CVE-2026-47847

Bitnami MariaDB Galera container images and Helm chart are affected by a hardcoded default credential vulnerability in the Galera replication health-check user. The MARIADBREPLICATIONUSER and MARIADBREPLICATIONPASSWORD environment variables defaulted to monitor and monitor respectively. This user...

CVE-2026-47847

Bitnami MariaDB Galera container images and Helm chart are affected by a hardcoded default credential in the Galera replication health-check user. The environment variables MARIADB_REPLICATION_USER and MARIADB_REPLICATION_PASSWORD default to monitor and monitor , granting the user REPLICATION CLI...

BIT-MARIADB-GALERA-2026-47847 Default replication credential monitor:monitor created

Bitnami MariaDB Galera container images and Helm chart are affected by a hardcoded default credential vulnerability in the Galera replication health-check user. The MARIADBREPLICATIONUSER and MARIADBREPLICATIONPASSWORD environment variables defaulted to monitor and monitor respectively. This user...

Security Bulletin: IBM Sterling Connect:Direct Web Services is Affected by Cross-Site Scripting.

Summary compiler-18.2.14.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2026-32635. Vulnerability Details CVEID:CVE-2026-32635 DESCRIPTION: Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to...

openSUSE 16 Security Update : syft (openSUSE-SU-2026:20928-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20928-1 advisory. Changes in syft: - Update to version 1.45.0: Added Features - Add support for ZapAddOns as jar files 4654 4932 @douglasclarke - MySQL binary classifier...

Security update for trivy (important)

openSUSE Security Update: Security update for trivy Announcement ID: openSUSE-SU-2025:0303-1 Rating: important References: 1232948 1235265 1246151 Cross-References: CVE-2024-45338 CVE-2024-51744 CVE-2025-53547 CVSS scores: CVE-2024-45338 SUSE: 8.2...

CLEANSTART-2026-PF69993 Security fixes for CVE-2025-47912, CVE-2025-58183, CVE-2025-58185, CVE-2025-58186, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61729, CVE-2026-1229, CVE-2026-25680, CVE-2026-25681, CVE-2026-27136, CVE-2026-27141, CVE-2026-39821, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-42502, CVE-2026-42506, CVE-2026-42508, CVE-2026-46595, CVE-2026-46597, CVE-2026-46598 applied in versions: 3.19.0-r0, 4.0.0-r0, 4.0.1-r0, 4.1.1-r1, 4.2.0-r1

Multiple security vulnerabilities affect the helm package. These issues are resolved in later releases. See references for individual vulnerability details...

Security Bulletin: Due to use of spring-web-6.2.17.jar, IBM Sterling Connect:Direct Web Services is vulnerable to allows an attacker to consume available disk space.

Summary spring-web-6.2.17.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-22740. Vulnerability Details CVEID:CVE-2026-22740 DESCRIPTION: A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp...

CVE-2026-45132

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow generate-schema.yaml exposes sensitive credentials Personal Access Token and SSH signing key to fork-controlled code due to unsafe checkout and credential handling practices. Th...

CVE-2026-45131

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow pull-request.yaml executes attacker-controlled code from fork pull requests in a privileged context, exposing repository secrets including Docker Hub credentials and tokens...

Security update for helm (important)

openSUSE security update: security update for helm ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20860-1 Rating: important References: bsc1265428 bsc1265758 Cross-References: CVE-2026-33814 CVE-2026-41888 CVSS scores: CVE-2026-33814 SUSE : 7.5...

Security Bulletin: Due to use of spring-webmvc-6.2.17.jar, IBM Sterling Connect:Direct Web Services is vulnerable to cache poisoning when resolving static resources.

Summary spring-webmvc-6.2.17.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-22741. Vulnerability Details CVEID:CVE-2026-22741 DESCRIPTION: Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be...

GHSA-WRH2-89VG-4J9G vulnerabilities

Vulnerabilities for packages: kine, snyk-cli, crossplane-provider-azure-storage, gitea, traefik, opentelemetry-collector, istio, minio, telegraf, crossplane-provider-aws-elasticache, grafana-pyroscope, argo-cd, nerdctl, zot, hubble, k3s, vitess, kubernetes, cilium, hydra, gptscript,...

GHSA-W9P8-PVXH-RXPJ vulnerabilities

Vulnerabilities for packages: kine, snyk-cli, crossplane-provider-azure-storage, gitea, traefik, opentelemetry-collector, istio, minio, telegraf, crossplane-provider-aws-elasticache, grafana-pyroscope, argo-cd, nerdctl, zot, hubble, k3s, vitess, kubernetes, cilium, hydra, gptscript,...

GHSA-M9X8-M34X-FJ9Q vulnerabilities

Vulnerabilities for packages: kine, snyk-cli, crossplane-provider-azure-storage, gitea, traefik, opentelemetry-collector, istio, minio, telegraf, crossplane-provider-aws-elasticache, grafana-pyroscope, argo-cd, nerdctl, zot, hubble, k3s, vitess, kubernetes, cilium, hydra, gptscript,...

GHSA-CG87-VWWH-XVGJ vulnerabilities

Vulnerabilities for packages: kine, snyk-cli, crossplane-provider-azure-storage, gitea, traefik, opentelemetry-collector, istio, minio, telegraf, crossplane-provider-aws-elasticache, grafana-pyroscope, argo-cd, nerdctl, zot, hubble, k3s, vitess, kubernetes, cilium, hydra, gptscript,...

GHSA-5CV4-JP36-H3MW vulnerabilities

Vulnerabilities for packages: kine, snyk-cli, crossplane-provider-azure-storage, gitea, traefik, opentelemetry-collector, istio, minio, telegraf, crossplane-provider-aws-elasticache, grafana-pyroscope, argo-cd, nerdctl, zot, hubble, k3s, vitess, kubernetes, cilium, hydra, gptscript,...

CVE-2026-27136 vulnerabilities

Vulnerabilities for packages: kine, snyk-cli, crossplane-provider-azure-storage, gitea, traefik, opentelemetry-collector, istio, minio, telegraf, crossplane-provider-aws-elasticache, grafana-pyroscope, argo-cd, nerdctl, zot, hubble, k3s, vitess, kubernetes, cilium, hydra, gptscript,...

CVE-2026-25680 vulnerabilities

Vulnerabilities for packages: kine, snyk-cli, crossplane-provider-azure-storage, gitea, traefik, opentelemetry-collector, istio, minio, telegraf, crossplane-provider-aws-elasticache, grafana-pyroscope, argo-cd, nerdctl, zot, hubble, k3s, vitess, kubernetes, cilium, hydra, gptscript,...

CVE-2026-42502 vulnerabilities

Vulnerabilities for packages: kine, snyk-cli, crossplane-provider-azure-storage, gitea, traefik, opentelemetry-collector, istio, minio, telegraf, crossplane-provider-aws-elasticache, grafana-pyroscope, argo-cd, nerdctl, zot, hubble, k3s, vitess, kubernetes, cilium, hydra, gptscript,...