897 matches found
Webkul Krayin CRM 代码注入漏洞
Webkul Krayin CRM is a free and open-source CRM solution for small and medium-sized businesses from the Indian company Webkul. Versions of Webkul Krayin CRM 2.2 and earlier contained a code injection vulnerability. This vulnerability stemmed from an error in the composeMail function of the...
SUSE CVE-2026-33532
yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...
SUSE-SU-2026:20976-1 Security update for docker-compose
This update for docker-compose fixes the following issues: - CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request bsc1253584. - CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validat...
SUSE-SU-2026:20949-1 Security update for docker-compose
This update for docker-compose fixes the following issues: - CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request bsc1253584. - CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validat...
CVE-2026-33747 vulnerabilities
Vulnerabilities for packages: docker-compose, conftest, buildah, zot, kubescape, docker-cli-buildx, scorecard, skaffold, trivy, trivy-operator, guac, osv-scanner, kaniko...
CVE-2026-33748 vulnerabilities
Vulnerabilities for packages: docker-compose, conftest, buildah, zot, kubescape, docker-cli-buildx, scorecard, skaffold, trivy, trivy-operator, guac, osv-scanner, kaniko...
GHSA-4VRQ-3VRQ-G6GG vulnerabilities
Vulnerabilities for packages: docker-compose, conftest, buildah, zot, kubescape, docker-cli-buildx, scorecard, skaffold, trivy, trivy-operator, guac, osv-scanner, kaniko...
GHSA-4C29-8RGM-JVJJ vulnerabilities
Vulnerabilities for packages: docker-compose, conftest, buildah, zot, kubescape, docker-cli-buildx, scorecard, skaffold, trivy, trivy-operator, guac, osv-scanner, kaniko...
GHSA-4C29-8RGM-JVJJ vulnerabilities
Vulnerabilities for packages: zot, conftest-fips, buildah, livekit-cli, trivy-fips, skaffold, docker-compose, docker-compose-fips, kaniko, guac, docker-cli-buildx-fips, conftest, cloudbeat-fips, cloudbeat, kubescape-server, trivy-operator, kaniko-fips, docker-cli-buildx, kubescape, osv-scanner,...
GHSA-4VRQ-3VRQ-G6GG vulnerabilities
Vulnerabilities for packages: zot, conftest-fips, buildah, livekit-cli, trivy-fips, skaffold, docker-compose, docker-compose-fips, kaniko, guac, docker-cli-buildx-fips, conftest, cloudbeat-fips, cloudbeat, kubescape-server, trivy-operator, kaniko-fips, docker-cli-buildx, kubescape, osv-scanner,...
CVE-2026-33747 vulnerabilities
Vulnerabilities for packages: zot, conftest-fips, buildah, livekit-cli, trivy-fips, skaffold, docker-compose, docker-compose-fips, kaniko, guac, docker-cli-buildx-fips, conftest, cloudbeat-fips, cloudbeat, kubescape-server, trivy-operator, kaniko-fips, docker-cli-buildx, kubescape, osv-scanner,...
CVE-2026-33748 vulnerabilities
Vulnerabilities for packages: zot, conftest-fips, buildah, livekit-cli, trivy-fips, skaffold, docker-compose, docker-compose-fips, kaniko, guac, docker-cli-buildx-fips, conftest, cloudbeat-fips, cloudbeat, kubescape-server, trivy-operator, kaniko-fips, docker-cli-buildx, kubescape, osv-scanner,...
DEBIAN-CVE-2026-33532
yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...
CVE-2026-33532
yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...
UBUNTU-CVE-2026-33532
yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...
CVE-2026-33532 yaml is vulnerable to Stack Overflow via deeply nested YAML collections
yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...
CVE-2026-33532 yaml is vulnerable to Stack Overflow via deeply nested YAML collections
yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...
CVE-2026-33532
yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...
CVE-2026-33532
Summary: CVE-2026-33532 affects the yaml JavaScript library. The vulnerability is in the compose/resolve phase of the parser, where a recursive call path without a depth bound can cause a RangeError: Maximum call stack size exceeded when parsing YAML input (typical payload ~2–10 KB). This can lea...
SUSE-SU-2026:20871-1 Security update for docker-compose
This update for docker-compose fixes the following issue: - CVE-2025-62725: OCI compose artifacts can be used to escape the cache directory and overwrite arbitrary files bsc1252752...