57267 matches found
EUVD-2026-8885
OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT privileges when the rootapikey configuration is omitted. Attackers can send requests to protected endpoints without authentication headers ...
CVE-2026-22207
OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT privileges when the rootapikey configuration is omitted. Attackers can send requests to protected endpoints without authentication headers ...
CVE-2026-22207
OpenViking up to version 0.1.18 (pre-commit 0251c70) contains a broken access control flaw that lets unauthenticated attackers gain ROOT privileges when root_api_key is omitted. Attackers can reach protected endpoints without authentication headers to perform administrative actions including acco...
CVE-2026-22207
OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT privileges when the rootapikey configuration is omitted. Attackers can send requests to protected endpoints without authentication headers ...
EUVD-2026-8829
Fleet: Sensitive Google Calendar credentials disclosed to low-privileged users...
CVE-2026-1229 vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-lambda, kyverno-notation-aws, crossplane-provider-aws-rds, hydra, osv-scanner, flux-source-controller, q, crossplane-provider-family-azure, crossplane-provider-aws-firehose, grafana, kyverno, gitsign, rclone, apko, gomplate,...
GHSA-Q9HV-HPM4-HJ6X vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-lambda, kyverno-notation-aws, crossplane-provider-aws-rds, hydra, osv-scanner, flux-source-controller, q, crossplane-provider-family-azure, crossplane-provider-aws-firehose, grafana, kyverno, gitsign, rclone, apko, gomplate,...
Weblate: Missing access control for the AddonViewSet API exposes all addon configurations
Impact Users were able to obtain add-on configuration via API. Patches https://github.com/WeblateOrg/weblate/pull/18107 https://github.com/WeblateOrg/weblate/pull/18164 References Weblate thanks @lighthousekeeper1212 for responsible disclosure...
GHSA-Q9HV-HPM4-HJ6X vulnerabilities
Vulnerabilities for packages: xeol, crossplane-provider-aws-dynamodb, argo-rollouts, crossplane-provider-aws-s3, witness, cerbos, cert-manager-cmctl, cert-manager-cmctl-fips, databricks-cli-fips, packer-fips, openbao, cluster-api-fips, amazon-ssm-agent-fips, crossplane-provider-aws-rds-fips,...
CVE-2026-1229 vulnerabilities
Vulnerabilities for packages: xeol, crossplane-provider-aws-dynamodb, argo-rollouts, crossplane-provider-aws-s3, witness, cerbos, cert-manager-cmctl, cert-manager-cmctl-fips, databricks-cli-fips, packer-fips, openbao, cluster-api-fips, amazon-ssm-agent-fips, crossplane-provider-aws-rds-fips,...
Security Bulletin: Multiple vulnerabilities in IBM Cognos Command Center
Summary Multiple vulnerabilities were addressed in IBM Cognos Command Center 10.2.5 FP1 IF3 Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that allows an remote attacker to cause a hang or...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the doHead function in the Link Check API, which performs HTTP HEAD requests to URLs extracted from email content without validating target hosts or filtering private/internal IP addresses. An attack...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the doHead function in the Link Check API, which performs HTTP HEAD requests to URLs extracted from email content without validating target hosts or filtering private/internal IP addresses. An attack...
EUVD-2026-8775
Mailpit is Vulnerable to Server-Side Request Forgery SSRF via Link Check API...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the doHead function in the Link Check API, which performs HTTP HEAD requests to URLs extracted from email content without validating target hosts or filtering private/internal IP addresses. An attack...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the doHead function in the Link Check API, which performs HTTP HEAD requests to URLs extracted from email content without validating target hosts or filtering private/internal IP addresses. An attack...
GHSA-49XW-VFC4-7P43 Fleet has an SQL Injection vulnerability via backtick escape in ORDER BY parameter
Summary A SQL Injection vulnerability in Fleet’s software versions API allowed authenticated users to inject arbitrary SQL expressions via the orderkey query parameter. Due to unsafe use of goqu.I when constructing the ORDER BY clause, specially crafted input could escape identifier quoting and b...
Important: Red Hat Security Advisory: Red Hat OpenShift API for Data Protection
A new version of OpenShift API for Data Protection OADP is now available. OpenShift API for Data Protection OADP enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and...
CVE-2025-0976
Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before 11.0.4-00; Hitachi Configuration Manager: from 8.6.1-00 before 11.0.5-00...
CVE-2026-1916
The WPGSI: Spreadsheet Integration plugin for WordPress is vulnerable to unauthorized modification and loss of data due to missing capability checks and an insecure authentication mechanism on the wpgsicallBackFuncAccept and wpgsicallBackFuncUpdate REST API functions in all versions up to, and...