97 matches found
SUSE-SU-2026:21989-1 Security update for google-guest-agent
This update for google-guest-agent fixes the following issues: Update to version 20260430.00 Update THIRDPARTYLICENSES to be package specific location. 608 Update dependencies and go version to 1.26.2 607 bsc1265762, CVE-2026-33814 Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 604...
Cross-site Scripting (XSS)
Overview @vitest/browser is a Browser running for Vitest Affected versions of this package are vulnerable to Cross-site Scripting XSS via the otelCarrier query parameter being directly inserted into an inline script without sanitization. An attacker can execute arbitrary JavaScript in the context...
ai.agentican:agentican-framework-core (>=0.1.0-alpha.2 <=0.1.0-alpha.3), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.3) +23532 more potentially affected by CVE-2026-42585 via io.netty:netty-codec-http (>=4.0.0.Alpha1 <=4.1.132.Final)
io.netty:netty-codec-http MAVEN version =4.0.0.Alpha1, =0.1.0-alpha.2, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.2, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.28.0 and more Source cves: CVE-2026-42585 Sourc...
CVE-2026-32281 vulnerabilities
Vulnerabilities for packages: flannel, local-path-provisioner, nats-top, redis-operator, mesosphere-vsphere-csi, spiffe-helper, aws-application-networking-k8s, kserve-modelmesh-serving, mountpoint-s3-csi-driver, nginx-prometheus-exporter, osv-scanner, kubebuilder, k8sgpt-operator,...
GHSA-65XW-VW82-R86X vulnerabilities
Vulnerabilities for packages: crossplane-provider-family-azure, crossplane-provider-aws-dynamodb, crossplane-provider-aws-firehose, crossplane-provider-aws-rds, telegraf, aws-otel-collector, nuclei, crossplane-provider-aws-ec2, crossplane-provider-aws-s3, crossplane-provider-gcp,...
CVE-2026-32287 vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-lambda-fips, tempo, crossplane-provider-aws-elbv2, crossplane-provider-aws-ec2-fips, crossplane-provider-aws-elbv2-fips, amazon-cloudwatch-agent-fips, amazon-cloudwatch-agent, crossplane-provider-aws-rolesanywhere-fips,...
GHSA-65XW-VW82-R86X vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-lambda-fips, tempo, crossplane-provider-aws-elbv2, crossplane-provider-aws-ec2-fips, crossplane-provider-aws-elbv2-fips, amazon-cloudwatch-agent-fips, amazon-cloudwatch-agent, crossplane-provider-aws-rolesanywhere-fips,...
ai.agentican:agentican-framework-core (>=0.1.0-alpha.1 <=0.1.0-alpha.3), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.3) +122 more potentially affected by CVE-2026-34237 via io.modelcontextprotocol.sdk:mcp-core (=1.1.0)
io.modelcontextprotocol.sdk:mcp-core MAVEN version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on io.modelcontextprotocol.sdk:mcp-core and may be impacted: - ai.agentican:agentican-framework-core =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1,...
Elastic OTel Java 1.10.0 Security Update (ESA-2026-22 / GHSA-xw7x-h9fj-p2c7)
Dependency on Vulnerable Third-Party Component in Elastic OTel Java Leading to Remote Code Execution Dependency on Vulnerable Third-Party Component CWE-1395 exists in Elastic OTel Java via a dependency on OpenTelemetry Java instrumentation library. This vulnerability could allow an attacker to...
ai.agentican:agentican-framework-core (>=0.1.0-alpha.2 <=0.1.0-alpha.3), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.3) +19526 more potentially affected by CVE-2026-33871 via io.netty:netty-codec-http2 (>=4.1.0.Beta4 <=4.1.131.Final)
io.netty:netty-codec-http2 MAVEN version =4.1.0.Beta4, =0.1.0-alpha.2, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.2, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.28.0 and more Source cves: CVE-2026-33871 Sourc...
GHSA-8FJ7-8H3W-XWFM vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-rds, grafana-mimir, crossplane-provider-aws-ec2, grafana-alloy, datadog-agent, terraform-provider-aws, azure-service-operator, terraform-provider-acme, crossplane-provider-aws-memorydb, contour, kube-vip, k3s, external-dns, trivy, timoni, sops...
CVE-2026-27141 vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-rds, grafana-mimir, crossplane-provider-aws-ec2, grafana-alloy, datadog-agent, terraform-provider-aws, azure-service-operator, terraform-provider-acme, crossplane-provider-aws-memorydb, contour, kube-vip, k3s, external-dns, trivy, timoni, sops...
GHSA-8FJ7-8H3W-XWFM vulnerabilities
Vulnerabilities for packages: pulumi-language-yaml, kube-rbac-proxy, contour, crossplane-provider-aws-lambda-fips, kubo, tempo, goreleaser, terraform-provider-acme-fips, flux-fips, linkerd2-fips, gotenberg, crossplane-provider-aws-ec2-fips, helm-diff, teleport-operator-fips,...
CVE-2026-27141 vulnerabilities
Vulnerabilities for packages: pulumi-language-yaml, kube-rbac-proxy, contour, crossplane-provider-aws-lambda-fips, kubo, tempo, goreleaser, terraform-provider-acme-fips, flux-fips, linkerd2-fips, gotenberg, crossplane-provider-aws-ec2-fips, helm-diff, teleport-operator-fips,...
GHSA-9H8M-3FM2-QJRQ vulnerabilities
Vulnerabilities for packages: kserve, docker-cli-buildx-fips, kubescape-operator-fips, rke2-cloud-provider, kubevela, grafana-beyla, kyverno-policy-reporter-plugins-kyverno, etcd, cass-operator-fips-no-pvc-delete, gitaly, packer, podinfo, argo-workflows, ceph-csi-operator, kaniko, syft-fips,...
AZL-78653 CVE-2026-27141 affecting package azl-otel-collector 0.127.0-1
Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic...
CVE-2025-68121 vulnerabilities
Vulnerabilities for packages: local-path-provisioner, nats-top, redis-operator, mesosphere-vsphere-csi, spiffe-helper, aws-application-networking-k8s, kserve-modelmesh-serving, mountpoint-s3-csi-driver, nginx-prometheus-exporter, osv-scanner, kubebuilder, k8sgpt-operator, spire-controller-manager...
CVE-2025-61732 vulnerabilities
Vulnerabilities for packages: local-path-provisioner, nats-top, redis-operator, mesosphere-vsphere-csi, spiffe-helper, aws-application-networking-k8s, kserve-modelmesh-serving, mountpoint-s3-csi-driver, nginx-prometheus-exporter, osv-scanner, kubebuilder, k8sgpt-operator, spire-controller-manager...
CVE-2025-61732 vulnerabilities
Vulnerabilities for packages: gosu, pguser, cluster-api-aws-controller, k8ssandra-operator, contour, kubernetes-csi-driver-hostpath, kubo, neuvector-dbgen, kserve, terraform-provider-azapi-fips, nri-haproxy, cadvisor, docker-cli-buildx-fips, aws-sigv4-proxy-fips, kiali-fips, helm-diff,...
CVE-2025-68121 vulnerabilities
Vulnerabilities for packages: gosu, pguser, cluster-api-aws-controller, k8ssandra-operator, contour, neuvector-dbgen, kubo, kserve, terraform-provider-azapi-fips, nri-haproxy, cadvisor, docker-cli-buildx-fips, aws-sigv4-proxy-fips, kiali-fips, helm-diff, cert-manager-csi-driver-fips,...