charms-sdk (>=0.3.0 <=0.6.3), kzg-rs (>=0.2.3-sp1-4.0.0 <=0.2.5) +81 more potentially affected by unknown CVE via p3-symmetric (>=0.1.0 <=0.5.2)

p3-symmetric CARGO version =0.1.0, =0.3.0, =0.2.3-sp1-4.0.0, =0.20.0, =5.2.2, =5.2.5, =5.2.2, =0.1.0, =0.4.0, =0.1.0, =0.4.0, =0.1.0, =0.1.0, =0.1.0, =0.4.2 and more Source cves: unknown CVE Source advisory: OSV:GHSA-3G92-F9CH-QJCM...

PT-2026-30120

Juju is an open source application orchestration engine that enables any application operation on any infrastructure at any scale through special operators called ‘charms’. From versions 2.9 to before 2.9.56 and 3.6 to before 3.6.19, it is possible that a compromised workload machine under a Juju...

EUVD-2025-20670

Malicious code in bioql PyPI...

EUVD-2024-2360

Malicious code in bioql PyPI...

CVE-2025-53513

The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through th...

Juju 路径遍历漏洞

Juju is an open source application orchestration engine from Canonical Juju Open Source. A security vulnerability exists in Juju that stems from insufficient authorization checking on the /charms endpoint, which could lead to an arbitrary user uploading a specially crafted charm to gain access to...

CVE-2024-41129

The ops library is a Python framework for developing and testing Kubernetes and machine charms. The issue here is that ops passes the secret content as one of the args via CLI. This issue may affect any of the charms that are using: Juju =3.0, Juju secrets and not correctly capturing and processi...

CVE-2024-41129

The CVE-2024-41129 issue affects the ops library (Python framework used with Juju charms) where secret content can be passed as a CLI argument, potentially exposing secrets via subprocess.CalledProcessError logging. Connected Red Hat, Veracode, OSV, and CVE records confirm the root cause and indi...

CVE-2024-41129 The ops library leaks secrets if `subprocess.CalledProcessError` happens with a `secret-*` CLI command

The ops library is a Python framework for developing and testing Kubernetes and machine charms. The issue here is that ops passes the secret content as one of the args via CLI. This issue may affect any of the charms that are using: Juju =3.0, Juju secrets and not correctly capturing and processi...

Pebble service manager's file pull API allows access by any user

Impact Note: "Pebble" here refers to Canonical's service manager, not the Let's Encrypt ACME test server. The API behind pebble pull, used to read files from the workload container by Juju charms, allows access from any user, instead of just admin. In Juju Kubernetes sidecar charms, Pebble and th...

GHSA-4685-2X5R-65PJ Pebble service manager's file pull API allows access by any user

Impact Note: "Pebble" here refers to Canonical's service manager, not the Let's Encrypt ACME test server. The API behind pebble pull, used to read files from the workload container by Juju charms, allows access from any user, instead of just admin. In Juju Kubernetes sidecar charms, Pebble and th...

Citrix Receiver Desktop Viewer Toolbar ‘charms’ and ‘app commands’ don't work

This article is intended for Citrix administrators and technical teams only.Non-admin users must contact their company’s Help Desk/IT support team and can refer toCTX297149for more information In the Citrix Receiver Desktop Viewer Toolbar, we can see the ‘charms’ and ‘app commands’ shortcuts, but...

search.southern-charms.com XSS vulnerability

Vulnerable URL: http://search.southern-charms.com/cgi-bin/search/1227c.pl Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check...