CVE-2026-29954

In KubePlus 4.1.4, the mutating webhook and kubeconfiggenerator components have an SSRF vulnerability when processing the chartURL field of ResourceComposition resources. The field is only URL-encoded without validating the target address. More critically, when kubeconfiggenerator uses wget to...

PHP 5.2.1 - Folded Mail Headers Email Header Injection

source: https://www.securityfocus.com/bid/23145/info PHP is prone to an email-header-injection vulnerability because it fails to properly sanitize user-supplied input when constructing email messages. Exploiting this issue allows a malicious user to create arbitrary email headers, and then create...