2504 matches found
SUSE-SU-2026:20551-1 Security update for kubevirt
This update for kubevirt fixes the following issues: Update to version 1.7.0 bsc1257128. Security issues fixed: - CVE-2025-64435: logic flaw in the virt-controller can lead to incorrect status updates and potentially causing a DoS bsc1253189. - CVE-2024-45310: kubevirt vendored...
SUSE-SU-2026:20610-1 Security update for kubevirt
This update for kubevirt fixes the following issues: Update to version 1.7.0 bsc1257128. Security issues fixed: - CVE-2025-64435: logic flaw in the virt-controller can lead to incorrect status updates and potentially causing a DoS bsc1253189. - CVE-2024-45310: kubevirt vendored...
CVE-2026-22728
Bitnami Sealed Secrets is vulnerable to a scope-widening attack during the secret rotation /v1/rotate flow. The rotation handler derives the sealing scope for the newly encrypted output from untrusted spec.template.metadata.annotations present in the input SealedSecret. By submitting a victim...
CVE-2026-28225
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.1, the getmodel method in ModelFilesController line 158-160 loads models using Model.findparamparams:modelid without policyscope, bypassing...
EUVD-2026-8795
Sealed Secrets for Kubernetes: Rotate API Allows Scope Widening from Strict/Namespace-Wide to Cluster-Wide via Untrusted Template Annotations...
Sealed Secrets for Kubernetes: Rotate API Allows Scope Widening from Strict/Namespace-Wide to Cluster-Wide via Untrusted Template Annotations
This report shows a scope-widening issue in the rotate re-encrypt flow: the output scope can be derived from untrusted spec.template.metadata.annotations on the input sealed secret. If a victim sealed secret is strict- or namespace-scoped, an attacker who can submit it to the rotate endpoint can...
GHSA-465P-V42X-3FMJ Sealed Secrets for Kubernetes: Rotate API Allows Scope Widening from Strict/Namespace-Wide to Cluster-Wide via Untrusted Template Annotations
This report shows a scope-widening issue in the rotate re-encrypt flow: the output scope can be derived from untrusted spec.template.metadata.annotations on the input sealed secret. If a victim sealed secret is strict- or namespace-scoped, an attacker who can submit it to the rotate endpoint can...
CVE-2026-28225 Manyfold has IDOR in ModelFilesController
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.1, the getmodel method in ModelFilesController line 158-160 loads models using Model.findparamparams:modelid without policyscope, bypassing...
EUVD-2026-8915
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.1, the getmodel method in ModelFilesController line 158-160 loads models using Model.findparamparams:modelid without policyscope, bypassing...
CVE-2026-28225 Manyfold has IDOR in ModelFilesController
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.1, the getmodel method in ModelFilesController line 158-160 loads models using Model.findparamparams:modelid without policyscope, bypassing...
CVE-2026-28225
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.1, the getmodel method in ModelFilesController line 158-160 loads models using Model.findparamparams:modelid without policyscope, bypassing...
CVE-2026-28225 Manyfold has IDOR in ModelFilesController
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.1, the getmodel method in ModelFilesController line 158-160 loads models using Model.findparamparams:modelid without policyscope, bypassing...
BIT-SEALED-SECRETS-2026-22728 Bitnami Sealed Secrets /v1/rotate can widen sealing scope to cluster-wide via attacker-controlled template annotations
Bitnami Sealed Secrets is vulnerable to a scope-widening attack during the secret rotation /v1/rotate flow. The rotation handler derives the sealing scope for the newly encrypted output from untrusted spec.template.metadata.annotations present in the input SealedSecret. By submitting a victim...
CVE-2026-25135
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 have an information disclosure vulnerability that leaks the entire contact information for all users, organizations, and patients in the system to anyone who has the...
CVE-2026-22728 sealed-secrets /v1/rotate can widen sealing scope to cluster-wide via attacker-controlled template annotations
Bitnami Sealed Secrets is vulnerable to a scope-widening attack during the secret rotation /v1/rotate flow. The rotation handler derives the sealing scope for the newly encrypted output from untrusted spec.template.metadata.annotations present in the input SealedSecret. By submitting a victim...
CVE-2026-22728
Bitnami Sealed Secrets is vulnerable to a scope-widening attack during the secret rotation /v1/rotate flow. The rotation handler derives the sealing scope for the newly encrypted output from untrusted spec.template.metadata.annotations present in the input SealedSecret. By submitting a victim...
CVE-2026-22728
CVE-2026-22728 concerns Bitnami Sealed Secrets during the secret rotation flow (/v1/rotate). The rotation process derives the new sealing scope from input SealedSecret metadata, and untrusted annotations in the template can widen the scope to cluster-wide (sealedsecrets.bitnami.com/cluster-wide=t...
CVE-2026-22728 sealed-secrets /v1/rotate can widen sealing scope to cluster-wide via attacker-controlled template annotations
Bitnami Sealed Secrets is vulnerable to a scope-widening attack during the secret rotation /v1/rotate flow. The rotation handler derives the sealing scope for the newly encrypted output from untrusted spec.template.metadata.annotations present in the input SealedSecret. By submitting a victim...
PT-2026-22213
Name of the Vulnerable Software and Affected Versions Manyfold versions prior to 0.133.1 Description Manyfold is a self-hosted web application for managing 3d models. A flaw exists in the get model method within the ModelFilesController lines 158-160 where models are loaded using Model.find...
PT-2026-22204
Name of the Vulnerable Software and Affected Versions wger versions prior to 2.4 Description The software contains a flaw where routine detail action endpoints check a cache before verifying object ownership using self.get object. Cache keys are scoped only by the primary key pk and do not includ...