1693 matches found
GHSA-WRH2-89VG-4J9G vulnerabilities
Vulnerabilities for packages: vitess, traefik, glab, cilium, kine, crossplane-provider-azure-authorization, fq, opentelemetry-collector, kubernetes, step-issuer, kots, gitea, helm, gptscript, crossplane-provider-aws-elasticache, hubble, telegraf, terraform-provider-acme, zot, snyk-cli, flux,...
CVE-2026-42502 vulnerabilities
Vulnerabilities for packages: vitess, traefik, glab, cilium, kine, crossplane-provider-azure-authorization, fq, opentelemetry-collector, kubernetes, step-issuer, kots, gitea, helm, gptscript, crossplane-provider-aws-elasticache, hubble, telegraf, terraform-provider-acme, zot, snyk-cli, flux,...
CVE-2026-27136 vulnerabilities
Vulnerabilities for packages: vitess, traefik, glab, cilium, kine, crossplane-provider-azure-authorization, fq, opentelemetry-collector, kubernetes, step-issuer, kots, gitea, helm, gptscript, crossplane-provider-aws-elasticache, hubble, telegraf, terraform-provider-acme, zot, snyk-cli, flux,...
CVE-2026-25680 vulnerabilities
Vulnerabilities for packages: vitess, traefik, glab, cilium, kine, crossplane-provider-azure-authorization, fq, opentelemetry-collector, kubernetes, step-issuer, kots, gitea, helm, gptscript, crossplane-provider-aws-elasticache, hubble, telegraf, terraform-provider-acme, zot, snyk-cli, flux,...
GHSA-M9X8-M34X-FJ9Q vulnerabilities
Vulnerabilities for packages: vitess, traefik, glab, cilium, kine, crossplane-provider-azure-authorization, fq, opentelemetry-collector, kubernetes, step-issuer, kots, gitea, helm, gptscript, crossplane-provider-aws-elasticache, hubble, telegraf, terraform-provider-acme, zot, snyk-cli, flux,...
CVE-2026-42506 vulnerabilities
Vulnerabilities for packages: vitess, traefik, glab, cilium, kine, crossplane-provider-azure-authorization, fq, opentelemetry-collector, kubernetes, step-issuer, kots, gitea, helm, gptscript, crossplane-provider-aws-elasticache, hubble, telegraf, terraform-provider-acme, zot, snyk-cli, flux,...
GHSA-CG87-VWWH-XVGJ vulnerabilities
Vulnerabilities for packages: vitess, traefik, glab, cilium, kine, crossplane-provider-azure-authorization, fq, opentelemetry-collector, kubernetes, step-issuer, kots, gitea, helm, gptscript, crossplane-provider-aws-elasticache, hubble, telegraf, terraform-provider-acme, zot, snyk-cli, flux,...
GHSA-5CV4-JP36-H3MW vulnerabilities
Vulnerabilities for packages: vitess, traefik, glab, cilium, kine, crossplane-provider-azure-authorization, fq, opentelemetry-collector, kubernetes, step-issuer, kots, gitea, helm, gptscript, crossplane-provider-aws-elasticache, hubble, telegraf, terraform-provider-acme, zot, snyk-cli, flux,...
GHSA-W9P8-PVXH-RXPJ vulnerabilities
Vulnerabilities for packages: vitess, traefik, glab, cilium, kine, crossplane-provider-azure-authorization, fq, opentelemetry-collector, kubernetes, step-issuer, kots, gitea, helm, gptscript, crossplane-provider-aws-elasticache, hubble, telegraf, terraform-provider-acme, zot, snyk-cli, flux,...
CVE-2026-25681 vulnerabilities
Vulnerabilities for packages: vitess, traefik, glab, cilium, kine, crossplane-provider-azure-authorization, fq, opentelemetry-collector, kubernetes, step-issuer, kots, gitea, helm, gptscript, crossplane-provider-aws-elasticache, hubble, telegraf, terraform-provider-acme, zot, snyk-cli, flux,...
PT-2026-45834
Name of the Vulnerable Software and Affected Versions React Router versions 7.0.0 through 7.14.1 Description When using Framework Mode, a combination of steps could allow unauthorized remote code execution RCE through external requests. This occurs because the vendored turbo-stream v2 can be abus...
How to Get a Reddit API Key in 2026: Step-by-Step Guide
Getting a Reddit API key starts with creating an application through Reddit’s developer portal and understanding how its…...
CVE-2026-44648
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern relies on cookie-session for authentication, storing all session data user handle,...
CVE-2026-48128 Budibase: SSRF via User-Controlled queryId in Automation Execute Query Step
Budibase is an open-source low-code platform. Prior to 3.39.0, the executeQuery automation step in Budibase accepts a queryId from automation step inputs and passes it directly to the query execution controller without additional validation. When combined with a REST datasource configured to targ...
CVE-2026-48128
Budibase prior to 3.39.0 is vulnerable to SSRF via the executeQuery automation step. The executeQuery step accepts a queryId from automation inputs and forwards it to the query execution controller without additional validation. When a REST datasource targets internal infrastructure, this can cau...
Malicious code in vectordb-engine (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42695503b90ec4adc30c038c3321d637f05038f841bcc5f463a16b891fe4e3e0 During pip install, a custom buildext step in src/vectordbenginebuild.py runs an obfuscated payload that performs targeted reconnaissance and...
freerdp: FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks
An out of bounds read flaw has been discovered in FreeRDP. This out-of-bounds read exists in the MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and stepindex values from input data. An attacker may be able to leverage this weakness to leak global data...
freerdp: FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks
An out of bounds read flaw has been discovered in FreeRDP. This out-of-bounds read exists in the MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and stepindex values from input data. An attacker may be able to leverage this weakness to leak global data...
rt-toolkit
Red Team Toolkit Curated operator catalog for red team enga...
CVE-2018-25357
Dolibarr ERP CRM 7.0.3 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP code through the dbname parameter. Attackers can send a POST request to install/step1.php with malicious PHP code in the dbname parameter, then...