10 matches found
CVE-2026-54099
A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A...
CVE-2026-54099
The CVE-2026-54099 entry describes a vulnerability in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift. The WICD CSR auto-approver only checks that a CSR’s organization includes system:wicd-nodes and does not reject extra organization values such as system:masters. A compromised W...
CVE-2026-54099 Windows-machine-config-operator: windows-machine-config-operator: wicd csr extra-organization allows privilege escalation to system:masters
A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A...
CVE-2026-54099
A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A...
CVE-2026-4664 Customer Reviews for WooCommerce <= 5.103.0 - Unauthenticated Authentication Bypass to Arbitrary Review Submission via 'key' Parameter
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.103.0. This is due to the createreviewpermissionscheck function comparing the user-supplied key parameter against the order's ivolesecretkey meta value using...
PT-2026-31850
Name of the Vulnerable Software and Affected Versions Customer Reviews for WooCommerce plugin for WordPress versions up to and including 5.103.0 Description The Customer Reviews for WooCommerce plugin for WordPress is susceptible to authentication bypass. This occurs because the create review...
EUVD-2025-27127
Malicious code in bioql PyPI...
EUVD-2025-25612
Malicious code in bioql PyPI...
CVE-2025-57771
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions prior to 3.25.5, Roo-Code fails to properly handle process substitution and single ampersand characters in the command parsing logic for auto-execute commands. If a user has enabled auto-approved execution...
CVE-2025-57771 Roo-Code potential remote code execution via auto-execute command parsing flaw
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions prior to 3.25.5, Roo-Code fails to properly handle process substitution and single ampersand characters in the command parsing logic for auto-execute commands. If a user has enabled auto-approved execution...