CVE-2026-27136 vulnerabilities

Vulnerabilities for packages: fq, step-issuer, zot, minio, istio, hydra, crossplane-provider-azure-storage, prometheus-operator, traefik, telegraf, caddy, terraform-provider-acme, crossplane-provider-azure-authorization, kots, cilium, grafana-pyroscope, hubble, opentelemetry-collector, nerdctl,...

CVE-2026-42506 vulnerabilities

Vulnerabilities for packages: fq, step-issuer, zot, minio, istio, hydra, crossplane-provider-azure-storage, prometheus-operator, traefik, telegraf, caddy, terraform-provider-acme, crossplane-provider-azure-authorization, kots, cilium, grafana-pyroscope, hubble, opentelemetry-collector, nerdctl,...

GHSA-CG87-VWWH-XVGJ vulnerabilities

Vulnerabilities for packages: fq, step-issuer, zot, minio, istio, hydra, crossplane-provider-azure-storage, prometheus-operator, traefik, telegraf, caddy, terraform-provider-acme, crossplane-provider-azure-authorization, kots, cilium, grafana-pyroscope, hubble, opentelemetry-collector, nerdctl,...

CVE-2026-25681 vulnerabilities

Vulnerabilities for packages: fq, step-issuer, zot, minio, istio, hydra, crossplane-provider-azure-storage, prometheus-operator, traefik, telegraf, caddy, terraform-provider-acme, crossplane-provider-azure-authorization, kots, cilium, grafana-pyroscope, hubble, opentelemetry-collector, nerdctl,...

CVE-2026-25680 vulnerabilities

Vulnerabilities for packages: fq, step-issuer, zot, minio, istio, hydra, crossplane-provider-azure-storage, prometheus-operator, traefik, telegraf, caddy, terraform-provider-acme, crossplane-provider-azure-authorization, kots, cilium, grafana-pyroscope, hubble, opentelemetry-collector, nerdctl,...

GHSA-WRH2-89VG-4J9G vulnerabilities

Vulnerabilities for packages: fq, step-issuer, zot, minio, istio, hydra, crossplane-provider-azure-storage, prometheus-operator, traefik, telegraf, caddy, terraform-provider-acme, crossplane-provider-azure-authorization, kots, cilium, grafana-pyroscope, hubble, opentelemetry-collector, nerdctl,...

GHSA-W9P8-PVXH-RXPJ vulnerabilities

Vulnerabilities for packages: fq, step-issuer, zot, minio, istio, hydra, crossplane-provider-azure-storage, prometheus-operator, traefik, telegraf, caddy, terraform-provider-acme, crossplane-provider-azure-authorization, kots, cilium, grafana-pyroscope, hubble, opentelemetry-collector, nerdctl,...

GHSA-M9X8-M34X-FJ9Q vulnerabilities

Vulnerabilities for packages: fq, step-issuer, zot, minio, istio, hydra, crossplane-provider-azure-storage, prometheus-operator, traefik, telegraf, caddy, terraform-provider-acme, crossplane-provider-azure-authorization, kots, cilium, grafana-pyroscope, hubble, opentelemetry-collector, nerdctl,...

SUSE CVE-2026-48526

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...

EUVD-2026-33166

A flaw was found in glib-networking. A remote attacker can exploit this vulnerability by presenting a specially crafted certificate chain to an application that uses glib-networking with the GnuTLS backend enabled and performs certificate verification. This crafted chain, which contains circular...

Linux Distros Unpatched Vulnerability : CVE-2026-10028

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in glib-networking. A remote attacker can exploit this vulnerability by presenting a specially crafted certificate chain to an application that...

CVE-2026-42789

Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP publickey pubkeycert module allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/publickey/src/pubkeycert.erl, pubkeycert:validateextensions/7 contains two...

CVE-2026-10028

A flaw was found in glib-networking. A remote attacker can exploit this vulnerability by presenting a specially crafted certificate chain to an application that uses glib-networking with the GnuTLS backend enabled and performs certificate verification. This crafted chain, which contains circular...

DEBIAN-CVE-2026-10028

A flaw was found in glib-networking. A remote attacker can exploit this vulnerability by presenting a specially crafted certificate chain to an application that uses glib-networking with the GnuTLS backend enabled and performs certificate verification. This crafted chain, which contains circular...

CVE-2026-10028

A flaw was found in glib-networking. A remote attacker can exploit this vulnerability by presenting a specially crafted certificate chain to an application that uses glib-networking with the GnuTLS backend enabled and performs certificate verification. This crafted chain, which contains circular...

CVE-2026-10028

A flaw was found in glib-networking. A remote attacker can exploit this vulnerability by presenting a specially crafted certificate chain to an application that uses glib-networking with the GnuTLS backend enabled and performs certificate verification. This crafted chain, which contains circular...

PYSEC-2026-179

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...

DEBIAN-CVE-2026-48526

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...

CVE-2026-48526

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...

PYSEC-0000-CVE-2026-48526

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...