SUSE CVE-2026-25542

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.43.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, trusted resources verification policies match a resource source string refSource.URI against spec.resources.pattern...

CVE-2026-25542

A flaw was found in Tekton Pipelines. An attacker can bypass trusted resource verification policies by crafting a malicious source string that contains a trusted pattern as a substring. This is due to the regexp.MatchString function in Go matching patterns anywhere within a string, rather than...

CVE-2026-25542

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.43.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, trusted resources verification policies match a resource source string refSource.URI against spec.resources.pattern...

Tekton Pipelines 安全漏洞

Tekton Pipelines is a cloud-native pipeline developed by Tekton Open Source. There are security vulnerabilities in versions 0.43.0 to 1.11.0 of Tekton Pipelines. These vulnerabilities stem from improper regular expression matching, which could allow attackers to bypass resource verification...

SUSE CVE-2007-1376

The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as...

MOPB-15-2007:PHP shmop Functions Resource Verification Vulnerability

Summary The shared memory shmop functions fail to verify the type of the resource that is used when they are called from PHP. Therefore it is possible to call them with a wrong resource type that might contain user supplied data. By for example using a special prepared GD Image resource it is...