CVE-2026-27136 affecting package sriov-network-device-plugin for versions less than 3.7.0-6

CVE-2026-27136 affecting package sriov-network-device-plugin for versions less than 3.7.0-6. A patched version of the package is available...

CVE-2026-42502 affecting package sriov-network-device-plugin for versions less than 3.7.0-6

CVE-2026-42502 affecting package sriov-network-device-plugin for versions less than 3.7.0-6. A patched version of the package is available...

CVE-2026-25681 affecting package sriov-network-device-plugin for versions less than 3.7.0-6

CVE-2026-25681 affecting package sriov-network-device-plugin for versions less than 3.7.0-6. A patched version of the package is available...

CVE-2026-25680 affecting package sriov-network-device-plugin for versions less than 3.7.0-6

CVE-2026-25680 affecting package sriov-network-device-plugin for versions less than 3.7.0-6. A patched version of the package is available...

CVE-2026-42506 affecting package sriov-network-device-plugin for versions less than 3.7.0-6

CVE-2026-42506 affecting package sriov-network-device-plugin for versions less than 3.7.0-6. A patched version of the package is available...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

CVE-2026-32282 vulnerabilities

Vulnerabilities for packages: karpenter, keda, telegraf, cilium-envoy, cloud-provider-aws, dask-gateway, nerdctl, ingress-nginx-controller, newrelic-fluent-bit-output, datadog-agent, argo-cd, external-secrets-operator, knative-operator, grafana, kyverno, kube-arangodb, kine, falco-no-driver,...

CVE-2026-32281 vulnerabilities

Vulnerabilities for packages: flannel, slsa-verifier, vexctl, postgres-operator, kargo, dataplaneapi, kine, falco-no-driver, terraform-provider-azapi, aws-flb-kinesis, polaris, bazelisk, aws-sigv4-proxy, kots, nri-nginx, knative-eventing, prometheus, kubernetes-dashboard-metrics-scraper,...

CVE-2025-58190 affecting package sriov-network-device-plugin for versions less than 3.7.0-5

CVE-2025-58190 affecting package sriov-network-device-plugin for versions less than 3.7.0-5. A patched version of the package is available...

CVE-2025-47911 affecting package sriov-network-device-plugin for versions less than 3.7.0-5

CVE-2025-47911 affecting package sriov-network-device-plugin for versions less than 3.7.0-5. A patched version of the package is available...

CVE-2025-58190 affecting package sriov-network-device-plugin for versions less than 3.6.2-11

CVE-2025-58190 affecting package sriov-network-device-plugin for versions less than 3.6.2-11. A patched version of the package is available...

CVE-2025-47911 affecting package sriov-network-device-plugin for versions less than 3.6.2-11

CVE-2025-47911 affecting package sriov-network-device-plugin for versions less than 3.6.2-11. A patched version of the package is available...

Azure Linux 3.0 Security Update: sriov-network-device-plugin (CVE-2022-1996)

The version of sriov-network-device-plugin installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-1996 advisory. - Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restfu...

CVE-2025-58188 vulnerabilities

Vulnerabilities for packages: aws-sigv4-proxy-fips, cilium-certgen, extism, protoc-gen-go, stampdalf, minio-object-browser-fips, skaffold, glow, nova-fips, terraform-provider-sendgrid, prometheus-nats-exporter, manifest-tool, skopeo-fips, dynamic-localpv-provisioner-fips, ipfs-cluster,...

CVE-2025-58189 vulnerabilities

Vulnerabilities for packages: aws-sigv4-proxy-fips, cilium-certgen, extism, protoc-gen-go, stampdalf, minio-object-browser-fips, skaffold, glow, nova-fips, terraform-provider-sendgrid, prometheus-nats-exporter, manifest-tool, skopeo-fips, dynamic-localpv-provisioner-fips, ipfs-cluster,...

GHSA-CXQ7-XW9V-RCV3 vulnerabilities

Vulnerabilities for packages: aws-sigv4-proxy-fips, cilium-certgen, extism, protoc-gen-go, stampdalf, minio-object-browser-fips, skaffold, glow, nova-fips, terraform-provider-sendgrid, prometheus-nats-exporter, manifest-tool, skopeo-fips, dynamic-localpv-provisioner-fips, ipfs-cluster,...

MAL-2025-47492 Malicious code in react-device-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 113702b97f378bfde6af287d00821b1e3ebec6cfa164e3d263f57632210869c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview react-device-plugin is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in react-device-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 113702b97f378bfde6af287d00821b1e3ebec6cfa164e3d263f57632210869c8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Azure Linux 3.0 Security Update: cf-cli / cni-plugins / containerized-data-importer / docker-compose / kubevirt / sriov-network-device-plugin (CVE-2025-22872)

The version of cf-cli / cni-plugins / containerized-data-importer / docker-compose / kubevirt / sriov-network-device- plugin installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22872 advisory. - The...