19093 matches found
CVE-2026-10609
A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...
GHSA-VJHF-6XFR-5P9G vulnerabilities
Vulnerabilities for packages: virt-operator-fips, virt-controller-fips...
GHSA-4Q63-MR2M-57HF vulnerabilities
Vulnerabilities for packages: virt-operator-fips, virt-controller-fips...
GHSA-25MH-HP8X-CGRV vulnerabilities
Vulnerabilities for packages: virt-operator-fips, virt-controller-fips...
CVE-2024-31420 vulnerabilities
Vulnerabilities for packages: virt-operator-fips, virt-controller-fips...
CVE-2024-33394 vulnerabilities
Vulnerabilities for packages: virt-operator-fips, virt-controller-fips...
CVE-2025-14525 vulnerabilities
Vulnerabilities for packages: virt-operator-fips, virt-controller-fips...
GHSA-RJFV-PJVX-MJGV vulnerabilities
Vulnerabilities for packages: aws-load-balancer-controller, aws-load-balancer-controller-fips...
GHSA-5WRP-CWCJ-Q835 vulnerabilities
Vulnerabilities for packages: art, docker-fips, eks-distro-fips, kgateway, neuvector-sigstore-interface-fips, terraform-provider-databricks, aws-iam-authenticator-fips, authentik, azurefile-csi, flux-notification-controller, argo-workflows-fips, consul-k8s, tempo, kubescape-operator-fips, dapr,...
GHSA-XHF5-7WJV-PQXP vulnerabilities
Vulnerabilities for packages: trivy, kgateway, newrelic-infrastructure-agent, helm-operator-fips, spegel-fips, grype, chaos-mesh-fips, k9s, grype-fips, skaffold-fips, helm-operator, kube-arangodb, scorecard, kots, trivy-fips, newrelic-infrastructure-agent-fips, docker-compose-fips,...
CVE-2026-41178 vulnerabilities
Vulnerabilities for packages: art, docker-fips, eks-distro-fips, kgateway, neuvector-sigstore-interface-fips, terraform-provider-databricks, aws-iam-authenticator-fips, authentik, azurefile-csi, flux-notification-controller, argo-workflows-fips, consul-k8s, tempo, kubescape-operator-fips, dapr,...
Progress ShareFile Storage Zones Controller - Authentication Bypass
Customer Managed ShareFile Storage Zones Controller SZC contains an authentication bypass Execution After Redirect that allows unauthenticated attackers to access restricted configuration pages. This leads to changing system configuration and potential remote code execution. id: CVE-2026-2699 inf...
Aquatronica Controller System <= 5.1.6 - Information Disclosure
Aquatronica Controller System firmware 5.1.6 and earlier and web interface 2.0 and earlier contain an information disclosure vulnerability caused by unauthenticated access to tcp.php endpoint, letting remote attackers retrieve sensitive configuration data including plaintext credentials, exploit...
Citrix SD-WAN Center - Remote Command Injection
Citrix SD-WAN Center is susceptible to remote command injection via the ping function in DiagnosticsController, which does not sufficiently validate or sanitize HTTP request parameter values used to construct a shell command. An attacker can trigger this vulnerability by routing traffic through t...
WCFM WooCommerce Multivendor Marketplace < 3.4.12 - SQL Injection
The wcfmajaxcontroller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections. id: CVE-2021-24849 info: name: WCFM...
Joomla! Component Jstore - 'Controller' Local File Inclusion
A directory traversal vulnerability in Jstore comjstore component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-5286 info: name: Joomla! Component Jstore - 'Controller...
kernel: can: isotp: fix tx.buf use-after-free in isotp_sendmsg()
A flaw was found in the Linux kernel's Controller Area Network CAN ISO-TP isotp module. This vulnerability, known as a use-after-free, occurs when the system attempts to free a memory region while it is still being used. A local attacker could trigger this condition by sending a signal that...
Citrix SD-WAN Center - Local File Inclusion
Citrix SD-WAN Center is susceptible to local file inclusion via the applianceSettingsFileTransfer function in ApplianceSettingsController. The function does not sufficiently validate or sanitize HTTP request parameter values used to construct a file system path. An attacker can trigger this...
Citrix SD-WAN Center - Remote Command Injection
Citrix SD-WAN Center is susceptible to remote command injection via the apply action in StorageMgmtController. The callStoragePerl function does not sufficiently validate or sanitize HTTP request parameter values that are used to construct a shell command. An attacker can trigger this vulnerabili...
EUVD-2026-38198
A security vulnerability has been detected in Radware Cyber Controller up to 10.11.0. This affects an unknown part of the component HTML Report Generation. The manipulation leads to HTML injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be...