OPENSUSE-SU-2026:10539-1 oci-cli-3.76.2-1.1 on GA media

These are all security issues fixed in the oci-cli-3.76.2-1.1 package on the GA media of openSUSE Tumbleweed...

GHSA-HR2V-4R36-88HR vulnerabilities

Vulnerabilities for packages: trivy-fips, nova, trivy, kube-arangodb-fips, eksctl, linkerd2, jfrog-cli, cert-manager-cmctl, kube-arangodb, chart-testing, helm-push, zot, zarf-fips, cerbos, cerbos-fips, flux-source-controller-fips, tw, helm-exporter-fips, kubescape-server,...

CVE-2026-32282 vulnerabilities

Vulnerabilities for packages: snyk-cli, knative-serving, knative-eventing, datadog-agent, gitlab-pages, spire-server, fscrypt, aws-flb-kinesis, knative-operator, ingress-nginx-controller, kots, k3s, zot, chezmoi, fuse-overlayfs-snapshotter, cilium, gitaly, gatekeeper, kubernetes-dashboard, kyvern...

GHSA-7MR4-XJXG-34G6 vulnerabilities

Vulnerabilities for packages: filebrowser, otel-cli, gcp-compute-persistent-disk-csi-driver, kyverno-policy-reporter-ui, chartmuseum, vexctl, cloudnative-pg, aws-flb-kinesis, bank-vaults, kots, etcd, falcoctl, helm, terraform-provider-time, promxy, flux-notification-controller, argo-rollouts,...

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: nri-f5, aws-flb-kinesis, bank-vaults, kots, helm, terraform-provider-time, kubernetes-dashboard-metrics-scraper, cluster-api-provider-vsphere, kuberlr, hcloud, aws-flb-cloudwatch, timestamp-authority, gh, golangci-lint, timescaledb-parallel-copy,...

CVE-2026-32288 vulnerabilities

Vulnerabilities for packages: trivy, datadog-agent, influxd, caddy, commercial-chainloop-backend, ingress-nginx-controller, elastic-agent, rabbitmq-messaging-topology-operator, kube-state-metrics, rclone-fips, snyk-cli, gatekeeper-fips, ko-fips, gitaly, juicefs, rke2-runtime, sonobuoy, kyverno,...

GHSA-X4JJ-H2V8-HQQV vulnerabilities

Vulnerabilities for packages: trivy, datadog-agent, influxd, caddy, commercial-chainloop-backend, ingress-nginx-controller, elastic-agent, rabbitmq-messaging-topology-operator, kube-state-metrics, rclone-fips, snyk-cli, gatekeeper-fips, ko-fips, gitaly, juicefs, rke2-runtime, sonobuoy, kyverno,...

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: trivy, knative-net-istio-fips, kapp, datadog-agent, influxd, caddy, commercial-chainloop-backend, crossplane-provider-azure-managedidentity, prometheus-pushgateway-fips, http-echo, gatus-fips, kube-bench, custom-pod-autoscaler-fips, ingress-nginx-controller,...

GHSA-JRG3-GFJW-HM96 vulnerabilities

Vulnerabilities for packages: trivy, knative-net-istio-fips, kapp, datadog-agent, influxd, caddy, commercial-chainloop-backend, crossplane-provider-azure-managedidentity, prometheus-pushgateway-fips, http-echo, gatus-fips, kube-bench, custom-pod-autoscaler-fips, ingress-nginx-controller,...

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: trivy, knative-net-istio-fips, kapp, datadog-agent, influxd, caddy, commercial-chainloop-backend, crossplane-provider-azure-managedidentity, prometheus-pushgateway-fips, http-echo, gatus-fips, kube-bench, custom-pod-autoscaler-fips, ingress-nginx-controller,...

CVE-2026-5059 aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability

aws-mcp-server AWS CLI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of aws-mcp-server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handlin...

tekton-cli-0.44.1-1.1 on GA media (moderate)

tekton-cli-0.44.1-1.1 on GA media Announcement ID: openSUSE-SU-2026:10529-1 Rating: moderate Cross-References: CVE-2026-33211 CVE-2026-34986 Affected Products: openSUSE Tumbleweed An update that solves 2 vulnerabilities can now be installed. Description: These are all security issues fixed in the...

