CVE-2026-56121

Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code execution by sending a crafted gRPC request to the registry server. The userdefinedfunction.body field of an OnDemandFeatureView spec is decoded from...

google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 :path pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed :path that omits the mandato...

CVE-2026-56121 Feast < 0.63.0 Unauthenticated RCE via ApplyFeatureView gRPC Deserialization

Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code execution by sending a crafted gRPC request to the registry server. The userdefinedfunction.body field of an OnDemandFeatureView spec is decoded from...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.45 packages and security update

Red Hat OpenShift Container Platform release 4.18.45 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a...

google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 :path pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed :path that omits the mandato...

Important: Red Hat Security Advisory: osbuild-composer security update

An update for osbuild-composer is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 :path pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed :path that omits the mandato...

Linux Distros Unpatched Vulnerability : CVE-2026-42055

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the...

CVE-2026-9142

There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback. This may allow an unauthenticated user access to the server on the local network. This affects NI grpc-device 2.17.0 and prior versions...

CVE-2026-9143

There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in CodeGen. This may silently discard high bits if a size value exceeded the target type's range. This affects NI grpc-device 2.17.0 and prior versions...

CVE-2026-48141

There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memory exhaustion. This affects NI grpc-device 2.17.0 and prior versions...

CVE-2026-48138

There is an out-of-bounds read vulnerability in the NI grpc-device streaming API due to a missing bounds check that may result in a denial of service. Successful exploitation requires an attacker to supply a specially crafted write request. This affects NI grpc-device 2.17.0 and prior versions...

CVE-2026-48137

There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially resulting in remote code execution. Successful exploitation requires an attacker to supply a specially...

CVE-2026-9143

CVE-2026-9143 describes an incorrect conversion between numeric types in NI grpc-device due to missing range checks in CodeGen, potentially discarding high bits when a size value exceeds the target type’s range. Affected: NI grpc-device ≤ 2.17.0. Metrics: CVSSv3.1 base 3.7 (LOW); CVSSv4.0 base 6....

CVE-2026-9143 Incorrect Conversion between Numeric Types in NI grpc-device due to missing range checks in CodeGen

There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in CodeGen. This may silently discard high bits if a size value exceeded the target type's range. This affects NI grpc-device 2.17.0 and prior versions...

CVE-2026-9142

NI grpc-device versions prior to 2.17.0 are affected by an insecure default credentials vulnerability when TLS configuration is absent and the server binds beyond the loopback interface. This could allow an unauthenticated access to the server on the local network. No exploit details or fixes are...

CVE-2026-9142 Insecure Default Credentials vulnerability in NI grpc-device when TLS configuration is not present

There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback. This may allow an unauthenticated user access to the server on the local network. This affects NI grpc-device 2.17.0 and prior versions...

CVE-2026-9142

There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback. This may allow an unauthenticated user access to the server on the local network. This affects NI grpc-device 2.17.0 and prior versions...

CVE-2026-48141

NI grpc-device contains a memory leak in BeginSidebandStream that may lead to denial of service via memory exhaustion. Affected product: NI grpc-device 2.17.0 and earlier. The provided documents do not specify an available fix or remediation; no exploitation details are provided. Monitor for upda...

CVE-2026-48140

NI grpc-device contains an unchecked enum cast vulnerability in BeginSidebandStream affecting version 2.17.0 and earlier. The issue allows triggering invalid enum states and undefined behavior, potentially leading to a denial of service. Exploitation requires sending a specially crafted message w...