CVE-2026-46618 Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, before the round-1 security sweep, pkg/builder/builder.go passed Environment.spec.builder.command directly into exec.Command...

GHSA-263Q-5CV3-XQ9G Gitea allows attackers to add attachments with forbidden file extensions

Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API...

CVE-2025-68939

Issue : Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via the attachment API. Affected component : attachment handling API in Gitea. Root cause : insufficient validation in attachment editing APIs that permits disallowed exten...

Gitea 安全漏洞

Gitea is a lightweight Go-based git service developed by the Gitea community. A security vulnerability exists in Gitea versions prior to 1.23.0, which stems from allowing forbidden file extensions to be added via the Attachment API Edit Attachment Name...

CVE-2024-13272

Insufficient Granularity of Access Control vulnerability in Drupal Paragraphs table allows Content Spoofing.This issue affects Paragraphs table: from 0.0.0 before 1.23.0, from 2.0.0 before 2.0.2...

Prismjs Security Vulnerability

Prism is an application from the US-based individual developers of Prism. It is a lightweight, extensible syntax highlighting tool. A security vulnerability exists in Prismjs. The vulnerability stems from the application's susceptibility to a denial of service ReDoS attack triggered by a regular...