shenlong-cve-mcp

shenlong-cve-mcp The MCP Server from the Shenlong Vulnerabil...

CVE-2026-42296

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod...

CVE-2026-42296 Argo Workflows has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod...

EUVD-2026-28894

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod...

CVE-2026-42296 Argo Workflows has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod...

CVE-2026-42296

Argo Workflows CVE-2026-42296 describes a bypass for templateReferencing: Strict that lets users with create Workflow access obtain host network access, switch service accounts, override pod security context, add tolerations to schedule on control-plane nodes, or enable SA token mounting. Root ca...

SUSE CVE-2026-43170

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Move vbus draw to workqueue context Currently dwc3gadgetvbusdraw can be called from atomic context, which in turn invokes power-supply-core APIs. And some these PMIC APIs have operations that may sleep, leading...

SUSE CVE-2026-43260

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix RSS context delete logic We need to free the corresponding RSS context VNIC in FW everytime an RSS context is deleted in driver. Commit 667ac333dbb7 added a check to delete the VNIC in FW only when netifrunning is tru...

Command Injection

Overview @profullstack/mcp-server is an A generic, modular server for implementing the Model Context Protocol MCP Affected versions of this package are vulnerable to Command Injection via the domainlookup process. An attacker can execute arbitrary operating system commands with the privileges of...

GHSA-3G76-F9XQ-8VP6 Vert.x has a DoS via unbounded server-side SNI SslContext cache growth

Potential unbounded server-side SNI SslContext cache growth in Vert.x TLS handling, with = resource-exhaustion / DoS impact. On affected versions, matching server-side SNI names are cached via computeIfAbsentserverName, ... in a serverName-keyed SslContext cache. The implementation differs slight...

Unity Linux 20.1070e Security Update: expat (UTSA-2026-017374)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017374 advisory. Expat aka libexpat before 2.4.4 has a signed integer overflow in XMLGetBuffer, for configurations with a nonzero XMLCONTEXTBYTES. Tenable has extracted the preceding...

CVE-2026-43423

A flaw was found in the Linux kernel's USB Network Control Model NCM gadget driver. The ncmsetalt function was observed to hold a mutex within an atomic context, which is an invalid operation. This improper locking can lead to a 'sleeping function called from invalid context' error when configfs...

CVE-2026-42224

ipl/web is a set of common web components for php projects. Prior to versions 0.13.1 and 0.10.3, the vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the context of Icinga Web. The victim needs to visit a specifically prepared website and may ha...

CVE-2026-43417

A flaw was found in the Linux kernel. The logic for handling tasks created using vfork a system call that creates a new process contains an error. This can cause a task to enter an endless loop when attempting to acquire a Context ID CID during scheduling. A local user could exploit this...

CVE-2026-43418

A flaw was found in the Linux kernel's sched/mmcid component. When new tasks are created concurrently, a race condition can occur where a task is accounted as a Memory Management Context ID MMCID user before it is fully registered in the system's task lists. This can lead to an incorrect allocati...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization through the POST /upi/v1/upNodesLinks handler, which processes attacker-controlled JSON input without authentication or authorization checks. An attacker can terminate the entire process by submitting a crafted...

GHSA-H5FH-7HWR-97MW Kimai has an arbitrary file read in its invoice PDF renderer (admin)

Summary Users with the role System-Admin ROLESYSTEADMIN and the permission uploadinvoicetemplate can upload PDF invoice templates, which can call pdfContext.setOption'associatedfiles', ... inside the sandboxed Twig render. This is forwarded to mPDF's SetAssociatedFiles, whose writer calls...

CVE-2026-43285

A flaw was found in the Linux kernel. An inconsistent lock state within the mm/slab subsystem, specifically when getfromanypartial is called in a Non-Maskable Interrupt NMI context, can lead to a deadlock. This vulnerability can result in a Denial of Service DoS for the affected system...

GHSA-2H64-C999-C9R6 SiYuan Affected by Stored XSS via Attribute View Name to Electron Renderer RCE

Summary The kernel stores Attribute View AV / database names without any HTML escape, then a render template uses raw strings.ReplaceAlltpl, "$avName", nodeAvName to embed the name in HTML before pushing to all clients via WebSocket. Three independent client paths render.ts:120 → outerHTML,...

EUVD-2026-28729

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: Fix atomic context locking issue The ncmsetalt function was holding a mutex to protect against races with configfs, which invokes the might-sleep function inside an atomic context. Remove the struct netdevice...