CVE-2026-34717 OpenProject: SQL Injection in Cost Reporting =n Operator via parse_number_string

OpenProject is an open-source, web-based project management software. Prior to version 17.2.3, the =n operator in modules/reporting/lib/report/operator.rb:177 embeds user input directly into SQL WHERE clauses without parameterization. This issue has been patched in version 17.2.3...

EUVD-2026-18470

OpenProject is an open-source, web-based project management software. Prior to version 17.2.3, the =n operator in modules/reporting/lib/report/operator.rb:177 embeds user input directly into SQL WHERE clauses without parameterization. This issue has been patched in version 17.2.3...

Important: Red Hat Security Advisory: Red Hat build of Keycloak 26.4.11 Images Update

New images are available for Red Hat build of Keycloak 26.4.11 and Red Hat build of Keycloak 26.4.11 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Ha...

Important: Red Hat Security Advisory: Red Hat build of Keycloak 26.2.15 Images Update

New images are available for Red Hat build of Keycloak 26.2.15 and Red Hat build of Keycloak 26.2.15 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Ha...

OpenProject SQL注入漏洞

OpenProject is an open-source web-based project management software. Versions of OpenProject prior to 17.2.3 had a SQL injection vulnerability. This vulnerability stemmed from the use of the = operator, which directly embedded user input into the SQL WHERE clause, potentially allowing SQL injecti...

Improper Neutralization of Special Elements in Data Query Logic

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the searchCustomPages process. An attacker can access unintended content by submitti...

EUVD-2026-17652

AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI Guard...

Access Control Bypass

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Access Control Bypass due to a PHP operator precedence issue in the CLI access guard of the install/deleteSystemdPrivate.php script. An attacker can cause deletion...

GHSA-WWPW-HRX8-79R5 AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI Guard

Summary The AVideo installation script install/deleteSystemdPrivate.php contains a PHP operator precedence bug in its CLI-only access guard. The script is intended to run exclusively from the command line, but the guard condition !phpsapiname === 'cli' never evaluates to true due to how PHP...

AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI Guard

Summary The AVideo installation script install/deleteSystemdPrivate.php contains a PHP operator precedence bug in its CLI-only access guard. The script is intended to run exclusively from the command line, but the guard condition !phpsapiname === 'cli' never evaluates to true due to how PHP...

CLEANSTART-2026-RG24361 Security fixes for CVE-2025-11143, CVE-2026-1605, ghsa-72hv-8253-57qq, ghsa-cphf-4846-3xx9 applied in versions: 0.50.0-r0, 0.51.0-r0

Multiple security vulnerabilities affect the strimzi-kafka-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-PM59896 Security fixes for CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61729 applied in versions: 1.41.1-r0, 1.41.1-r1

Multiple security vulnerabilities affect the helm-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-BB17877 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142 applied in versions: 0.87.1-r0, 0.89.0-r0

Multiple security vulnerabilities affect the prometheus-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-BP32212 Security fixes for CVE-2025-61727, CVE-2025-61729, CVE-2025-61732, CVE-2025-68121, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 0.87.0-r0, 0.87.0-r1, 0.88.0-r0

Multiple security vulnerabilities affect the prometheus-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-RE45064 Security fixes for ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 5.0.18-r7

Multiple security vulnerabilities affect the minio-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-KW35511 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-68121, CVE-2026-24515, CVE-2026-25210, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x applied in versions: 5.0.18-r6, 5.0.18-r7

Multiple security vulnerabilities affect the minio-operator-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-GC37751 Security fixes for CVE-2025-61732, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, ghsa-66jq-2c23-2xh5, ghsa-9h8m-3fm2-qjrq applied in versions: 0.65.0-r0, 0.65.0-r1

Multiple security vulnerabilities affect the victoriametrics-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-CK42797 Security fixes for CVE-2025-61732, CVE-2025-68121, CVE-2026-1229, CVE-2026-25679, CVE-2026-25934, CVE-2026-27139, CVE-2026-27142, ghsa-37cx-329c-33x3 applied in versions: 0.18.0-r1, 1.16.0-r0

Multiple security vulnerabilities affect the pulumi-kubernetes-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-GQ14179 Security fixes for CVE-2025-11143, CVE-2025-53864, CVE-2025-55163, CVE-2025-58056, CVE-2025-58057, CVE-2025-67735, CVE-2025-68161, CVE-2026-1002, CVE-2026-1605, ghsa-72hv-8253-57qq applied in versions: 0.46.1-r3, 0.46.1-r4

Multiple security vulnerabilities affect the strimzi-kafka-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-IA43044 Security fixes for CVE-2020-8908, CVE-2022-42889, CVE-2023-2976, CVE-2024-25710, CVE-2024-26308, CVE-2024-29371, CVE-2024-29857, CVE-2024-30171, CVE-2024-31573, CVE-2024-47554, CVE-2025-11143, CVE-2025-12383, CVE-2025-48734, CVE-2025-48924, CVE-2025-58057, CVE-2025-67735, CVE-2025-68161, CVE-2025-8916, CVE-2026-1002, CVE-2026-1605, ghsa-72hv-8253-57qq applied in versions: 0.47.0-r2, 0.47.0-r3

Multiple security vulnerabilities affect the strimzi-kafka-operator package. These issues are resolved in later releases. See references for individual vulnerability details...