521076 matches found
CVE-2026-50639
Metric injection vulnerability in Metrics::Any::Adapter::SignalFx for Perl: versions before 0.04 do not protect against metric injections. The issue spans the StatsD protocol and its extensions (dogstatsd); per-packet metrics can include multiple metrics separated by newlines. The _labels functio...
CVE-2026-50638 Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections
Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol and extensions such as dogstatsd allow mutiple metrics, separated by newlines, to be sent per packet. Metrics::Any::Adapter::DogStatsd which extends...
CVE-2026-50638
Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol and extensions such as dogstatsd allow mutiple metrics, separated by newlines, to be sent per packet. Metrics::Any::Adapter::DogStatsd which extends...
CVE-2026-50638 Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections
Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol and extensions such as dogstatsd allow mutiple metrics, separated by newlines, to be sent per packet. Metrics::Any::Adapter::DogStatsd which extends...
EUVD-2026-36105
Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol and extensions such as dogstatsd allow mutiple metrics,separated by newlines, to be sent per packet. Metrics::Any::Adapter::DogStatsd which extends...
CVE-2026-50638
CVE-2026-50638 affects Metrics::Any::Adapter::DogStatsd (Perl) versions before 0.04. The issue arises because the DogStatsd adapter does not validate newline or statsd control characters in tags, enabling potential metric injections when multiple metrics are sent per UDP/TCP packet. The vulnerabi...
CVE-2026-50566
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a tenant with environments.fission.io create/update RBAC can run privileged / allowPrivilegeEscalation / dangerous-capability...
CVE-2026-50568
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, SanitizeFilePath in pkg/utils/utils.go validated that a path stayed under a safe directory by calling strings.HasPrefixpath,...
CVE-2026-50570
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Fission added PodSpec safety validation for tenant-facing Environment and Function CRDs ValidatePodSpecSafety /...
CVE-2026-49823
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a Fission Function spec carries three reference types — Secret, ConfigMap, and Package. The first two were namespace-validated by...
CVE-2026-49824
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Fission Function admission webhook pkg/webhook/function.go validated that spec.secrets.namespace and spec.configmaps.namespace...
CVE-2026-46614
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, the Fission router registers an internal-style route — /fission-function/ and /fission-function// — for every Function object,...
CVE-2026-46617
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, Fission runtime pods were created with ServiceAccountName: fission-fetcher, and the fission-fetcher ServiceAccount was granted...
CVE-2026-45062
FrankenPHP is a modern application server for PHP. From version 1.11.2 to before version 1.12.3, the splitPos function in cgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct flaws in that fallback let an attacker mislead...
kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets
A flaw was found in the Linux kernel's netfilter component. This vulnerability occurs because the eui64mt6 function, which processes IPv6 packets, does not properly validate the MAC header for all packets. Specifically, packets with a zero fragment offset could bypass an existing guard, allowing...
kernel: usbip: validate number_of_packets in usbip_pack_ret_submit()
A flaw was found in the Linux kernel's USB/IP subsystem. A malicious USB/IP server could exploit a vulnerability in the usbippackretsubmit function by sending a specially crafted RETSUBMIT response. This response, containing an oversized numberofpackets value, could cause a heap out-of-bounds...
CVE-2026-45062
CVE-2026-45062 affects FrankenPHP (versions 1.11.2–1.12.2). The vulnerability arises in the CGI path splitting logic (splitPos in cgi.go), where fallback matching uses golang.org/x/text/search with ignore-case, and engages when the request path contains non-ASCII bytes. Two flaws enable an attack...
EUVD-2026-36075
FrankenPHP is a modern application server for PHP. From version 1.11.2 to before version 1.12.3, the splitPos function in cgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct flaws in that fallback let an attacker mislead...
CVE-2026-45062 FrankenPHP: Unsafe Unicode Handling in CGI Path Splitting Allows Execution of Non-PHP Files
FrankenPHP is a modern application server for PHP. From version 1.11.2 to before version 1.12.3, the splitPos function in cgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct flaws in that fallback let an attacker mislead...
CVE-2026-45062 FrankenPHP: Unsafe Unicode Handling in CGI Path Splitting Allows Execution of Non-PHP Files
FrankenPHP is a modern application server for PHP. From version 1.11.2 to before version 1.12.3, the splitPos function in cgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct flaws in that fallback let an attacker mislead...