SUSE CVE-2026-24044

Element Server Suite Community Edition ESS Community deploys a Matrix stack using the provided Helm charts and Kubernetes distribution. The ESS Community Helm Chart secrets initialization hook using matrix-tools container before 0.5.7 is using an insecure Matrix server key generation method,...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.21.1 bug fix and security update

Red Hat OpenShift Container Platform release 4.21.1 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.21. Red Hat Product Security has rated this update as having a...

GHSA-FJ97-2V9X-W5M4 Apache Superset's chart visualization has a stored Cross-Site Scripting (XSS) vulnerability

A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...

Rucio Helm Charts 日志信息泄露漏洞

Rucio Helm Charts is a library for Rucio in the rucio open source. Rucio Helm Charts suffers from a log message disclosure vulnerability that stems from logging X-Rucio-Auth-Token, which could lead to credential disclosure...

BIT-HELM-2025-53547 Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution

Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when...

CVE-2024-40060

go-chart v2.1.1 was discovered to contain an infinite loop via the drawCanvas function...

CVE-2020-4062

In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. This allows an attacker to gain full read & write access to the Conjur Postgres database, including escalating the attacker's...

PT-2024-35450 · Unknown · Argo Workflows Chart

Name of the Vulnerable Software and Affected Versions: Argo Workflows Chart versions prior to 0.44.0 Description: The workflow-role in the Argo Workflows Chart has excessive privileges, including the ability to create pods/exec, which allows for arbitrary code execution within pods in the same...

PT-2024-33942 · Ipswitch · Whatsup Gold

Name of the Vulnerable Software and Affected Versions: WhatsUp Gold versions prior to 2023.1.3 Description: The issue is related to an uncontrolled resource consumption vulnerability. A specially crafted unauthenticated HTTP request to the "TestController Chart" functionality can lead to denial o...

Synology Office Cross-Site Scripting Vulnerability (CNVD-2019-20978)

Synology Office is a web-based office software system from Synology Inc. of Taiwan, China. The system features online document and spreadsheet creation, as well as importing local files. A cross-site scripting vulnerability exists in Chart in Synology Office versions prior to 3.1.4-2771. The...

hp124.com XSS vulnerability

Open Bug Bounty ID: OBB-657303 Description| Value ---|--- Affected Website:| hp124.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...