EUVD-2025-12838

Malicious code in bioql PyPI...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : cosign (SUSE-SU-2025:02592-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02592-1 advisory. Update to version 2.5.3 jscSLE-23879: - CVE-2025-46569: Fixed OPA server Data API HTTP path injection of...

Security update for cosign

This update for cosign fixes the following issues: Update to version 2.5.3 jscSLE-23879: CVE-2025-46569: Fixed OPA server Data API HTTP path injection of Rego bsc1246725 Changelog: Update to 2.5.3: Add signing-config create command 4280 Allow multiple services to be specified for trusted-root...

GO-2025-3660 OPA server Data API HTTP path injection of Rego in github.com/open-policy-agent/opa

OPA server Data API HTTP path injection of Rego in github.com/open-policy-agent/opa...

Incorrect Authorization

Overview github.com/open-policy-agent/opa/server is an open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack. Affected versions of this package are vulnerable to Incorrect Authorization via the HTTP Data API. An attacker can...

CVE-2025-46569 OPA server Data API HTTP path injection of Rego

Open Policy Agent OPA is an open source, general-purpose policy engine. Prior to version 1.4.0, when run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a virtual document through the Data API entails policy evaluation, where a Rego query containing a singl...

CVE-2025-46569 OPA server Data API HTTP path injection of Rego

Open Policy Agent OPA is an open source, general-purpose policy engine. Prior to version 1.4.0, when run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a virtual document through the Data API entails policy evaluation, where a Rego query containing a singl...

OPA server Data API HTTP path injection of Rego

Impact When run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a virtual document through the Data API entails policy evaluation, where a Rego query containing a single data document reference is constructed from the requested path. This query is then used...

GHSA-6M8W-JC87-6CR7 OPA server Data API HTTP path injection of Rego

Impact When run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a virtual document through the Data API entails policy evaluation, where a Rego query containing a single data document reference is constructed from the requested path. This query is then used...