33908 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...
CVE-2026-42295
A flaw was found in Argo Workflows, an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. The workflow executor logs all artifact repository credentials, such as S3 Simple Storage Service access keys, GCS Google Cloud Storage service account keys, Azure...
CVE-2026-41949 Dify < 1.14.2 Authorization Bypass via File Preview Endpoint
Dify before version 1.14.2 contains an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access the...
CVE-2026-41949
Dify v1.14.1 (and earlier) contains an authorization bypass in the file preview endpoint. An authenticated user can read up to 3,000 characters from any uploaded document across tenants/workspaces by using only the file UUID via /console/api/files/{file_id}/preview. The note that Dify Cloud allow...
CVE-2026-41949 Dify < 1.14.2 Authorization Bypass via File Preview Endpoint
Dify before version 1.14.2 contains an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access the...
EUVD-2026-30774
Dify version 1.14.1 and prior contain an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access the...
EUVD-2026-30771
Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant path using unencod...
CVE-2026-41948
Dify v1.14.1 (and prior) is affected by a path traversal vulnerability in the Plugin Daemon internal API caused by insufficient URL path sanitization. authenticated users can traverse outside their tenant path using unencoded dot sequences in task IDs or manipulated filename parameters to reach i...
CVE-2026-41948
Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant path using unencod...
CVE-2026-41948 Dify v1.14.1 Path Traversal via Plugin Daemon Internal API Access
Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant path using unencod...
CVE-2026-41947
Affected product: Dify v1.14.1 and prior. Vulnerability: authorization bypass in trace configuration endpoints due to missing tenant ownership checks. Impact: authenticated editor users can set/enable trace configurations for any application and redirect messages/responses to attacker‑controlled ...
EUVD-2026-30772
Dify version 1.14.1 and prior contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace configuration endpoints...
CVE-2026-41947 Dify < 1.14.2 Authorization Bypass via Trace Configuration Endpoints
Dify before version 1.14.2 contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace configuration endpoints to...
Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data
Summary IBM has released the below fix for IBM Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data in response to multiple vulnerabilities found in multiple components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details...
Security update for cloud-init
This update for cloud-init fixes the following issues: Update to version 25.1.3 bsc1245403, CVE-2024-11584, CVE-2024-6174 Update to version 25.1.1 bsc1239715, jscPED-8680, bsc1228414, bsc1237764 Make sure a directory exists, if not create it, before writing in that location bsc1236720 rsyslog...
SUSE-SU-2026:1980-1 Security update for cloud-init
This update for cloud-init fixes the following issues: - Update to version 25.1.3 bsc1245403, CVE-2024-11584, CVE-2024-6174 - Update to version 25.1.1 bsc1239715, jscPED-8680, bsc1228414, bsc1237764 - Make sure a directory exists, if not create it, before writing in that location bsc1236720 -...