222 matches found
CVE-2026-15143
CVE-2026-15143 affects guardrails-detectors' file_type content detector. An attacker can supply an arbitrary XML Schema (XSD) string, processed without proper restrictions, enabling server-side requests to arbitrary URLs or local file reads and risking disclosure of sensitive information.
GHSA-XCGV-8MV7-V8C7 vulnerabilities
Vulnerabilities for packages: commercial-spilo, rekor, ocm-cli-fips, vault-fips, grype, net-kourier-fips, dataplaneapi-fips, grafana, argo-workflows-fips, vault-secrets-operator-fips, chainloop-cli-fips, zarf, rekor-fips, prometheus-operator, fleet-server, nerdctl, consul-fips, cloud-provider-aws...
PYSEC-2026-771 Apache Airflow AWS Provider Generates Error Message Containing Sensitive Information
Generation of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider. This issue affects Apache Airflow AWS Provider versions before 7.2.1...
PYSEC-2026-497 pyLoad: Server-Side Request Forgery via Download Link Submission Enables Cloud Metadata Exfiltration
Summary PyLoad's download engine accepts arbitrary URLs without validation, enabling Server-Side Request Forgery SSRF attacks. An authenticated attacker can exploit this to access internal network services and exfiltrate cloud provider metadata. On DigitalOcean droplets, this exposes sensitive...
GHSA-45GG-VH54-H5M9 vulnerabilities
Vulnerabilities for packages: zarf, argo-workflows-fips, prometheus-operator, flux-source-controller, nerdctl, cloud-provider-aws, omnictl-multiarch, zitadel, trivy-operator-fips, knative-kafka-broker, opentofu-fips, rancher-agent, gitea-fips, kubescape-server-fips, tekton-pipelines, harbor, isti...
GHSA-Q4H4-GMJ2-QVW2 vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-route53-fips, crossplane-provider-azure-servicebus, ollama-fips, crossplane-provider-aws-cloudfront-fips, argo-events-fips, consul-fips, cloud-provider-aws, crossplane-provider-azure-search, crossplane-provider-aws-cloudsearch-fips,...
GHSA-W879-237Q-WC7R vulnerabilities
Vulnerabilities for packages: kubescape, argo-cd, helm, kubernetes-dashboard, chezmoi, guac, rancher-agent, act, fscrypt, cert-manager, splunk-otel-collector, vault-benchmark, crossplane-provider-azure-sql, cilium-cli, docker-machine-driver-harvester, flux-source-controller,...
GHSA-X527-X647-Q7GG vulnerabilities
Vulnerabilities for packages: kubescape, argo-cd, k9s, helm, kubernetes-dashboard, knative-serving, prometheus, rancher, gitea, trivy-operator, nerdctl, rancher-agent, kine, fscrypt, cilium, prometheus-operator, spire-server, chisel, telegraf, cert-manager, aactl, skaffold, argocd-image-updater,...
GHSA-F5WC-C3C7-36MC vulnerabilities
Vulnerabilities for packages: kubescape, argo-cd, helm, kubernetes-dashboard, chezmoi, guac, rancher-agent, act, fscrypt, cert-manager, cilium-cli, docker-machine-driver-harvester, flux-source-controller, pulumi-kubernetes-operator, kots, k3s, kubernetes, flux-image-automation-controller, loki,...
GHSA-JPPX-RXG9-JMRX vulnerabilities
Vulnerabilities for packages: argo-cd, helm, kubernetes-dashboard, knative-serving, prometheus, rancher, nerdctl, rancher-agent, kine, fscrypt, cilium, prometheus-operator, spire-server, telegraf, cert-manager, aactl, external-dns, flux, minio, teleport, snyk-cli, cilium-cli,...
CVE-2026-41178 vulnerabilities
Vulnerabilities for packages: rekor, cephcsi-fips, crossplane-provider-azure-servicebus, gcp-compute-persistent-disk-csi-driver, tempo-fips, opensearch-datasource, tetragon, kapp-controller, kubernetes-csi-driver-nfs, crossplane-provider-aws-cloudfront-fips, k8ssandra-client, stunnerd,...
GHSA-5WRP-CWCJ-Q835 vulnerabilities
Vulnerabilities for packages: rekor, cephcsi-fips, crossplane-provider-azure-servicebus, gcp-compute-persistent-disk-csi-driver, tempo-fips, opensearch-datasource, tetragon, kapp-controller, kubernetes-csi-driver-nfs, crossplane-provider-aws-cloudfront-fips, k8ssandra-client, stunnerd,...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, faspex on Demand, Server on Demand, Application Platform on
Question Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand. CVE-2016-2107, CVE-2016-2106, CVE-2016-2176 "Business Unit":"code":"BU059","label":"IBM Software w/o...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code containing a malicious binding.gyp file that drops and runs a self-propagating cloud secret stealer. The malicious code attempts to exfiltrate AWS, GCP, Azure, Vault, and Kubernetes credentials, as well as npm an...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that hides inside binary executable files triggered by a postinstall script. IronWorm is a sophisticated, Rust-based infostealer that functions as a self-replicating supply-chain attack. Its primary characteristi...
CVE-2026-42502 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6
CVE-2026-42502 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6. A patched version of the package is available...
CVE-2026-42506 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6
CVE-2026-42506 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6. A patched version of the package is available...
CVE-2026-25680 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6
CVE-2026-25680 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6. A patched version of the package is available...