IBM MQ Operator和IBM supplied MQ Advanced container images 日志信息泄露漏洞

IBM MQ Operator and IBM supplied MQ Advanced container images are products of International Business Machines Corporation IBM. IBM MQ Operator is a tool used to manage the lifecycle of IBM MQ queue managers. IBM supplied MQ Advanced container images are Docker/OCI container images. Both IBM MQ...

Files or Directories Accessible to External Parties

Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via the jarURI parameter in FlinkSessionJob's validateSessionJob, which is not properly validated. A user with Custom Resource create permissions can access arbitrary files from the...

CVE-2026-40564

Files or Directories Accessible to External Parties, Server-Side Request Forgery SSRF vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses. This lets a user with CR create permissions read files...

CVE-2026-40564

Files or Directories Accessible to External Parties, Server-Side Request Forgery SSRF vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses. This lets a user with CR create permissions read files...

CVE-2026-40564 Apache Flink Kubernetes Operator: Server-Side Request Forgery and local file access in Kubernetes Operator

Files or Directories Accessible to External Parties, Server-Side Request Forgery SSRF vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses. This lets a user with CR create permissions read files...

EUVD-2026-31846

Files or Directories Accessible to External Parties, Server-Side Request Forgery SSRF vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses. This lets a user with CR create permissions read files...

CVE-2026-40564 Apache Flink Kubernetes Operator: Server-Side Request Forgery and local file access in Kubernetes Operator

Files or Directories Accessible to External Parties, Server-Side Request Forgery SSRF vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points to user-owned files or addresses. This lets a user with CR create permissions read files...

CVE-2026-40564

The CVE concerns Apache Flink Kubernetes Operator where FlinkSessionJob.jarURI is not validated. In versions 1.3.0 through 1.14.x (up to 1.15.0), a user with CR create permissions can cause the operator pod to fetch arbitrary URLs or access the pod’s filesystem via the jarURI, enabling SSRF and l...

MAL-2026-4782 Malicious code in @catclaw/message-logger-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf070f85ba454a799d80e6998ee717f0fc9084513041893a164752162e0b0864 On plugin registration, the log-collector is enabled by default and uploads session JSONL files from /.openclaw/agents//sessions to...

SUSE CVE-2026-9277

shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore passed...

GHSA-C32J-VQHX-RX3X vulnerabilities

Vulnerabilities for packages: kube-logging-operator, kube-fluentd-operator, cinc-auditor...

CVE-2026-45363 vulnerabilities

Vulnerabilities for packages: kube-logging-operator, kube-fluentd-operator, cinc-auditor...

CVE-2026-45363 vulnerabilities

Vulnerabilities for packages: kube-fluentd-operator, logstash, kube-logging-operator, cinc-auditor, gitlab-rails-ce-fips, gitlab-rails-ce...

GHSA-C32J-VQHX-RX3X vulnerabilities

Vulnerabilities for packages: kube-fluentd-operator, logstash, kube-logging-operator, cinc-auditor, gitlab-rails-ce-fips, gitlab-rails-ce...

Apache Flink Kubernetes Operator 安全漏洞

Apache Flink Kubernetes Operator is an operations component for Flink clusters developed by the Apache Foundation. Versions of Apache Flink Kubernetes Operator from 1.3.0 to 1.15.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of validation of the jarURI in...

PT-2026-43265

Name of the Vulnerable Software and Affected Versions Apache Flink Kubernetes Operator versions 1.3.0 through 1.14.x Description A Server-Side Request Forgery SSRF and local file access issue exists where the jarURI in FlinkSessionJob is not validated. This allows a user with CR create permission...

ZTE ZXUniPOS NDS-LTE 安全漏洞

ZTE ZXUniPOS NDS-LTE is an operator network positioning platform developed by ZTE Corporation. ZTE ZXUniPOS NDS-LTE has a security vulnerability, which stems from business logic defects. Attackers can exploit the features of legitimate applications in an unintended and abnormal manner to carry ou...

GHSA-FQW6-GF59-QR4W vulnerabilities

Vulnerabilities for packages: rancher, kots, trivy, linkerd2, containerd, k9s, opa, helm-set-status, wolfictl, helm, syft, cluster-api-helm-controller, gatekeeper, spegel, kargo, tw, docker-cli-buildx, k8ssandra-client, k8sgpt, steampipe, envoy-gateway, neuvector-scanner, tigera-operator, kaniko,...

CVE-2026-46680 vulnerabilities

Vulnerabilities for packages: rancher, kots, trivy, linkerd2, containerd, k9s, opa, helm-set-status, wolfictl, helm, syft, cluster-api-helm-controller, gatekeeper, spegel, kargo, tw, docker-cli-buildx, k8ssandra-client, k8sgpt, steampipe, envoy-gateway, neuvector-scanner, tigera-operator, kaniko,...

CVE-2026-46680 vulnerabilities

Vulnerabilities for packages: kube-arangodb-fips, containerd-fips, gitlab-rails-ce-fips, newrelic-infrastructure-agent-fips, steampipe, skaffold, rancher-agent, spegel, envoy-gateway-fips, k8ssandra-client-fips, cloudbeat-fips, redpanda-operator, helm-exporter-fips, helm-fips, chaos-mesh-fips,...