CVE-2026-8670 Insecure session handling on metrics web server

Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs aka Session Replay. This issue affects Avantra: before 25.3.1...

nimiq-block-production (>=0.1.0 <=0.2.0), nimiq-client (>=0.1.0 <=0.2.0) +6 more potentially affected by CVE-2026-34066 via nimiq-blockchain (>=0.1.0 <=0.2.0)

nimiq-blockchain CARGO version =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2026-34066 Source advisory: OSV:GHSA-J99G-7RQW-Q9JG...

nimiq-accounts (>=0.1.0 <=0.2.0), nimiq-block-production (>=0.1.0 <=0.2.0) +11 more potentially affected by CVE-2026-33471 via nimiq-block (>=0.1.0 <=0.2.0)

nimiq-block CARGO version =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2026-33471 Source advisory: OSV:GHSA-6973-8887-87FF...

nimiq-client (>=0.1.0 <=0.2.0), nimiq-lib (>=0.1.0 <=0.2.0) +2 more potentially affected by CVE-2026-34069 via nimiq-consensus (>=0.1.0 <=0.2.0)

nimiq-consensus CARGO version =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2026-34069 Source advisory: OSV:GHSA-48M6-486P-9J8P...

CLEANSTART-2026-AU31441 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the metrics-server-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

CLEANSTART-2026-UL17352 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the metrics-server-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

CLEANSTART-2026-NV82543 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the metrics-server-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

GHSA-RXV8-V965-V333 vulnerabilities

Vulnerabilities for packages: metrics-server...

GHSA-9V7R-X7CV-V437 vulnerabilities

Vulnerabilities for packages: metrics-server...

GHSA-892H-R6CR-53G4 vulnerabilities

Vulnerabilities for packages: metrics-server...

GHSA-VQ7J-GX56-RXJH vulnerabilities

Vulnerabilities for packages: kind, falco, metrics-server...

GHSA-VV9M-32RR-3G55 vulnerabilities

Vulnerabilities for packages: kind, falco, metrics-server...

GHSA-679V-HH23-H5JH vulnerabilities

Vulnerabilities for packages: kind, falco, metrics-server...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: temporal-ui-server, nri-mongodb, secrets-store-csi-driver-provider-azure, bazelisk, buildkitd, petname, nri-nginx, thanos-operator, up, stakater-reloader, thanos, envoy-ratelimit, configmap-reload, gomplate, aws-flb-cloudwatch, runc, kustomize, nri-kafka, hubble-ui,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: temporal-ui-server, nri-mongodb, secrets-store-csi-driver-provider-azure, bazelisk, buildkitd, petname, nri-nginx, thanos-operator, up, stakater-reloader, thanos, envoy-ratelimit, configmap-reload, gomplate, aws-flb-cloudwatch, runc, kustomize, nri-kafka, hubble-ui,...

GHSA-7WRW-R4P8-38RX vulnerabilities

Vulnerabilities for packages: temporal-ui-server, nri-nginx, thanos-operator, vendir, src-fingerprint, redka, vault-k8s, timoni, amazon-k8s-cni, kubernetes-release, hcloud, sftpgo-plugin-eventsearch, dive, terraform-docs, opa-envoy, prometheus-pushgateway, go-md2man, k6, prometheus-alertmanager,...

GHSA-9V7R-X7CV-V437 vulnerabilities

Vulnerabilities for packages: metrics-server...

GHSA-VQ7J-GX56-RXJH vulnerabilities

Vulnerabilities for packages: metrics-server, falco, kind...

GHSA-892H-R6CR-53G4 vulnerabilities

Vulnerabilities for packages: metrics-server...

GHSA-RXV8-V965-V333 vulnerabilities

Vulnerabilities for packages: metrics-server...