31 matches found
GHSA-FV83-X2XW-2J55 vulnerabilities
Vulnerabilities for packages: flux, omnibump, sftpgo-plugin-eventsearch, rabbitmq-messaging-topology-operator, flux-notification-controller, stakater-reloader, dgraph, flux-image-reflector-controller, github-mcp-server, karpenter, osv-scanner, apko, aws-load-balancer-controller,...
CVE-2026-32281 vulnerabilities
Vulnerabilities for packages: pdfcpu, grafana-mimir, tetragon, chart-testing, crossplane-provider-azure-sql, seaweedfs, container-object-storage-interface, wgcf, cloud-provider-vsphere, nri-mongodb, addon-resizer, vault-benchmark, doppler-kubernetes-operator, mongodb-kubernetes-operator,...
CLEANSTART-2026-NV36169 Security fixes for CVE-2025-61732, CVE-2025-66564, CVE-2025-68121, CVE-2026-24686, CVE-2026-25679, CVE-2026-26958, CVE-2026-27139, CVE-2026-27142, ghsa-fcv2-xgw5-pqxf applied in versions: 0.7.29-r1, 0.7.29-r2
Multiple security vulnerabilities affect the sigstore-scaffolding package. These issues are resolved in later releases. See references for individual vulnerability details...
GHSA-J4J7-VW47-RHFQ vulnerabilities
Vulnerabilities for packages: prometheus-adapter, yunikorn-k8shim, tkn, sftpgo-plugin-eventsearch, spicedb, crossplane-provider-aws-ec2, cluster-api-azure-controller, fscrypt, kubernetes-dashboard-auth, kubo, tetragon, crossplane-provider-aws-memorydb, tfsec, kuma, sqlexporter, cluster-api, promx...
GHSA-J3GX-2473-5FP8 vulnerabilities
Vulnerabilities for packages: pdfcpu, spicedb, tetragon, crossplane-provider-aws-memorydb, container-object-storage-interface, wgcf, nri-mongodb, addon-resizer, vault-benchmark, mongodb-kubernetes-operator, nri-consul, rancher-security-scan, tflint, redka, gitea, opentelemetry-collector-contrib,...
CVE-2026-27142 vulnerabilities
Vulnerabilities for packages: prometheus-adapter, yunikorn-k8shim, tkn, sftpgo-plugin-eventsearch, spicedb, crossplane-provider-aws-ec2, cluster-api-azure-controller, fscrypt, kubernetes-dashboard-auth, kubo, tetragon, crossplane-provider-aws-memorydb, tfsec, kuma, sqlexporter, cluster-api, promx...
CVE-2026-25679 vulnerabilities
Vulnerabilities for packages: pdfcpu, spicedb, tetragon, crossplane-provider-aws-memorydb, container-object-storage-interface, wgcf, nri-mongodb, addon-resizer, vault-benchmark, mongodb-kubernetes-operator, nri-consul, rancher-security-scan, tflint, redka, gitea, opentelemetry-collector-contrib,...
Backstage 日志信息泄露漏洞
Backstage is an open-source application developed by Backstage. It serves as an open platform for building developer portals. Versions of Backstage prior to 3.1.4 contained a vulnerability related to log information leakage. This vulnerability stemmed from malicious scaffolding templates that cou...
CVE-2024-34913
An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and below allows attackers to execute arbitrary code via uploading a crafted PDF file...
EUVD-2024-35107
Malicious code in bioql PyPI...
EUVD-2024-2470
Malicious code in bioql PyPI...
Malicious code in test-mlw2-clour-heats-nards-scaff (npm)
The package test-mlw2-clour-heats-nards-scaff was found to contain malicious code...
CVE-2024-35255 vulnerabilities
Vulnerabilities for packages: flux, rclone, tkn, zot, rekor, grafana-mimir, bank-vaults, druid, fulcio, argo-events, grafana-agent-operator, flux-image-reflector-controller, timestamp-authority, thanos, zarf, terragrunt, guac, fluent-bit-plugin-loki, buildkitd, airflow, hugo,...
CVE-2024-34913
An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and below allows attackers to execute arbitrary code via uploading a crafted PDF file...
CVE-2024-34913
An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and below allows attackers to execute arbitrary code via uploading a crafted PDF file...
CVE-2024-34913
An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and below allows attackers to execute arbitrary code via uploading a crafted PDF file...
CVE-2024-34913
The CVE-2024-34913 entry impacts r-pan-scaffolding versions 5.0 and older, where an arbitrary file upload vulnerability allows an attacker to execute arbitrary code by uploading a crafted PDF. The root cause is an improper handling of PDF uploads in the file-upload functionality, enabling code ex...
CVE-2024-34913
An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and below allows attackers to execute arbitrary code via uploading a crafted PDF file...
r-pan-scaffolding 安全漏洞
rubinchu r-pan-scaffolding is a simple file management system from rubinchu that implements file uploading, downloading, moving and other functions. A security vulnerability exists in r-pan-scaffolding v5.0 and earlier versions. An attacker can execute arbitrary code by uploading a specially...
PT-2024-26246 · Unknown · R-Pan-Scaffolding
Name of the Vulnerable Software and Affected Versions: r-pan-scaffolding versions 5.0 and below Description: The issue allows attackers to execute arbitrary code via uploading a crafted PDF file. This is achieved through an arbitrary file upload vulnerability. Recommendations: For versions 5.0 an...