Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...

CVE-2026-32254

Kube-router is a turnkey solution for Kubernetes networking. Prior to version 2.8.0, Kube-router's proxy module does not validate externalIPs or loadBalancer IPs before programming them into the node's network configuration. Version 2.8.0 contains a patch for the issue. Available workarounds...

CVE-2026-32265 Amazon S3 for Craft CMS has an Information Disclosure vulnerability

The Amazon S3 for Craft CMS plugin provides an Amazon S3 integration for Craft CMS. In versions 2.0.2 through 2.2.4, unauthenticated users can view a list of buckets the plugin has access to. The BucketsController-actionLoadBucketData endpoint allows unauthenticated users with a valid CSRF token ...

CVE-2026-32254

CVE-2026-32254 (Kube-router) affects the kube-router proxy module in Kubernetes networking before version 2.8.0, where ExternalIPs and LoadBalancer IPs are not validated before being programmed into node network configurations. This can enable cluster-wide traffic hijacking and DNS DoS if malicio...

CVE-2026-32254 Kube-router Proxy Module Blindly Trusts ExternalIPs/LoadBalancer IPs Enabling Cluster-Wide Traffic Hijacking and DNS DoS

Kube-router is a turnkey solution for Kubernetes networking. Prior to version 2.8.0, Kube-router's proxy module does not validate externalIPs or loadBalancer IPs before programming them into the node's network configuration. Version 2.8.0 contains a patch for the issue. Available workarounds...

CVE-2026-32254 Kube-router Proxy Module Blindly Trusts ExternalIPs/LoadBalancer IPs Enabling Cluster-Wide Traffic Hijacking and DNS DoS

Kube-router is a turnkey solution for Kubernetes networking. Prior to version 2.8.0, Kube-router's proxy module does not validate externalIPs or loadBalancer IPs before programming them into the node's network configuration. Version 2.8.0 contains a patch for the issue. Available workarounds...

CVE-2026-32254 Kube-router Proxy Module Blindly Trusts ExternalIPs/LoadBalancer IPs Enabling Cluster-Wide Traffic Hijacking and DNS DoS

Kube-router is a turnkey solution for Kubernetes networking. Prior to version 2.8.0, Kube-router's proxy module does not validate externalIPs or loadBalancer IPs before programming them into the node's network configuration. Version 2.8.0 contains a patch for the issue. Available workarounds...

CVE-2026-32254

Kube-router is a turnkey solution for Kubernetes networking. Prior to version 2.8.0, Kube-router's proxy module does not validate externalIPs or loadBalancer IPs before programming them into the node's network configuration. Version 2.8.0 contains a patch for the issue. Available workarounds...

DEBIAN-CVE-2026-28500

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load due to improper logic in the repository trust verification mechanism. While the function is designed to warn users...

CVE-2026-28500

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load due to improper logic in the repository trust verification mechanism. While the function is designed to warn users...

CVE-2026-28500

CVE-2026-28500 affects ONNX up to v1.20.1 where onnx.hub.load() bypasses security checks due to flawed repository trust logic. The silent=True flag silences warnings and prompts, enabling a vector for zero-interaction supply-chain attacks. When combined with filesystem vulnerabilities, an attacke...

CVE-2026-28500

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load due to improper logic in the repository trust verification mechanism. While the function is designed to warn users...

CVE-2026-30048

A stored cross-site scripting XSS vulnerability exists in the NotChatbot WebChat widget thru 1.4.4. User-supplied input is not properly sanitized before being stored and rendered in the chat conversation history. This allows an attacker to inject arbitrary JavaScript code which is executed when t...

PT-2026-26202

Name of the Vulnerable Software and Affected Versions DeepDiff versions 5.0.0 through 8.6.1 Description DeepDiff is a Python project for deep difference and search of data. The pickle unpickler RestrictedUnpickler validates which classes can be loaded but does not limit their constructor argument...

HTSlib 安全漏洞

HTSlib is a C-language library file developed by samtools. Versions of HTSlib prior to 1.23.1, 1.22.2, and 1.21.1 have security vulnerabilities. These vulnerabilities stem from the bgzfindexloadhfile function, which involves integer overflows, potentially leading to heap buffer overflows...

Linux Distros Unpatched Vulnerability : CVE-2025-71265

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs: ntfs3: fix infinite loop in attrloadrunsrange on inconsistent metadata We found an infinite loop bug in the ntfs3 file system that can lead to a...

Defending the Power Grid by Segmenting the EV Charging Cyber Infrastructure

This paper examines defending the power grid against load-altering attacks using electric vehicle charging. It proposes to preventively segment the cyber infrastructure that charging station operators CSOs use to communicate with and control their charging stations, thereby limiting the impact of...

ONNX 安全漏洞

ONNX Open Neural Network Exchange is an open standard for machine learning interoperability, developed under the ONNX open source framework. Versions of ONNX prior to 1.20.1 contain security vulnerabilities. These vulnerabilities stem from improper logic in the repository trust verification...

Amazon S3 for Craft CMS 信息泄露漏洞

Amazon S3 for Craft CMS is an open-source file storage integration plugin for Craft CMS. Versions of Amazon S3 for Craft CMS 2.2.4 and earlier have a vulnerability known as information leakage. This vulnerability stems from improper access control at the BucketsController-actionLoadBucketData...

kube-router 安全漏洞

Kube-router is a Kubernetes networking solution open sourced by CloudNative Labs. Versions of Kube-router prior to 2.8.0 contained security vulnerabilities. These vulnerabilities stemmed from the proxy module not verifying the externalIPs or loadBalancer IPs, which could lead to improper network...