CVE-2026-47220

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.37.0 until 1.37.5 and 1.38.3, when the %REQUESTEDSERVERNAMEX:Y% is used in log format and host related options is specified, like HOSTFIRST, SNIFIRST, it's possible to crash Envoy when the specified host...

CVE-2026-47220

The CVE describes a crash in Envoy when using %REQUESTED_SERVER_NAME(X:Y)% in log format with host-related options (e.g., HOST_FIRST, SNI_FIRST) and the specified host header is missing in the request headers. Affected versions are 1.37.0 through 1.37.5 and 1.38.3. The vulnerability arises from t...

EUVD-2026-37792

When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition CRD access log format...

CVE-2026-50107 NGINX Gateway Fabric vulnerability

When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition CRD access log format...

CVE-2026-50107

CVE-2026-50107 : Affects NGINX Plus or NGINX Open Source used as the data plane for NGINX Gateway Fabric. The vulnerability lies in the configuration generator component: user-supplied values from the NginxProxy CRD access log format setting are rendered directly into NGINX configuration template...

PT-2026-50537

Name of the Vulnerable Software and Affected Versions NGINX Gateway Fabric affected versions not specified Description An injection issue exists in the NGINX configuration generator component of NGINX Gateway Fabric when NGINX Plus or NGINX Open Source is used as the data plane. User-supplied...

CVE-2026-3509

An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service DoS condition...

EUVD-2023-2743

Malicious code in bioql PyPI...

SUSE-SU-2025:20717-1 Security update for rust-keylime

This update for rust-keylime fixes the following issues: - Update vendored crate slab to version 0.4.11 CVE-2025-55159: Fixed incorrect bounds check in getdisjointmut function leading to undefined behavior or potential crash due to out-of-bounds access bsc1248006 - Update to version 0.2.8+12:...

Security update for rust-keylime

This update for rust-keylime fixes the following issues: Update vendored crate slab to version 0.4.11 CVE-2025-55159: Fixed incorrect bounds check in getdisjointmut function leading to undefined behavior or potential crash due to out-of-bounds access bsc1248006 Update to version 0.2.8+12:...

Security update for rust-keylime

This update for rust-keylime fixes the following issues: Update slab to version 0.4.11: CVE-2025-55159: Fixed incorrect bounds check in getdisjointmut function bsc1248006 Update to version 0.2.8+12: builddeps: bump actions/checkout from 4 to 5 builddeps: bump cfg-if from 1.0.0 to 1.0.1 builddeps:...

SUSE-SU-2025:02961-1 Security update for rust-keylime

This update for rust-keylime fixes the following issues: - Update slab to version 0.4.11: CVE-2025-55159: Fixed incorrect bounds check in getdisjointmut function bsc1248006 - Update to version 0.2.8+12: builddeps: bump actions/checkout from 4 to 5 builddeps: bump cfg-if from 1.0.0 to 1.0.1...

CVE-2025-54064

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. The common Rucio helm-charts for the rucio-server, rucio-ui, and rucio-webui define the log format for the apache access log of these components...

CVE-2025-54064

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. The common Rucio helm-charts for the rucio-server, rucio-ui, and rucio-webui define the log format for the apache access log of these components...

CVE-2025-54064 rucio-server, rucio-ui, and rucio-webui vulnerable to insertion of X-Rucio-Auth-Token in apache access logfiles

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. The common Rucio helm-charts for the rucio-server, rucio-ui, and rucio-webui define the log format for the apache access log of these components...

PT-2025-29919 · Unknown +2 · Rucio-Webui +3

Name of the Vulnerable Software and Affected Versions: rucio-server versions 37.0.2, 35.0.1, and 32.0.1 rucio-ui versions 37.0.4, 35.0.1, and 32.0.2 rucio-webui versions 37.0.2, 35.1.1, and 32.0.1 Description: Rucio is a software framework used to organize, manage, and access large volumes of...

CVE-2025-25184

A flaw was found in the rubygem-rack package. When a user provides the authorization credentials via Rack::Auth::Basic, if successful, the username is placed in env'REMOTEUSER' and later used by Rack::CommonLogger for logging purposes. The issue occurs when a server intentionally or unintentional...

Bootiful Spring Boot 3.4: Spring Boot

And now we’re back where we started: Spring Boot 3.4! This release is what pulls everything together. When you look at Spring Boot, remember that it normalizes the integration of all the projects it assembles and tries, wherever possible, to smooth out whatever integration issues might arise from...

SUSE CVE-2022-4886

Ingress-nginx path sanitization can be bypassed with logformat directive...

CVE-2022-4886

Ingress-nginx path sanitization can be bypassed with logformat directive...