58579 matches found
Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.0.11
Red Hat OpenShift Service Mesh 3.0.11 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh...
GHSA-389R-GV7P-R3RP vulnerabilities
Vulnerabilities for packages: rancher-fleet, zarf, argo-events, pulumi-kubernetes-operator, gitaly, nuclei, kubevela, scorecard, argo-cd, wolfictl, nfpm, gitsign, grafana, argo-workflows, witness, melange, xeol, pulumi, crossplane, kubescape, kargo, trivy-operator, flux-image-automation-controlle...
CVE-2026-45022 vulnerabilities
Vulnerabilities for packages: trivy, coder-fips, nuclei, gitlab-runner, scorecard, mapotf-fips, kubescape-server, grafana, kaniko-fips, google-osconfig-agent, redpanda-console, gitea, flux-fips, kubescape, guac, snyk-cli, argo-workflows-fips, argocd-image-updater, grype, argo-workflows, bom,...
CVE-2025-15633
An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data site names, versions, and configuration variables and bypass privilege requirements via unprotected endpoints lacking adequate security headers...
CVE-2026-42876
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.1, a user who only has permission to create ExternalSecret resources can cause the operator to create a Secret that Kubernetes will automatically populat...
CVE-2026-42875
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.0, Namespaced SecretStore resources that used CAProvider with type ConfigMap could resolve CA material from another namespace when caProvider.namespace w...
CVE-2026-42876
External Secrets Operator (ESO) vulnerability where a user with permission to create ExternalSecret resources can trigger creation of a Secret populated with a long‑lived token for a service account, enabling impersonation of that service account in the namespace. This privilege escalation is pos...
CVE-2026-42876 External Secrets Operator: Priviledge escalation with secret overwriting
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.1, a user who only has permission to create ExternalSecret resources can cause the operator to create a Secret that Kubernetes will automatically populat...
CVE-2026-42876 External Secrets Operator: Priviledge escalation with secret overwriting
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.1, a user who only has permission to create ExternalSecret resources can cause the operator to create a Secret that Kubernetes will automatically populat...
CVE-2026-42875 External Secrets Operator: Namespace Isolation Bypass in CAProvider ConfigMap Resolution for SecretStore
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Prior to 2.4.0, Namespaced SecretStore resources that used CAProvider with type ConfigMap could resolve CA material from another namespace when caProvider.namespace w...
CVE-2026-42875
External Secrets Operator contains a namespace isolation bypass in CAProvider ConfigMap resolution for SecretStore. Before v2.4.0, Namespaced SecretStore resources using CAProvider with type ConfigMap could resolve CA material from another namespace when caProvider.namespace was set, bypassing th...
EUVD-2026-29146
OpenClaw before 2026.4.20 contains a guard bypass vulnerability in the agent-facing gateway config.patch and config.apply endpoints that fails to protect operator-trusted settings including sandbox policy, plugin enablement, gateway auth/TLS, hook routing, MCP server configuration, SSRF policy, a...
CVE-2026-45001
OpenClaw before 2026.4.20 contains a guard bypass vulnerability in the agent-facing gateway config.patch and config.apply endpoints that fails to protect operator-trusted settings including sandbox policy, plugin enablement, gateway auth/TLS, hook routing, MCP server configuration, SSRF policy, a...
CVE-2026-43896
jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jvobjectmergerecursive allows a crafted jq program to crash the process with a segfault. The function is reachable through the operator when both operands are objects...
UBUNTU-CVE-2026-43896
jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jvobjectmergerecursive allows a crafted jq program to crash the process with a segfault. The function is reachable through the operator when both operands are objects...
CVE-2026-45006 OpenClaw < 2026.4.23 - Unsafe Config Mutation via Gateway Tool Denylist Bypass
OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows compromised models to write unsafe configuration changes by bypassing an incomplete denylist protection. Attackers can persist malicious config...
CVE-2026-45001 OpenClaw < 2026.4.20 - Gateway Config Mutation Guard Bypass via Agent Tool Access
OpenClaw before 2026.4.20 contains a guard bypass vulnerability in the agent-facing gateway config.patch and config.apply endpoints that fails to protect operator-trusted settings including sandbox policy, plugin enablement, gateway auth/TLS, hook routing, MCP server configuration, SSRF policy, a...
CVE-2026-45001
OpenClaw prior to 2026.4.20 contains a guard bypass in the agent-facing gateway config.patch and config.apply endpoints that can persist unauthorized changes to operator-trusted settings (sandbox policy, plugin enablement, gateway auth/TLS, hook routing, MCP server configuration, SSRF policy, and...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.23 contained security vulnerabilities. These vulnerabilities stemmed from improper access control in the gateway tools config.apply and config.patch, allowing compromised models...
PT-2026-39690
OpenClaw before 2026.4.20 contains a guard bypass vulnerability in the agent-facing gateway config.patch and config.apply endpoints that fails to protect operator-trusted settings including sandbox policy, plugin enablement, gateway auth/TLS, hook routing, MCP server configuration, SSRF policy, a...