CVE-2026-42502 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6

CVE-2026-42502 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6. A patched version of the package is available...

CVE-2026-25680 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6

CVE-2026-25680 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6. A patched version of the package is available...

CVE-2026-42506 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6

CVE-2026-42506 affecting package kube-vip-cloud-provider for versions less than 0.0.10-6. A patched version of the package is available...

CVE-2026-27136 affecting package cloud-provider-kubevirt for versions less than 0.5.1-4

CVE-2026-27136 affecting package cloud-provider-kubevirt for versions less than 0.5.1-4. A patched version of the package is available...

CVE-2026-42506 affecting package cloud-provider-kubevirt for versions less than 0.5.1-4

CVE-2026-42506 affecting package cloud-provider-kubevirt for versions less than 0.5.1-4. A patched version of the package is available...

CVE-2026-39821 affecting package cloud-provider-kubevirt for versions less than 0.5.1-4

CVE-2026-39821 affecting package cloud-provider-kubevirt for versions less than 0.5.1-4. A patched version of the package is available...

PT-2026-45067

Summary CC-Tweaked's HTTP API http.request, http.websocket blocks requests to private network ranges to prevent server-side request forgery SSRF. This protection can be bypassed on IPv6-capable servers using NAT64 well-known prefix addresses 64:ff9b::/96. An attacker who can execute Lua code can...

[SECURITY] Fedora 43 Update: rust-afterburn-5.10.0-7.fc43

A simple cloud provider agent...

[SECURITY] Fedora 44 Update: rust-afterburn-5.10.0-7.fc44

A simple cloud provider agent...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

Malicious Package

Overview knot-rspec-formatter-json is a malicious package. This package is part of a malicious cluster of Ruby gems published by the threat actor knot-theory. Designed to impersonate legitimate utilities, it executes a payload upon installation that harvests environment variables, SSH keys, AWS...

GHSA-7MR4-XJXG-34G6 vulnerabilities

Vulnerabilities for packages: neuvector-scanner, nginx-prometheus-exporter, prometheus-pushgateway, grafana-pyroscope, yunikorn-k8shim, dkron, flux-helm-controller, docker-cli, migrate, snyk-cli, step-issuer, gatekeeper, gh, kaf, tofu-controller, terraform, ingress-nginx-controller,...

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: grafana-pyroscope, ipfs-cluster, migrate, snyk-cli, kaf, secrets-store-csi-driver-provider-azure, prometheus-blackbox-exporter, q, k3s, whereabouts, azurefile-csi, incert, smokescreen, nri-f5, spark-operator, hey, mongodb-kubernetes-operator, envconsul,...

GHSA-7MR4-XJXG-34G6 vulnerabilities

Vulnerabilities for packages: emissary, pgwatch, jobset-fips, crossplane-provider-aws-cognitoidp-fips, crossplane-provider-aws-ssm, apache-exporter, cluster-api-provider-vsphere, yunikorn-k8shim, json-exporter-fips, prometheus-stackdriver-exporter, docker-compose-fips, omni-fips, boring-registry,...

GHSA-5W89-2C2X-6X66 vulnerabilities

Vulnerabilities for packages: age-fips, cluster-api-ipam-provider-in-cluster, jobset-fips, crossplane-provider-aws-cognitoidp-fips, cluster-api-provider-vsphere, json-exporter-fips, docker-compose-fips, kubernetes-csi-external-resizer-fips, kube-logging-operator-custom-runner, gitlab-workhorse-ce...

GHSA-GJVH-7JH8-7XHM vulnerabilities

Vulnerabilities for packages: emissary, cluster-api-ipam-provider-in-cluster, minc-fips, pgwatch, jobset-fips, kubernetes-ingress-defaultbackend-fips, crossplane-provider-aws-cognitoidp-fips, crossplane-provider-aws-ssm, apache-exporter, nri-mongodb, cluster-api-provider-vsphere, yunikorn-k8shim,...

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: emissary, cluster-api-ipam-provider-in-cluster, minc-fips, pgwatch, jobset-fips, kubernetes-ingress-defaultbackend-fips, crossplane-provider-aws-cognitoidp-fips, crossplane-provider-aws-ssm, apache-exporter, nri-mongodb, cluster-api-provider-vsphere, yunikorn-k8shim,...

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: emissary, cluster-api-ipam-provider-in-cluster, minc-fips, pgwatch, jobset-fips, kubernetes-ingress-defaultbackend-fips, crossplane-provider-aws-cognitoidp-fips, crossplane-provider-aws-ssm, apache-exporter, nri-mongodb, cluster-api-provider-vsphere, yunikorn-k8shim,...

GHSA-JRG3-GFJW-HM96 vulnerabilities

Vulnerabilities for packages: emissary, cluster-api-ipam-provider-in-cluster, minc-fips, pgwatch, jobset-fips, kubernetes-ingress-defaultbackend-fips, crossplane-provider-aws-cognitoidp-fips, crossplane-provider-aws-ssm, apache-exporter, nri-mongodb, cluster-api-provider-vsphere, yunikorn-k8shim,...

CVE-2026-35461

Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, the Papra webhook system allows authenticated users to register arbitrary URLs as webhook endpoints with no validation of the destination address. The server makes outbound HTTP POST requests to registered URLs,...