GHSA-FPJQ-C37H-CQCV Kyverno Controller Denial of Service via forEach Mutation Panic

Summary An unchecked type assertion in the forEach mutation handler allows any user with permission to create a Policy or ClusterPolicy to crash the cluster-wide background controller into a persistent CrashLoopBackOff. The same bug also causes the admission controller to drop connections and blo...

Kyverno Controller Denial of Service via forEach Mutation Panic

Summary An unchecked type assertion in the forEach mutation handler allows any user with permission to create a Policy or ClusterPolicy to crash the cluster-wide background controller into a persistent CrashLoopBackOff. The same bug also causes the admission controller to drop connections and blo...

CVE-2026-2260

CVE-2026-2260 affects D-Link DCS-931L firmware up to 1.13.0. The flaw resides in an unspecified aspect of /goform/setSysAdmin where manipulating AdminID triggers an OS command injection. It is remotely exploitable and the exploit is public, implying remote code execution with high impact in confi...

org.apache.inlong:manager-client (>=1.1.0-incubating <=2.1.0), org.apache.inlong:manager-client-examples (>=1.1.0-incubating <=2.1.0) +3 more potentially affected by CVE-2025-27528 via org.apache.inlong:manager-common (>=1.13.0 <=2.1.0)

org.apache.inlong:manager-common MAVEN version =1.13.0, =1.1.0-incubating, =1.1.0-incubating, =1.1.0-incubating, =1.3.0, =1.13.0, =2.1.0 Source cves: CVE-2025-27528 Source advisory: SNYK:JAVA-ORGAPACHEINLONG-10255362...

CVE-2025-27522

Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability is a secondary mining bypass for CVE-2024-26579. Users are advised to upgrade to Apache InLong's 2.2.0 or cherry-pick 1 to solve it. 1...

CVE-2025-27528

Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability allows attackers to bypass the security mechanisms of InLong JDBC and leads to arbitrary file reading. Users are advised to upgrade to Apache InLong's...

CVE-2025-27526

Deserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.13.0 through 2.1.0. This vulnerability which can lead to JDBC Vulnerability URLEncdoe and backspace bypass. Users are advised to upgrade to Apache InLong's 2.2.0 or cherry-pick 1 to solve it...

SUSE CVE-2008-5249

Cross-site scripting XSS vulnerability in MediaWiki 1.13.0 through 1.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

cortex 安全漏洞

cortex is a software application. It provides horizontally scalable, high-availability, multi-tenant long-term storage. A security vulnerability exists in cortex versions 1.13.0, 1.13.1, and 1.14.0. An attacker exploits the vulnerability to remotely read local files by parsing a maliciously...

CVE-2022-3920

HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0...

PT-2022-6345 · Casdoor · Casdoor

Name of the Vulnerable Software and Affected Versions: Casdoor versions prior to 1.13.1 Description: The query API in Casdoor has a SQL injection issue related to the field and value parameters. This is demonstrated by the "api/get-organizations" endpoint. The vulnerability may allow a remote...

PT-2021-7728 · Hdf5 +3 · Hdf5 +3

Name of the Vulnerable Software and Affected Versions: HDF5 versions 1.12.0 through 1.13.0 Description: The issue is related to a buffer overflow in the h5tools str sprint function, located in /hdf5/tools/lib/h5tools str.c, which can cause a denial of service. This can be exploited by a remote...

am.ik.home:uaa-client (>=1.3.0 <=1.8.1), am.ik.home:uaa-integration-test (>=1.3.0 <=1.8.1) +229 more potentially affected by CVE-2018-1273 via org.springframework.data:spring-data-commons (>=1.13.0.RELEASE <=1.13.10.RELEASE)

org.springframework.data:spring-data-commons MAVEN version =1.13.0.RELEASE, =1.3.0, =1.3.0, =1.3.0, =0.0.1, =0.2.0, =1.0.6, =6.2.0.6, =6.2.0.5, =6.2.0.4, =6.2.0.4, =6.2.0.5, =1.2.0, =1.2.0, =1.6.6 and more Source cves: CVE-2018-1273 Source advisory: OSV:GHSA-4FQ3-MR56-CG6R...