95 matches found
GHSA-RM3J-F69W-WQMQ vulnerabilities
Vulnerabilities for packages: packer-fips, crossplane-provider-aws-networkmanager, crossplane-provider-aws-organizations, crossplane-provider-azure-signalrservice, spire-server, crossplane-provider-aws-elasticache-fips, grype-db, pulumi-kubernetes-operator, tflint, crossplane-provider-aws-route53...
GHSA-Q4H4-GMJ2-QVW2 vulnerabilities
Vulnerabilities for packages: packer-fips, crossplane-provider-aws-networkmanager, crossplane-provider-aws-organizations, crossplane-provider-azure-signalrservice, spire-server, crossplane-provider-aws-elasticache-fips, grype-db, pulumi-kubernetes-operator, tflint, crossplane-provider-aws-route53...
WordPress Kargo Takip plugin <= 1.2 - Unauthenticated Server-Side Request Forgery vulnerability
Unauthenticated Server-Side Request Forgery vulnerability discovered by Eason - The University of Sydney in WordPress Plugin Kargo Takip versions = 1.2...
CVE-2026-12095
The Kargo Takip plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2 via the 'apiurl' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be...
CVE-2026-12095
The CVE-2026-12095 entry concerns the WordPress plugin Kargo Takip (versions up to 1.2). It describes an unauthenticated Server-Side Request Forgery (SSRF) via the api_url parameter, enabling an attacker to cause the application to make web requests to arbitrary locations from within the web app....
CVE-2026-12095 Kargo Takip <= 1.2 - Unauthenticated Server-Side Request Forgery via 'api_url' Parameter
The Kargo Takip plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2 via the 'apiurl' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be...
CVE-2026-12095
The Kargo Takip plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2 via the 'apiurl' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be...
EUVD-2026-38670
The Kargo Takip plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2 via the 'apiurl' parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be...
PT-2026-51672
Name of the Vulnerable Software and Affected Versions Kargo Takip versions prior to 1.3 Description The Kargo Takip plugin for WordPress contains a Server-Side Request Forgery SSRF issue. This allows unauthenticated attackers to initiate web requests to arbitrary locations from the web applicatio...
GHSA-VVGJ-X9JQ-8CJ9 vulnerabilities
Vulnerabilities for packages: kyverno-policy-reporter-ui, traefik, ipfs-cluster, prometheus-blackbox-exporter, dkron, spegel, kube-metrics-adapter, frp, k3s, kargo, opentelemetry-operator, q, jitsucom-bulker, kubo, teleport, kyverno-policy-reporter, k8sgateway, coredns, kubernetes-dns-node-cache...
CVE-2026-40898 vulnerabilities
Vulnerabilities for packages: kyverno-policy-reporter-ui, traefik, ipfs-cluster, prometheus-blackbox-exporter, dkron, spegel, kube-metrics-adapter, frp, k3s, kargo, opentelemetry-operator, q, jitsucom-bulker, kubo, teleport, kyverno-policy-reporter, k8sgateway, coredns, kubernetes-dns-node-cache...
CVE-2026-42350
Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo query parameter. This issue has been patched in versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2...
GHSA-389R-GV7P-R3RP vulnerabilities
Vulnerabilities for packages: snyk-cli, pulumi-language-yaml, trufflehog, crossplane, rancher-fleet, terragrunt, kubescape, xeol, flux-source-controller, flux-image-automation-controller, nuclei, gomplate, wolfictl, gitaly, scorecard, apko, external-secrets-operator, grafana, grafana-alloy,...
CVE-2026-45022 vulnerabilities
Vulnerabilities for packages: kubevela, packer-fips, src-fingerprint, tfsec, zarf-fips, xeol, osv-scanner, k9s-fips, argocd-image-updater, grype-db, pulumi-kubernetes-operator, trivy-fips, argo-events, apko, melange, cloudbeat, amazon-ssm-agent, external-secrets-operator, nuclei, trufflehog-fips,...
CVE-2026-42350
Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo query parameter. This issue has been patched in versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2...
EUVD-2026-28857
Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo query parameter. This issue has been patched in versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2...
CVE-2026-42350
Kargo Open Redirect in UI OIDC Login Flow (CVE-2026-42350). Affected versions: prior to 1.7.10, 1.8.13, 1.9.8, and 1.10.2. Root cause: open redirect via the redirectTo query parameter in the UI OIDC login flow. Impact: describes an open redirect vulnerability with potential to redirect users to e...
CVE-2026-42350
Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo query parameter. This issue has been patched in versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2...
CVE-2026-42350 Kargo: Open Redirect in UI OIDC Login Flow via redirectTo Query Parameter
Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo query parameter. This issue has been patched in versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2...
CVE-2026-42350 Kargo: Open Redirect in UI OIDC Login Flow via redirectTo Query Parameter
Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo query parameter. This issue has been patched in versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2...