K000161611: NGINX Gateway Fabric vulnerability CVE-2026-11311

Security Advisory Description When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens...

K000158070: iControl REST vulnerability CVE-2026-28758

Security Advisory Description When BIG-IP DNS is provisioned, a vulnerability exists in the gtmadd and bigipadd iControl REST commands that return the ssh-password parameter in cleartext in the iControl REST response and is also logged in the audit log. This may allow a highly privileged,...

caver (=0.0.1), distilbert-punctuator (>=0.2.0 <=0.3.0) +1 more potentially affected by CVE-2026-30244 via plane (=0.2.1)

plane PYPI version =0.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on plane and may be impacted: - caver =0.0.1 - distilbert-punctuator =0.2.0, =0.0.5, =0.0.8 Source cves: CVE-2026-30244 Source advisory: OSV:GHSA-87X4-J8VH-P5QF...

CVE-2026-27706 Plane Vulnerable to Full Read SSRF via Favicon Fetching in "Add Link" Feature

Plane is an an open-source project management tool. Prior to version 1.2.2, a Full Read Server-Side Request Forgery SSRF vulnerability has been identified in the "Add Link" feature. This flaw allows an authenticated attacker with general user privileges to send arbitrary GET requests to the...

EUVD-2026-8681

Plane is an an open-source project management tool. Prior to version 1.2.2, the ProjectAssetEndpoint.patch method in apps/api/plane/app/views/asset/v2.py lines 579–593 performs a global asset lookup using only the asset ID pk via FileAsset.objects.getid=pk, without verifying that the asset belong...

Plane 安全漏洞

Plane is an open-source, self-hosted project planning tool developed by Plane OpenSource. Versions of Plane prior to 1.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the ProjectAssetEndpoint.patch method, which performed global asset searches based solely on asset IDs,...

CVE-2026-25595

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane 1.7.0 via the Invoice Number field. An authenticated administrator can inject malicious JavaScript that executes when any...

EUVD-2022-41782

Malicious code in bioql PyPI...

K000141436: BIG-IP Client SSL profile vulnerability CVE-2025-52585

Security Advisory Description When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman ADH ciphers enabled, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. CVE-2025-52585 Impact Traffic i...

Plane 安全漏洞

Plane is an open source, self-hosted project planning tool from Plane Open Source. A security vulnerability exists in Plane versions prior to 0.23 that stems from improper UserSerializer permissions, which could lead to account takeover...

CVE-2021-47659

In the Linux kernel, the following vulnerability has been resolved: drm/plane: Move range check for formatcount earlier While the check for formatcount 64 in drmuniversalplaneinit shouldn't be hit it's a WARNON, in its current position it will then leak the plane-formattypes array and fail to cal...

K000148587: BIG-IP iControl REST and tmsh vulnerability CVE-2025-20029

Security Advisory Description A command injection vulnerability exists in iControl REST and the BIG-IP TMOS Shell tmsh, which may allow an authenticated attacker to execute arbitrary system commands. CVE-2025-20029 Impact An authenticated attacker may exploit this vulnerability by sending a craft...

The vulnerability of the decode_plane function in the libavcodec/utvideodec.c file of the FFmpeg multimedia library, which involves reading data beyond the buffer’s acceptable limits, allows a malicious actor to cause a service failure.

The vulnerability of the decodeplane function in the libavcodec/utvideodec.c file of the FFmpeg multimedia library relates to reading data from beyond the allowed buffer limits. Exploiting this vulnerability could allow a malicious actor to cause service failures by using a specially created AVI...

Plane 安全漏洞

Plane is an open source, self-hosted project planning tool from Plane Open Source. A security vulnerability exists in Plane versions prior to v0.23.0, which stems from the use of wildcards to support the retrieval of an image from any hostname, which could allow an attacker to induce server-side...

Plane 安全漏洞

Plane is an open source, self-hosted project planning tool from Plane Open Source. A security vulnerability exists in versions prior to Plane 0.17-dev, which stems from a vulnerability that allows an attacker to send arbitrary requests to the server hosting the application, resulting in...

Plane 代码问题漏洞

Plane is an open source, self-hosted project planning tool from Plane Open Source. A security vulnerability exists in Plane version 0.7.1-dev, which stems from a vulnerability that allows an attacker to change the avatar of their profile, thereby allowing the upload of files with HTML extensions...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: drm/plane: Move range check for formatcount earlier CVE-2021-47659 In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix some memory leaks in an error handling path of 'logreplay'...

CVE-2022-23635 Unauthenticated control plane denial of service attack in Istio

Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoin...

CVE-2019-0041

On EX4300-MP Series devices with any lo0 filters applied, transit network traffic may reach the control plane via loopback interface lo0. The device may fail to forward such traffic. This issue affects Juniper Networks Junos OS 18.2 versions prior to 18.2R1-S2, 18.2R2 on EX4300-MP Series. This...

CVE-2019-0041 Junos OS: EX4300-MP Series: IP transit traffic can reach the control plane via loopback interface.

On EX4300-MP Series devices with any lo0 filters applied, transit network traffic may reach the control plane via loopback interface lo0. The device may fail to forward such traffic. This issue affects Juniper Networks Junos OS 18.2 versions prior to 18.2R1-S2, 18.2R2 on EX4300-MP Series. This...