CVE-2026-43824

Vulnerability summary (CVE-2026-43824) : In Argo CD, versions 3.2.0 up to (but not including) 3.2.11 and 3.3.0 up to (but not including) 3.3.9 expose cleartext Kubernetes Secret data via ServerSideDiff. This is the underlying issue described by the CVE, with the impact stated as exposure of secre...

CVE-2026-43824

In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data...

PT-2026-36558

Name of the Vulnerable Software and Affected Versions Argo CD versions 3.2.0 through 3.2.10 Argo CD versions 3.3.0 through 3.3.8 Description The 'ServerSideDiff' endpoint allows the disclosure of cleartext Kubernetes Secret data. This occurs when the IncludeMutationWebhook variable is set to true...

Argo CD 安全漏洞

Argo CD is an open-source tool developed by Argo for Kubernetes, designed for declarative GitOps continuous delivery. There were security vulnerabilities in versions of Argo CD between 3.2.0 and 3.2.11, as well as between 3.3.0 and 3.3.9. These vulnerabilities stemmed from ServerSideDiff allowing...

Cross-site Scripting (XSS)

Overview org.webjars.npm:jsondiffpatch is a JSON diff & patch object and array diff, text diff, multiple output formats Affected versions of this package are vulnerable to Cross-site Scripting XSS via the annotated formatter due to improper sanitization of JSON values and property names. If an...

RHSA-2026:7885 Red Hat Security Advisory: Red Hat OpenStack Services on OpenShift 18.0.18 (golang-github-openstack-k8s-operators-os-diff) security update

Bulletin has no description...

patchbot

patchbot patchbot is an AI-assisted security reviewer for p...

CVE-2026-35204 vulnerabilities

Vulnerabilities for packages: kuma, flux-fips, kots, cert-manager-cmctl, rancher-fleet, flux-source-controller-fips, cert-manager-cmctl-fips, rancher-fleet-fips, zarf, flux-source-controller, flux, zarf-fips, cilium-cli, gitlab-operator, helm-push, helm-diff-fips, helm-diff, gitlab-operator-fips...

GHSA-VMX8-MQV2-9GMG vulnerabilities

Vulnerabilities for packages: kuma, flux-fips, kots, cert-manager-cmctl, rancher-fleet, flux-source-controller-fips, cert-manager-cmctl-fips, rancher-fleet-fips, zarf, flux-source-controller, flux, zarf-fips, cilium-cli, gitlab-operator, helm-push, helm-diff-fips, helm-diff, gitlab-operator-fips...

GHSA-Q5JF-9VFQ-H4H7 vulnerabilities

Vulnerabilities for packages: kuma, flux-fips, kots, cert-manager-cmctl, rancher-fleet, flux-source-controller-fips, cert-manager-cmctl-fips, rancher-fleet-fips, zarf, flux-source-controller, flux, zarf-fips, cilium-cli, gitlab-operator, helm-push, helm-diff-fips, helm-diff, gitlab-operator-fips...

CVE-2026-35205 vulnerabilities

Vulnerabilities for packages: kuma, flux-fips, kots, cert-manager-cmctl, rancher-fleet, flux-source-controller-fips, cert-manager-cmctl-fips, rancher-fleet-fips, zarf, flux-source-controller, flux, zarf-fips, cilium-cli, gitlab-operator, helm-push, helm-diff-fips, helm-diff, gitlab-operator-fips...

GHSA-HR2V-4R36-88HR vulnerabilities

Vulnerabilities for packages: kuma, helm-mapkubeapis, helm-exporter-fips, kubescape, kube-arangodb, envoy-gateway-fips, rancher-fleet-fips, flux-source-controller, helm-exporter, eksctl, gitlab-operator, helm-push, headlamp-fips, k8ssandra-client, zot, nova, k9s, chart-testing-fips,...

CVE-2026-34401 XML Notepad: XML External Entity (XXE) Injection via Unsafe XmlTextReader in XML Diff and Schema Loading

XML Notepad is a Windows program that provides a simple intuitive User Interface for browsing and editing XML documents. Prior to version 2.9.0.21, XML Notepad does not disable DTD processing by default which means external entities are resolved automatically. There is a well known attack related...

CVE-2026-34401 XML Notepad: XML External Entity (XXE) Injection via Unsafe XmlTextReader in XML Diff and Schema Loading

XML Notepad is a Windows program that provides a simple intuitive User Interface for browsing and editing XML documents. Prior to version 2.9.0.21, XML Notepad does not disable DTD processing by default which means external entities are resolved automatically. There is a well known attack related...

CVE-2026-34401 XML Notepad: XML External Entity (XXE) Injection via Unsafe XmlTextReader in XML Diff and Schema Loading

XML Notepad is a Windows program that provides a simple intuitive User Interface for browsing and editing XML documents. Prior to version 2.9.0.21, XML Notepad does not disable DTD processing by default which means external entities are resolved automatically. There is a well known attack related...

CVE-2026-34401

XML Notepad is affected by an XXE flaw in which DTD processing was not disabled by default prior to version 2.9.0.21, allowing external entities to be resolved. The issue could cause the application to make outbound HTTP/SMB requests and potentially leak local file contents or NTLM credentials. T...

JLSEC-2026-14

An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuitdifftype function in pch.c, aka a "mangled rename" issue...

consult-llm-mcp 操作系统命令注入漏洞

consult-llm-mcp is a multi-model code consultation server developed by Raine Virta. Versions of consult-llm-mcp prior to 2.5.3 had an operating system command injection vulnerability. This vulnerability stemmed from incorrect operations with parameters gitdiff.baseref/gitdiff.files in the...

CVE-2026-33718

OpenHands is software for AI-driven development. Starting in version 1.5.0, a Command Injection vulnerability exists in the getgitdiff method at openhands/runtime/utils/githandler.py:134. The path parameter from the /api/conversations/conversationid/git/diff API endpoint is passed unsanitized to ...

CVE-2026-33955

Notesnook: A stored XSS in the note history diff viewer (Web/Desktop) can lead to remote code execution in the desktop app. Trigger occurs when an attacker-controlled note header is rendered with dangerouslySetInnerHTML, and, when combined with the full backup/restore feature, is exploitable due ...