678 matches found
CVE-2026-27120
Leafkit is a templating language with Swift-inspired syntax. Prior to 1.4.1, htmlEscaped in leaf-kit will only escape html special characters if the extended grapheme clusters match, which allows bypassing escaping by using an extended grapheme cluster containing both the special html character a...
CVE-2026-27120 Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster
Leafkit is a templating language with Swift-inspired syntax. Prior to 1.4.1, htmlEscaped in leaf-kit will only escape html special characters if the extended grapheme clusters match, which allows bypassing escaping by using an extended grapheme cluster containing both the special html character a...
CVE-2026-27120
Leaf-kit (templating library for Swift) before version 1.4.1 is vulnerable to HTML escaping bypass via extended grapheme clusters in htmlEscaped(), enabling potential XSS in attribute contexts when user-controlled variables are interpolated. The root cause is that htmlEscaped escapes only when th...
CVE-2026-27120
Leafkit is a templating language with Swift-inspired syntax. Prior to 1.4.1, htmlEscaped in leaf-kit will only escape html special characters if the extended grapheme clusters match, which allows bypassing escaping by using an extended grapheme cluster containing both the special html character a...
CVE-2026-27120 Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster
Leafkit is a templating language with Swift-inspired syntax. Prior to 1.4.1, htmlEscaped in leaf-kit will only escape html special characters if the extended grapheme clusters match, which allows bypassing escaping by using an extended grapheme cluster containing both the special html character a...
GHSA-4HFH-FCH3-5Q7P Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster
Summary htmlEscaped in leaf-kit will only escape html special characters if the extended grapheme clusters match, which allows bypassing escaping by using an extended grapheme cluster containing both the special html character and some additional characters. In the case of html attributes, this c...
Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster
Summary htmlEscaped in leaf-kit will only escape html special characters if the extended grapheme clusters match, which allows bypassing escaping by using an extended grapheme cluster containing both the special html character and some additional characters. In the case of html attributes, this c...
PT-2026-20982
Name of the Vulnerable Software and Affected Versions Leafkit versions prior to 1.4.1 Description Leafkit’s htmlEscaped function inadequately escapes HTML special characters when dealing with extended grapheme clusters. This occurs because the function only escapes characters if the extended...
Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster
htmlEscaped in leaf-kit will only escape html special characters if the extended grapheme clusters match, which allows bypassing escaping by using an extended grapheme cluster containing both the special html character and some additional characters. In the case of html attributes, this can lead ...
SUSE CVE-2026-25996
Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences...
CVE-2026-25996
Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences...
CVE-2026-26011
In NAVIGATION2 (ROS 2 Navigation Framework) version 1.3.11 and earlier, a critical heap out-of-bounds write in Nav2 AMCL’s particle filter clustering can be triggered by publishing a crafted geometry_msgs/PoseWithCovarianceStamped to /initialpose, causing a negative index write into heap memory a...
CVE-2026-25996
CVE-2026-25996 affects Inspektor Gadget when running ig run interactively in the columns output mode. String fields from eBPF events rendered in columns are not sanitized, allowing forged event payloads from a container to inject ANSI escape sequences into the terminal, with possible effects as d...
CVE-2026-25999
Klaw (self-service Apache Kafka Topic Management/Governance tool) contains an improper access control vulnerability prior to v2.10.2 that allows an unauthorized user to trigger a reset or deletion of metadata for any tenant by calling the /resetMemoryCache endpoint. The CVE notes the impact as hi...
Important: Red Hat Security Advisory: multicluster engine for Kubernetes v2.9.2 security update
The multicluster engine for Kubernetes 2.9 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. The multicluster engine for Kubernetes v2.9 images The multicluster engine for Kubernetes provides the foundational components that are...
Moderate: Red Hat Security Advisory: multicluster engine for Kubernetes v2.10.1 security update
The multicluster engine for Kubernetes 2.10 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. The multicluster engine for Kubernetes v2.10 images The multicluster engine for Kubernetes provides the foundational components that a...
Improper Authorization Enforcement
github.com/rancher/rancher is vulnerable to improper authorization enforcement. The vulnerability is due to improper revocation of permissions after removing a custom GlobalRole or its binding, which allows an attacker to retain unauthorized administrative access to clusters when the role contain...
Important: Red Hat Security Advisory: multicluster engine for Kubernetes v2.8.4 security update
The multicluster engine for Kubernetes 2.8 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. The multicluster engine for Kubernetes v2.8 images The multicluster engine for Kubernetes provides the foundational components that are...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003233)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003233 advisory. It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster...
Important: Red Hat Security Advisory: Red Hat Developer Hub 1.8.2 release.
Red Hat Developer Hub 1.8.2 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...