487 matches found
User Impersonation
Overview litellm-proxy-extras is an Additional files for the LiteLLM Proxy. Reduces the size of the main litellm package. Affected versions of this package are vulnerable to User Impersonation via manipulation of the Host header during HTTP requests. An attacker can gain unauthorized access to...
GHSA-6PH5-FWW6-VFWV NIOExtras: NIOHTTPRequestDecompressor ratio limit bypass via inflated Content-Length
Impact When NIOHTTPRequestDecompressor is configured with .ratioN, the decompression limit is enforced using the Content-Length header value from the incoming request rather than the actual number of compressed bytes received. Since Content-Length is attacker-controlled, a malicious client can...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.20 CNF vRAN extras topology aware lifecycle manager update
An update for topology-aware-lifecycle manager is available for Red Hat OpenShift Container Platform 4.20. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.20 CNF IBU extras update
An update for ibu components is available for Red Hat OpenShift Container Platform 4.20. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the extra ibu container...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.21 CNF IBU extras update
An update for ibu components is available for Red Hat OpenShift Container Platform 4.21. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the extra ibu container...
Malicious Package
Overview chai-extensions-extras is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...
Malicious code in chai-extensions-extras (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d91953781373f4257c01ae16e16329a5e35acfc2c30eddae881f73f8ebceaea Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-5060 Malicious code in chai-extensions-extras (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d91953781373f4257c01ae16e16329a5e35acfc2c30eddae881f73f8ebceaea Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Twig: HTML-output filters in twig/* extras incorrectly declared `is_safe => ['all']`
Description Several filters in the twig/ extras packages are registered with issafe = 'all', which tells Twig's autoescaper to treat their output as safe in every context html, js, css, url, .... The output of these filters is plain text or HTML markup, neither of which is safe in every escaping...
PT-2026-42176
Name of the Vulnerable Software and Affected Versions twig/markdown-extra affected versions not specified twig/cssinliner-extra affected versions not specified Description Several filters in the twig/ extras packages are incorrectly registered with is safe = 'all', which instructs the autoescaper...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.88 security and extras update
Red Hat OpenShift Container Platform release 4.12.88 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Low...
GHSA-3WQJ-33CG-XC48 Rembg has a Path Traversal via Custom Model Loading
Summary A path traversal vulnerability in the rembg HTTP server allows unauthenticated remote attackers to read arbitrary files from the server's filesystem. By sending a crafted request with a malicious modelpath parameter, an attacker can force the server to attempt loading any file as an ONNX...
Rembg has a Path Traversal via Custom Model Loading
Summary A path traversal vulnerability in the rembg HTTP server allows unauthenticated remote attackers to read arbitrary files from the server's filesystem. By sending a crafted request with a malicious modelpath parameter, an attacker can force the server to attempt loading any file as an ONNX...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.12.82 CNF vRAN extras topology aware lifecycle manager update
An update for topology-aware-lifecycle manager is available for Red Hat OpenShift Container Platform 4.12. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the...
Medium: oci-add-hooks
Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...
Medium: soci-snapshotter
Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...
Medium: oci-add-hooks
Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...
Medium: oci-add-hooks
Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...
Medium: runc
Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...
Important: docker
Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...