Cisco SSM On-Prem <= 8-202206 - Password Reset Account Takeover

A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process...

amazon-ssm-agent-3.3.4515.0-1.1 on GA media (moderate)

amazon-ssm-agent-3.3.4515.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10872-1 Rating: moderate Cross-References: CVE-2026-39821 CVSS scores: CVE-2026-39821 SUSE : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2026-39821 SUSE : 9.1...

CVE-2026-38808

SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote attacker to obtain sensitive information via the ProductMapper.xml and /OrderUtil.java components...

OPENSUSE-SU-2026:10872-1 amazon-ssm-agent-3.3.4515.0-1.1 on GA media

These are all security issues fixed in the amazon-ssm-agent-3.3.4515.0-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-38808

SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote attacker to obtain sensitive information via the ProductMapper.xml and /OrderUtil.java components...

PT-2026-44049

SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote attacker to obtain sensitive information via the ProductMapper.xml and /OrderUtil.java components...

CVE-2026-38808

CVE-2026-38808 is a SQL Injection vulnerability affecting uzy-ssm-mall v1.1.0. The issue is reachable via the ProductMapper.xml and OrderUtil.java components, enabling a remote attacker to obtain sensitive information. The CVSS 3.1 vector indicates network access, low attack complexity, no privil...

CVE-2026-38808

SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote attacker to obtain sensitive information via the ProductMapper.xml and /OrderUtil.java components...

CVE-2026-38808

SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote attacker to obtain sensitive information via the ProductMapper.xml and /OrderUtil.java components...

CVE-2026-42526

In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...

CVE-2026-42526 Apache Airflow Amazon provider: Prevent unauthorized access to team-scoped secrets in AWS Secrets Manager and SSM Parameter Store backends

In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...

CVE-2026-42526

The CVE-2026-42526 vulnerability affects apache-airflow-providers-amazon backends for AWS Secrets Manager and SSM Parameter Store prior to 9.28.0. The team-scoping logic could resolve a conn_id containing a slash (for example a_team/conn) to the same path as another team’s secret when the caller ...

CVE-2026-42526 Apache Airflow Amazon provider: Prevent unauthorized access to team-scoped secrets in AWS Secrets Manager and SSM Parameter Store backends

In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...

PT-2026-42004

Name of the Vulnerable Software and Affected Versions apache-airflow-providers-amazon versions prior to 9.28.0 Description In the AWS Secrets Manager and SSM Parameter Store secrets backends, the team-scoping logic could resolve a conn id containing a / for example, "my team/conn" to the same pat...

OPENSUSE-SU-2026:10765-1 amazon-ssm-agent-3.3.4268.0-2.1 on GA media

These are all security issues fixed in the amazon-ssm-agent-3.3.4268.0-2.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-41506 vulnerabilities

Vulnerabilities for packages: grafana-alloy, zarf, chainloop-cli-fips, amazon-ssm-agent, cloudbeat-fips, kots, flux-image-automation-controller, flux-source-controller-fips, kubescape-server, gitlab-rails-ce, grype-db, skaffold, grafana-fips, gitlab-rails-ce-fips, kubevela, gitlab-runner,...

tough-kms (>=0.2.0 <=0.5.0), tough-ssm (>=0.5.0 <=0.8.0) +1 more potentially affected by CVE-2026-6966 via tough (>=0.10.0 <=0.1.0)

tough CARGO version =0.10.0, =0.2.0, =0.5.0, =0.1.0, =0.9.0 Source cves: CVE-2026-6966 Source advisory: OSV:GHSA-8M7C-8M39-RV4X...

CVE-2026-32288 vulnerabilities

Vulnerabilities for packages: docker-compose-fips, omni-fips, gitlab-operator, harbor-fips, mailpit, tkn-fips, gitlab-workhorse-ce, prometheus-operator, gitlab-rails-ce-fips, mattermost-fips, vendir, knative-serving, k8ssandra-client, cert-manager, chezmoi, envconsul-fips, gitlab-kas, scorecard,...

GHSA-X4JJ-H2V8-HQQV vulnerabilities

Vulnerabilities for packages: docker-compose-fips, omni-fips, gitlab-operator, harbor-fips, mailpit, tkn-fips, gitlab-workhorse-ce, prometheus-operator, gitlab-rails-ce-fips, mattermost-fips, vendir, knative-serving, k8ssandra-client, cert-manager, chezmoi, envconsul-fips, gitlab-kas, scorecard,...

GHSA-5W89-2C2X-6X66 vulnerabilities

Vulnerabilities for packages: age-fips, cluster-api-ipam-provider-in-cluster, jobset-fips, crossplane-provider-aws-cognitoidp-fips, cluster-api-provider-vsphere, json-exporter-fips, docker-compose-fips, kubernetes-csi-external-resizer-fips, kube-logging-operator-custom-runner, gitlab-workhorse-ce...