@godmode-team/godmode (=1.6.1), companies.sh (>=2026.324.0-canary.0 <=2026.325.0-canary.3) +1 more potentially affected by CVE-2026-41679 via paperclipai (>=0.3.1 <=2026.324.0-canary.7)

paperclipai NPM version =0.3.1, =2026.324.0-canary.0, =2026.325.0-canary.3 - stacy-cli =0.3.1 Source cves: CVE-2026-41679 Source advisory: OSV:GHSA-68QG-G8MG-6PR7...

GHSA-68QG-G8MG-6PR7 paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass

Summary An unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in authenticated mode with default configuration. No user interaction, no credentials, just the target's address. The entire chain is six API calls. I verified every ste...

@saltcorn/admin-models (>=1.6.0-alpha.0 <=1.6.0-beta.12), @saltcorn/base-plugin (>=1.6.0-alpha.0 <=1.6.0-beta.12) +5 more potentially affected by unknown CVE via @saltcorn/data (>=1.6.0-alpha.0 <=1.6.0-beta.3)

@saltcorn/data NPM version =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-beta.12 Source cves: unknown CVE Source advisory: OSV:GHSA-59XV-588H-2VMM...

@saltcorn/cli (>=1.5.0 <=1.5.0-rc.2), @saltcorn/mobile-builder (>=1.5.0 <=1.5.0-rc.2) potentially affected by unknown CVE via @saltcorn/server (>=1.5.0-beta.0 <=1.5.0)

@saltcorn/server NPM version =1.5.0-beta.0, =1.5.0, =1.5.0, =1.5.0-rc.2 Source cves: unknown CVE Source advisory: SNYK:JS-SALTCORNSERVER-15991556...

@saltcorn/cli (>=1.6.0-alpha.0 <=1.6.0-alpha.17), @saltcorn/mobile-builder (>=1.6.0-alpha.0 <=1.6.0-alpha.17) potentially affected by unknown CVE via @saltcorn/server (>=1.6.0-alpha.0 <=1.6.0-alpha.9)

@saltcorn/server NPM version =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.17 Source cves: unknown CVE Source advisory: SNYK:JS-SALTCORNSERVER-15991556...

@christianhugo/mobile-builder (>=0.7.3-beta.3 <=0.7.4-beta.9), @christianhugoch/cli (>=0.7.2-beta.12 <=0.7.2-beta.13) +4 more potentially affected by CVE-2026-40163 via @saltcorn/server (>=0.0.2 <=1.4.4)

@saltcorn/server NPM version =0.0.2, =0.7.3-beta.3, =0.7.2-beta.12, =0.0.2, =0.7.2, =0.0.2, =0.2.3-beta.2 Source cves: CVE-2026-40163 Source advisory: OSV:GHSA-32PV-MPQG-H292...

@saltcorn/cli (>=1.0.0 <=1.4.4), @saltcorn/mobile-builder (>=1.0.0 <=1.4.4) potentially affected by CVE-2026-40163 via @saltcorn/server (>=1.0.0-beta.1 <=1.4.4)

@saltcorn/server NPM version =1.0.0-beta.1, =1.0.0, =1.0.0, =1.4.4 Source cves: CVE-2026-40163 Source advisory: SNYK:JS-SALTCORNSERVER-15990855...

@saltcorn/cli (>=1.6.0-alpha.0 <=1.6.0-beta.12), @saltcorn/mobile-builder (>=1.6.0-alpha.0 <=1.6.0-beta.12) potentially affected by CVE-2026-40163 via @saltcorn/server (>=1.6.0-alpha.0 <=1.6.0-beta.3)

@saltcorn/server NPM version =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-beta.12 Source cves: CVE-2026-40163 Source advisory: OSV:GHSA-32PV-MPQG-H292...