GHSA-C73Q-8XXR-RGQM Tilt: Missing authentication on the network-exposed Tilt HUD server

Summary The Tilt HUD HTTP server exposes state-changing and sensitive-read endpoints with no authentication. When the HUD is bound to a non-loopback address, a network attacker can trigger the developer's pre-defined Tiltfile resources, tamper with Tiltfile arguments, read full engine state...

PT-2026-50980

Name of the Vulnerable Software and Affected Versions Tilt versions 0.20.8 through 0.37.3 Description The HUD HTTP server lacks authentication for state-changing and sensitive-read endpoints. When the HUD is bound to a non-loopback address, a network attacker can trigger pre-defined Tiltfile...

PT-2026-50978

Name of the Vulnerable Software and Affected Versions Tilt versions 0.19.5 through 0.37.3 Description The Tilt HUD server mounts Go's net/http/pprof handlers under the '/debug' endpoint without access control. When the HUD is network-exposed, an unauthenticated caller can read process memory via...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.15.65 security and extras update

Red Hat OpenShift Container Platform release 4.15.65 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.15. Red Hat Product Security has rated this update as having a security impact of...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.42 security and extras update

Red Hat OpenShift Container Platform release 4.18.42 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a security impact of...

CVE-2026-42198 vulnerabilities

Vulnerabilities for packages: hono, flyway-fips, kayenta-fips, camunda, druid, camunda-zeebe, keycloak, geoserver, flyway, ghidra, guacamole-client, apicurio-registry, sonarqube, kayenta, seata, apache-hop, thingsboard, nuxeo, dependency-track-apiserver, nacos-docker, nacos, debezium,...

RHCOS 4 : OpenShift Container Platform 4.2.29 openshift (RHSA-2020:1527)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1527 advisory. - kubernetes: Use of unbounded 'client' label in apiserverrequesttotal allows for memory exhaustion CVE-2020-8552 Note that Nessus has not...

CVE-2026-7784

A vulnerability has been found in RTGS2017 NagaAgent up to 5.1.0. This issue affects some unknown processing of the file apiserver/routes/extensions.py of the component Skills Endpoint. Such manipulation of the argument Name leads to path traversal. It is possible to launch the attack remotely. T...

PT-2026-36933

Name of the Vulnerable Software and Affected Versions RTGS2017 NagaAgent versions prior to 5.1.1 Description Improper processing of the file 'apiserver/routes/extensions.py' within the Skills Endpoint component allows for a remote path traversal attack. This occurs through the manipulation of the...

GHSA-V468-QCJX-R72W vulnerabilities

Vulnerabilities for packages: pinot, apache-nifi, dependency-track-apiserver, trino, dependency-track, opensearch, opensearch-fips, pinot-fips...

CVE-2026-40542 vulnerabilities

Vulnerabilities for packages: pinot, apache-nifi, dependency-track-apiserver, trino, dependency-track, opensearch, opensearch-fips, pinot-fips...

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: trivy-operator-fips, pgpool2exporter, verticadb-operator-fips, task, crossplane-provider-aws-dynamodb-fips, crossplane-provider-aws-wafv2-fips, goose, kubernetes-csi-driver-nfs-fips, dex-k8s-authenticator, cadence, databricks-cli-fips, fscrypt, libnvidia-container,...

SUSE CVE-2025-14443

A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential denial-of-service DoS through Server-Side Request Forgery SSRF due to missing IP address and network-range validation when processi...

GO-2026-4578 openshift-apiserver: SSRF via Missing IP/Network-Range Validation in User-Supplied Image References in github.com/openshift/openshift-apiserver

openshift-apiserver: SSRF via Missing IP/Network-Range Validation in User-Supplied Image References in github.com/openshift/openshift-apiserver...

CVE-2025-11143 vulnerabilities

Vulnerabilities for packages: spark-kubernetes-operator, akhq, kafka-fips, pinot-fips, spark-kubernetes-operator-fips, wso2is, neo4j, zookeeper, strimzi-kafka-operator, spark-fips, confluent-kafka, confluent-kafka-jre-bcfips, strimzi-kafka-operator-fips, apache-hop, cloudwatch-exporter,...

GHSA-WJPW-4J6X-6RWH vulnerabilities

Vulnerabilities for packages: spark-kubernetes-operator, akhq, kafka-fips, pinot-fips, spark-kubernetes-operator-fips, wso2is, neo4j, zookeeper, strimzi-kafka-operator, spark-fips, confluent-kafka, confluent-kafka-jre-bcfips, strimzi-kafka-operator-fips, apache-hop, cloudwatch-exporter,...

Security Bulletin: IBM FoundationDB Operator Vulnerable to kube-apiserver vulnerability (CVE-2022-3172)

Summary IBM FoundationDB Operator addressed kube-apiserver vulnerability. Vulnerability Details CVEID:CVE-2022-3172 DESCRIPTION: A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing...

Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, cont

This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: Update to version 1.64.0 Release notes...

SUSE-SU-2026:0571-1 Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer

This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: Update to version 1.64.0 - Release notes...

openshift-apiserver: SSRF via Missing IP/Network-Range Validation in User-Supplied Image References

A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential Denial of Service DoS through Server-Side Request Forgery SSRF due to missing IP address and network-range validation when processi...