9204 matches found
GHSA-69RW-45WJ-G4V6 Spinnaker: RCE via expression parsing due to unrestricted context handling
Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL Spring Expression Language to process information - specifically around expected artifacts. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, unlike orca, it was NOT...
EUVD-2026-23963
Spinnaker: RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths...
Spinnaker: RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths
Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, a bad actor can execute arbitrary commands very simply on the clouddriver pods. This can expose credentials, remove files, or inject resources easily. Versions...
GHSA-X3J7-7PGJ-H87R Spinnaker: RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths
Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, a bad actor can execute arbitrary commands very simply on the clouddriver pods. This can expose credentials, remove files, or inject resources easily. Versions...
Security Bulletin: There is a vulnerability in vertx-core-4.1.0.jar used by IBM Maximo Asset Management application (CVE-2026-1002)
Summary There is a vulnerability in vertx-core-4.1.0.jar used by IBM Maximo Asset Management application CVE-2026-1002 Vulnerability Details CVEID:CVE-2026-1002 DESCRIPTION: The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler...
CLSA-2026-1776777715 gstreamer1-plugins-good: Fix of 2 CVEs
CVE-2026-3083, CVE-2026-3085: disable rtpqdm2depay element to fix heap buffer overflow and out-of-bounds write via crafted RTP payloads...
CVE-2026-39388
A flaw was found in OpenBao, an open source identity-based secrets management system. When renewing tokens using the Certificate authentication method with disablebinding=true, the system incorrectly verifies the presented mTLS mutual Transport Layer Security certificate. This vulnerability allow...
SUSE CVE-2026-39388
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication method, when a token renewal is requested and disablebinding=true is set, attempts to verify the current request's presented mTLS certificate matches the original. Toke...
CVE-2026-6703
The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticat...
CVE-2026-39388
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication method, when a token renewal is requested and disablebinding=true is set, attempts to verify the current request's presented mTLS certificate matches the original. Toke...
DEBIAN-CVE-2026-39378
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when HTMLExporter.embedimages=True, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook...
CVE-2026-39388
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication method, when a token renewal is requested and disablebinding=true is set, attempts to verify the current request's presented mTLS certificate matches the original. Toke...
CVE-2026-39388 OpenBao's Certificate Authentication Allows Token Renewal With Different Certificate
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication method, when a token renewal is requested and disablebinding=true is set, attempts to verify the current request's presented mTLS certificate matches the original. Toke...
CVE-2026-39388
OpenBao (open source identity-based secrets management) prior to version 2.5.3 contains a flaw in the Certificate authentication method: when a token renewal is requested with disable_binding=true, the system attempts to verify that the presented mTLS certificate matches the original. Due to inco...
CVE-2026-39388
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication method, when a token renewal is requested and disablebinding=true is set, attempts to verify the current request's presented mTLS certificate matches the original. Toke...
CVE-2026-39378 nbconvert has an Arbitrary File Read via Path Traversal in HTMLExporter Image Embedding
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when HTMLExporter.embedimages=True, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook...
CVE-2026-39378
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when HTMLExporter.embedimages=True, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook...
Unity Linux 20.1050e / 20.1060e Security Update: kernel (UTSA-2026-011122)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011122 advisory. In the Linux kernel, the following vulnerability has been resolved: quota: fix warning in dqgrab There's issue as follows when do fault injection: WARNING: CPU: 1...
ClearanceKit 安全漏洞
ClearanceKit is a macOS file system access control tool developed by Craig J. Bass. Versions of ClearanceKit prior to 5.0.6 contained security vulnerabilities. These vulnerabilities stemmed from the opfilter Endpoint Security system extension, which could be suspended or terminated by the root...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-010870)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010870 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Panic on bad configs that VE on private memory access All normal kernel memory is TDX...