CVE-2026-32685

Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory. The documentation.pages entries from gleam.toml are incorporated into filesystem paths without sufficient validation or...

SUSE CVE-2026-32685

Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory. The documentation.pages entries from gleam.toml are incorporated into filesystem paths without sufficient validation or...

CLEANSTART-2026-GN78570 Security fixes for CVE-2025-11579, CVE-2026-1229, CVE-2026-21726, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-32281, CVE-2026-32282, CVE-2026-33186, CVE-2026-33762, CVE-2026-33810, CVE-2026-34040, CVE-2026-34165, CVE-2026-34986, CVE-2026-39882, CVE-2026-39883, CVE-2026-41506, ghsa-3xc5-wrhm-f963, ghsa-497x-rrr9-68jp, ghsa-6g7g-w4f8-9c9x, ghsa-78h2-9frx-2jm8, ghsa-9h8m-3fm2-qjrq, ghsa-fw7p-63qq-7hpr, ghsa-gm2x-2g9h-ccm8, ghsa-jhf3-xxhw-2wpp, ghsa-jqcq-xjh3-6g23, ghsa-p77j-4mvh-x3m3, ghsa-q9hv-hpm4-hj6x, ghsa-rwvp-r38j-9rgg, ghsa-w8rr-5gcm-pp58, ghsa-x6gf-mpr2-68h6, ghsa-xmrv-pmrh-hhx2 applied in versions: 1.12.1-r2, 1.15.0-r0, 1.15.0-r1, 1.15.0-r2, 1.16.0-r0

Multiple security vulnerabilities affect the grafana-alloy-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

SUSE CVE-2026-35406

Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed in 1.17.1...

DEBIAN-CVE-2026-35406

Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed in 1.17.1...

CVE-2026-4789

Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions...

CVE-2026-4789

Kyverno (versions 1.16.0 to present) contains a server-side request forgery (SSRF) in its CEL-based HTTP functions (Get and Post). The http.go library does not validate or scope URLs, allowing an attacker with namespace-level permissions to craft a malicious namespaced policy that issues arbitrar...

CVE-2026-4789 CVE-2026-4789

Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions...

PT-2026-29129

Name of the Vulnerable Software and Affected Versions Kyverno versions 1.16.0 and later Description Kyverno is susceptible to Server-Side Request Forgery SSRF because of unrestricted Common Expression Language CEL HTTP functions. Recommendations Update to a newer version that contains a fix for...

postman-cli (>=1.16.0-canary.1 <=1.24.2) potentially affected by unknown CVE via @postman/pm-bin-linux-x64 (>=1.16.0-canary.1 <=1.24.2)

@postman/pm-bin-linux-x64 NPM version =1.16.0-canary.1, =1.16.0-canary.1, =1.24.2 Source cves: unknown CVE Source advisory: OSV:MAL-2025-190903...

CVE-2025-54875

FreshRSS is a free, self-hostable RSS aggregator. In versions 1.16.0 and above through 1.26.3, an unprivileged attacker can create a new admin user when registration is enabled through the use of a hidden field used only in the user management admin page, newuserisadmin. This is fixed in version...

SUSE CVE-2025-32793

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.15.0 to 1.15.15, 1.16.0 to 1.16.8, and 1.17.0 to 1.17.2, are vulnerable when using Wireguard transparent encryption in a Cilium cluster, packets that originate from a terminating endpoint can lea...

WordPress plugin ACF City Selector 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Bundler 安全漏洞

Bundler is a software application. It provides a consistent environment for Ruby projects by tracking and installing the exact gem and version required. A security vulnerability exists in Bundler versions 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16, which stems from the fact that dependency...