7571 matches found
CVE-2025-68121 vulnerabilities
Vulnerabilities for packages: polaris-fips, volsync-fips, chart-testing, crossplane-provider-gcp, kube-vip-fips, cluster-api, amass, amazon-cloudwatch-agent-operator, aws-sigv4-proxy, gosu, secretgen-controller-fips, kyverno-fips, fluxcd-kustomize-mutating-webhook-fips,...
GHSA-8JVR-VH7G-F8GX vulnerabilities
Vulnerabilities for packages: polaris-fips, volsync-fips, chart-testing, crossplane-provider-gcp, kube-vip-fips, cluster-api, amass, amazon-cloudwatch-agent-operator, aws-sigv4-proxy, gosu, secretgen-controller-fips, kyverno-fips, fluxcd-kustomize-mutating-webhook-fips,...
CVE-2026-2099 Flowring|AgentFlow - Stored Cross-Site Scripting
AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load...
CVE-2026-0485
SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server CMS to crash and automatically restart. By repeatedly submitting these requests, the attacker could induce a persistent service disruption, renderin...
CVE-2026-0485
SAP BusinessObjects BI Platform allows an unauthenticated attacker to send specially crafted requests that could cause the Content Management Server CMS to crash and automatically restart. By repeatedly submitting these requests, the attacker could induce a persistent service disruption, renderin...
CVE-2026-0485
The CVE-2026-0485 entry relates to SAP BusinessObjects BI Platform where an unauthenticated attacker can send specially crafted requests that cause the Content Management Server (CMS) to crash and restart, leading to persistent unavailability. The impact is strictly on availability with confident...
Intel Optane PMem management software 代码问题漏洞
Intel Optane PMem management software is a persistent memory management software developed by Intel Corporation. Previous versions of Intel Optane PMem management software, such as CRMGMT02.00.00.4052 and CRMGMT03.00.00.0538, contained code vulnerabilities due to improper conditional checks, whic...
PT-2026-7239
AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load...
Intel® Optane™ PMem Management Software Advisory
Summary: Potential security vulnerabilities in the Intel® Optane™ Persistent Memory PMem management software may allow esclation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2025-22849 Description: Incorrect defau...
Flowring Agentflow 跨站脚本漏洞
Flowring Agentflow is an intelligent process automation RPA platform developed by Flowring Corporation in China. Flowring Agentflow has a cross-site scripting vulnerability. This vulnerability stems from stored-xss scripts, which may allow authenticated remote attackers to inject persistent...
China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Campaign
The Cyber Security Agency CSA of Singapore on Monday revealed that the China-nexus cyber espionage group known as UNC3886 targeted its telecommunications sector. "UNC3886 had launched a deliberate, targeted, and well-planned campaign against Singapore's telecommunications sector," CSA said. "All...
Moderate: Red Hat Security Advisory: VolSync v0.13 security fixes and container updates
VolSync v0.13 General Availability release images, which provide enhancements, security fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...
Malicious code in @skyeng/libs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4b92505d9c0107026c2298d6ec8da504657990b61e40754b62b2cb8e1bd5a0b The package @skyeng/libs was found to contain malicious code. Source: ghsa-malware b4801b107979e502d4889dc729885a390ebfc2db995cd1b2fd23d27e09613a1b A...
Claude Code has Sandbox Escape via Persistent Configuration Injection in settings.json
Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While the parent directory was mounted as writable and .claude/settings.local.json was explicitly protected with read-only constraints,...
GHSA-FF64-7W26-62RF Claude Code has Sandbox Escape via Persistent Configuration Injection in settings.json
Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While the parent directory was mounted as writable and .claude/settings.local.json was explicitly protected with read-only constraints,...
CVE-2026-25725 Claude Code Has Sandbox Escape via Persistent Configuration Injection in settings.json
Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While the parent directory was mounted as writable and .claude/settings.local.json...
CVE-2026-25725
CVE-2026-25725 affects Claude Code prior to 2.1.2, where the bubblewrap sandbox failed to protect the .claude/settings.json file if it did not exist at startup. The parent directory was writable and .claude/settings.local.json was protected, but settings.json could be created inside the sandbox a...
CVE-2026-25725 Claude Code Has Sandbox Escape via Persistent Configuration Injection in settings.json
Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While the parent directory was mounted as writable and .claude/settings.local.json...
CVE-2026-25725 Claude Code Has Sandbox Escape via Persistent Configuration Injection in settings.json
Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While the parent directory was mounted as writable and .claude/settings.local.json...
EUVD-2026-5616
Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While the parent directory was mounted as writable and .claude/settings.local.json...