3387 matches found
GHSA-H524-452V-82P9 vulnerabilities
Vulnerabilities for packages: rook, kubevela, kubeflow-pipelines, cloud-provider-azure, flux, flyte, helm-push, secrets-store-csi-driver, kubernetes-csi-external-provisioner, redpanda, container-object-storage-interface, crossplane-provider-aws-dynamodb, aactl,...
CVE-2026-42504 vulnerabilities
Vulnerabilities for packages: rook, kubevela, kubeflow-pipelines, cloud-provider-azure, flux, flyte, helm-push, secrets-store-csi-driver, kubernetes-csi-external-provisioner, redpanda, container-object-storage-interface, crossplane-provider-aws-dynamodb, aactl,...
GHSA-H3GM-Q7M7-MP28 vulnerabilities
Vulnerabilities for packages: envconsul, rook, kubevela, kubeflow-pipelines, terraform-provider-acme, kubeflow, cloud-provider-azure, flux, flyte, controller-gen, helm-push, nri-haproxy, secrets-store-csi-driver, kubernetes-csi-external-provisioner, pgpool2exporter, redpanda, act,...
CVE-2026-42507 vulnerabilities
Vulnerabilities for packages: envconsul, rook, kubevela, kubeflow-pipelines, terraform-provider-acme, kubeflow, cloud-provider-azure, flux, flyte, controller-gen, helm-push, nri-haproxy, secrets-store-csi-driver, kubernetes-csi-external-provisioner, pgpool2exporter, redpanda, act,...
GHSA-4279-Q6MJ-392R vulnerabilities
Vulnerabilities for packages: envconsul, mongo-tools, rook, kubevela, kubeflow-pipelines, terraform-provider-acme, kubeflow, cloud-provider-azure, flux, flyte, controller-gen, helm-push, nri-haproxy, secrets-store-csi-driver, kubernetes-csi-external-provisioner, pgpool2exporter, redpanda, act,...
CVE-2026-27145 vulnerabilities
Vulnerabilities for packages: envconsul, mongo-tools, rook, kubevela, kubeflow-pipelines, terraform-provider-acme, kubeflow, cloud-provider-azure, flux, flyte, controller-gen, helm-push, nri-haproxy, secrets-store-csi-driver, kubernetes-csi-external-provisioner, pgpool2exporter, redpanda, act,...
CVE-2026-42504 vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-directconnect-fips, crossplane-provider-aws-dynamodb-fips, flux, fuse-overlayfs-snapshotter, kube-bench, trino, cluster-api-helm-controller, pulumi-kubernetes-operator, knative-kafka-broker-fips, opentofu, crossplane-provider-aws-kendra,...
GHSA-H524-452V-82P9 vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-directconnect-fips, crossplane-provider-aws-dynamodb-fips, flux, fuse-overlayfs-snapshotter, kube-bench, trino, cluster-api-helm-controller, pulumi-kubernetes-operator, knative-kafka-broker-fips, opentofu, crossplane-provider-aws-kendra,...
GHSA-4279-Q6MJ-392R vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-directconnect-fips, crossplane-provider-aws-dynamodb-fips, flux, azcopy, fuse-overlayfs-snapshotter, kube-bench, chainloop-control-plane, amazon-vpc-cni-plugins-fips, trino, cluster-api-helm-controller, milvus, pulumi-kubernetes-operator,...
CVE-2026-42507 vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-directconnect-fips, crossplane-provider-aws-dynamodb-fips, flux, azcopy, fuse-overlayfs-snapshotter, kube-bench, chainloop-control-plane, amazon-vpc-cni-plugins-fips, trino, cluster-api-helm-controller, milvus, pulumi-kubernetes-operator,...
CVE-2026-27145 vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-directconnect-fips, crossplane-provider-aws-dynamodb-fips, flux, azcopy, fuse-overlayfs-snapshotter, kube-bench, chainloop-control-plane, amazon-vpc-cni-plugins-fips, trino, cluster-api-helm-controller, milvus, pulumi-kubernetes-operator,...
GHSA-H3GM-Q7M7-MP28 vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-directconnect-fips, crossplane-provider-aws-dynamodb-fips, flux, azcopy, fuse-overlayfs-snapshotter, kube-bench, chainloop-control-plane, amazon-vpc-cni-plugins-fips, trino, cluster-api-helm-controller, milvus, pulumi-kubernetes-operator,...
PT-2026-46853
Summary plugin/AuthorizeNet/processPayment.json.php credits the logged-in user's wallet based only on the attacker-controlled amount POST parameter. The endpoint contains a TODO for real Authorize.Net charging, hardcodes $paymentSuccess = true, and then calls YPTWallet::addBalance without...
CVE-2026-10273
A vulnerability was found in php-censor up to 2.1.6. This affects an unknown function of the file src/Model/Build/GitBuild.php of the component Webhook Endpoint. Performing a manipulation of the argument commitId results in os command injection. The attack can be initiated remotely. The exploit h...
CVE-2026-10617
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http/auth.go of the component Webhook Verification Handler. The manipulation leads to missing authentication. Remote exploitation of the attack is possibl...
CVE-2026-10617 nextlevelbuilder GoClaw Webhook Verification auth.go resolveAuth missing authentication
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http/auth.go of the component Webhook Verification Handler. The manipulation leads to missing authentication. Remote exploitation of the attack is possibl...
EUVD-2026-34009
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http/auth.go of the component Webhook Verification Handler. The manipulation leads to missing authentication. Remote exploitation of the attack is possibl...
CVE-2026-10617 nextlevelbuilder GoClaw Webhook Verification auth.go resolveAuth missing authentication
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http/auth.go of the component Webhook Verification Handler. The manipulation leads to missing authentication. Remote exploitation of the attack is possibl...
CVE-2026-10617
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http/auth.go of the component Webhook Verification Handler. The manipulation leads to missing authentication. Remote exploitation of the attack is possibl...
CVE-2026-10617
The CVE-2026-10617 entry describes a vulnerability in nextlevelbuilder GoClaw up to version 3.11.3, affecting the resolveAuth function in internal/http/auth.go of the Webhook Verification Handler. The issue results from a manipulation that leads to missing authentication, enabling remote exploita...