CVE-2026-40564 Apache Flink Kubernetes Operator: Server-Side Request Forgery and local file access in Kubernetes Operator

Files or Directories Accessible to External Parties, Server-Side Request Forgery SSRF vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses. This lets a user with CR create permissions read files...

GHSA-Q862-GCGQ-5M6G HAXcms createSite SSRF Enables Arbitrary File Read

Summary An authenticated Server-Side Request Forgery SSRF vulnerability in HAXcms allows users to fetch arbitrary internal or local resources and write the responses to a web-accessible directory, enabling arbitrary file read and internal network access. Details The createSite endpoint in HAXcms...

CVE-2026-26056

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a...

PT-2025-51766

Name of the Vulnerable Software and Affected Versions Ctera Portal versions 8.1.x 8.1.1417.24 Description A Server-Side Request Forgery SSRF issue exists in Ctera Portal. This allows remote attackers to make arbitrary HTTP requests by providing a crafted HTML file containing an iframe. The...

EUVD-2015-5208

Malware in sbrugna...

EUVD-2024-3174

Malicious code in bioql PyPI...

EUVD-2023-44270

Malicious code in bioql PyPI...

USN-7303-1 linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Drivers cor...

USN-7166-2 linux-aws, linux-aws-5.15 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - RISC-V architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - ACPI...

USN-7166-1 linux, linux-gcp, linux-gcp-5.15, linux-gke, linux-gkeop, linux-ibm, linux-ibm-5.15, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15, linux-raspi vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - RISC-V architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - ACPI...

CVE-2024-10491

A flaw was found in the Express Node.js framework. In certain versions, an attacker may be able to trigger an arbitrary resource injection attack via the link header when unsanitized data is used...

Express ressource injection

A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in Link header values, which can allow a combination of characters like ,, ;, and to...

CVE-2024-10491

A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in Link header values, which can allow a combination of characters like ,, ;, and to...

DEBIAN-CVE-2024-10491

A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in Link header values, which can allow a combination of characters like ,, ;, and to...

CVE-2024-10491 Preload arbitrary resources by injecting additional `Link` headers

A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in Link header values, which can allow a combination of characters like ,, ;, and to...

CVE-2024-10491

The CVE-2024-10491 entry concerns the Express framework: the response.links function mishandles sanitization of Link header values, enabling arbitrary resource injection via certain characters (e.g., , ; ). Public-connected docs (GHSA, OSV, Debian OSV entries) reiterate the same issue and describ...

CVE-2024-10491 Preload arbitrary resources by injecting additional `Link` headers

A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header when unsanitized data is used. The issue arises from improper sanitization in Link header values, which can allow a combination of characters like ,, ;, and to...

CVE-2023-3622

Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource...

Improper access control

Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource...

keycloak-services: ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader

ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available...