plugin <= 1.35.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Savphill Patchstack Alliance in WordPress Plugin YITH WooCommerce Tab Manager versions = 1.35.0...

CVE-2024-3371 Insufficient validation of external input in Compass may enable MITM attacks

MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.42.0...

Insufficient validation of external input in Compass may enable MITM attacks

MongoDB Compass may accept and use insufficiently validated input from an untrusted external source. This may cause unintended application behavior, including data disclosure and enabling attackers to impersonate users. This issue affects MongoDB Compass versions 1.35.0 to 1.40.5...