58579 matches found
GHSA-RV83-G57W-FR8J vulnerabilities
Vulnerabilities for packages: kind, ratify, cluster-api-aws-controller, kube-bench, prometheus-alertmanager, nri-prometheus, cluster-api-provider-vsphere, render-template, xcaddy, rancher-telemetry, cert-manager, kubernetes-ingress-defaultbackend, azurefile-csi, git-sync, pluto, php-fpmexporter,...
CVE-2026-25679 vulnerabilities
Vulnerabilities for packages: knative-net-istio-fips, kapp, datadog-agent, influxd, restic-fips, http-echo, gatus-fips, kube-bench, custom-pod-autoscaler-fips, ingress-nginx-controller, postgres-operator-fips, terraform-provider-azuread, crossplane-provider-aws-sqs-fips, elastic-agent,...
GHSA-J4J7-VW47-RHFQ vulnerabilities
Vulnerabilities for packages: knative-net-istio-fips, datadog-agent, influxd, restic-fips, gatus-fips, ingress-nginx-controller, terraform-provider-azuread, crossplane-provider-aws-sqs-fips, elastic-agent, kube-state-metrics, goose, kapp-controller-fips, ollama-fips, envoy-gateway-fips, snyk-cli,...
GHSA-RV83-G57W-FR8J vulnerabilities
Vulnerabilities for packages: knative-net-istio-fips, kapp, datadog-agent, influxd, restic-fips, http-echo, gatus-fips, kube-bench, custom-pod-autoscaler-fips, ingress-nginx-controller, postgres-operator-fips, terraform-provider-azuread, crossplane-provider-aws-sqs-fips, elastic-agent,...
CLEANSTART-2026-AB04032 OpenTelemetry-Go is the Go implementation of OpenTelemetry
Multiple security vulnerabilities affect the fluent-operator-fips package. OpenTelemetry-Go is the Go implementation of OpenTelemetry. See references for individual vulnerability details...
PT-2026-24455
Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 9.5.2-alpha.6 Parse Server versions prior to 8.6.19 Description Parse Server, an open source backend deployable on Node.js infrastructures, contains a flaw in its validation process for protected fields. The...
Incorrect Authorization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the chat.send process. An attacker can perform unauthorized persistent configuration changes by routing /config set or /config unset commands through an...
OpenClaw: `operator.write` chat.send could reach admin-only config writes
Summary A gateway client authenticated with operator.write could route /config set or /config unset through chat.send and reach persistent config mutation even though direct config RPC methods are admin-scoped. Affected Packages / Versions - Package: openclaw npm - Latest published vulnerable...
GHSA-HFPR-JHPQ-X4RM OpenClaw: `operator.write` chat.send could reach admin-only config writes
Summary A gateway client authenticated with operator.write could route /config set or /config unset through chat.send and reach persistent config mutation even though direct config RPC methods are admin-scoped. Affected Packages / Versions - Package: openclaw npm - Latest published vulnerable...
Information Disclosure
github.com/authzed/spicedb is vulnerable to Information Disclosure. The vulnerability is due to the exclusion operator in the authorization schema, where a large payload can cause the WriteRelationships call to fail silently, and incorrect permission check results are returned, allowing attackers...
CVE-2025-69219 Apache Airflow Providers Http: Unsafe Pickle Deserialization in apache-airflow-providers-http leading to RCE via HttpOperator
A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended for Airflow, the likelihood of it making any damage is low...
PT-2026-24022
Name of the Vulnerable Software and Affected Versions Apache Airflow Providers Http versions prior to 6.0.0 Description A user with database access can create a malicious database entry that executes code on the Triggerer, granting them the same permissions as a Dag Author. Direct database access...
CVE-2026-1605 vulnerabilities
Vulnerabilities for packages: solr, akhq, dependency-track, kafka, trino, confluent-kafka, apache-pulsar, druid, strimzi-kafka-operator, neo4j...
GHSA-XXH7-FCF3-RJ7F vulnerabilities
Vulnerabilities for packages: solr, akhq, dependency-track, kafka, trino, confluent-kafka, apache-pulsar, druid, strimzi-kafka-operator, neo4j...
CVE-2026-1605 vulnerabilities
Vulnerabilities for packages: apache-pulsar-fips, confluent-kafka-jre-bcfips, neo4j, solr, akhq, apache-hop, druid, kafka, apache-hop-fips, trino, confluent-kafka, dependency-track, dependency-track-apiserver, strimzi-kafka-operator, apache-jena-fuseki, jenkins, apache-pulsar, kafka-fips...
GHSA-XXH7-FCF3-RJ7F vulnerabilities
Vulnerabilities for packages: apache-pulsar-fips, confluent-kafka-jre-bcfips, neo4j, solr, akhq, apache-hop, druid, kafka, apache-hop-fips, trino, confluent-kafka, dependency-track, dependency-track-apiserver, strimzi-kafka-operator, apache-jena-fuseki, jenkins, apache-pulsar, kafka-fips...
CVE-2026-28473
OpenClaw versions prior to 2026.2.2 contain an authorization bypass vulnerability where clients with operator.write scope can approve or deny exec approval requests by sending the /approve chat command. The /approve command path invokes exec.approval.resolve through an internal privileged gateway...
CLEANSTART-2026-GI57625 OpenTelemetry-Go is the Go implementation of OpenTelemetry
Security vulnerability affects the fluent-operator-fips package. OpenTelemetry-Go is the Go implementation of OpenTelemetry...
CLEANSTART-2026-PP62083 OpenTelemetry-Go is the Go implementation of OpenTelemetry
Multiple security vulnerabilities affect the fluent-operator-fips package. OpenTelemetry-Go is the Go implementation of OpenTelemetry. See references for individual vulnerability details...
CVE-2026-28472
OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allows skipping device identity checks when auth.token is present but not validated. Attackers can connect to the gateway without providing device identity or pairing by exploiting t...