54 matches found
Important: Red Hat Security Advisory: Custom Metrics Autoscaler Operator for Red Hat OpenShift 2.19.0-1 Update
Custom Metrics Autoscaler Operator for Red Hat OpenShift updates. The following updates for the Custom Metric Autoscaler operator for Red Hat OpenShift are now available: custom-metrics-autoscaler-adapter-container custom-metrics-autoscaler-admission-webhooks-container...
CVE-2026-42798
Little CMS lcms2 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c...
BIRD 安全漏洞
BIRD is a full-featured dynamic IP routing daemon developed by BIRD OpenSource. Versions of BIRD prior to 2.19.0 contained security vulnerabilities; these vulnerabilities stemmed from stack buffer overflows in the BGP ASPATH mask matching implementation, which could potentially cause the daemon t...
Astra Linux – Vulnerability in ruby-loofah
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.2.0; versions before 2.19.1 use recursion to sanitize CDATA sections. This can lead to stack exhaustion and raise a SystemStackError exception, potentially causing ...
Astra Linux – Vulnerability in ruby-loofah
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.1.0; versions less than 2.19.1 are vulnerable to cross-site scripting due to the image/svg+xml media type in data URIs. This issue has been fixed in version 2.19.1...
Medium: lcms2
Issue Overview: Little CMS lcms2 through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication. CVE-2026-41254 Little CMS lcms2 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c. CVE-2026-42798 Affected...
Directory Traversal vulnerability at plexus-utils dependency in Bamboo Data Center
This High severity File Inclusion vulnerability was introduced in versions 10.0.1, 10.1.0, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This File Inclusion vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H allows an...
SUSE CVE-2026-33902
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in ImageMagick's FX expression parser allows an attacker to crash the process by providing a deeply nested expression. This...
CVE-2026-40310
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below both 7.1.2-19 and 6.9.13-44, contain a heap out-of-bounds write in the JP2 encoder with when a user specifies an invalid sampling index. This issue has been fixed in versions 6.9.13-44 an...
ImageMagick 缓冲区错误漏洞
ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-19 contained a buffer error vulnerability. This vulnerability stemmed from improper handling of...
HTTP Request Smuggling io.netty:netty-codec-http Dependency in Confluence Data Center
This High severity HTTP Request Smuggling vulnerability was introduced in version 8.9.0, 9.0.1, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, 10.2.0 of Confluence Data Center. This HTTP Request Smuggling vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
CVE-2026-34877
An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...
CLEANSTART-2026-JF28061 Security fixes for CVE-2026-24051, CVE-2026-26958, CVE-2026-33186, ghsa-9h8m-3fm2-qjrq, ghsa-fw7p-63qq-7hpr, ghsa-p77j-4mvh-x3m3 applied in versions: 2.19.0-r0, 2.19.0-r1
Multiple security vulnerabilities affect the keda package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2025-69297
Missing Authorization vulnerability in GhostPool Aardvark Plugin aardvark-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aardvark Plugin: from n/a through = 2.19...
CVE-2025-69297
Missing Authorization vulnerability in GhostPool Aardvark Plugin aardvark-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aardvark Plugin: from n/a through = 2.19...
WordPress Spectra plugin <= 2.19.17 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin Spectra versions = 2.19.17...
CVE-2025-66398
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.19.0, an unauthenticated attacker can pollute the internal state restoreFilePath of the server via the /skServer/validateBackup endpoint. This allows the attacker to hijack the administrator's "Restor...
EUVD-2025-206139
Signal K Server Vulnerable to Denial of Service via Unrestricted Access Request Flooding...
CVE-2025-69203 Signal K Server Vulnerable to Access Request Spoofing
Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the access request system have two related features that when combined by themselves and with an information disclosure vulnerability enable convincing social engineering attacks against...
CVE-2025-68272
Signal K Server is a server application that runs on a central hub in a boat. A Denial of Service DoS vulnerability in versions prior to 2.19.0 allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint /signalk/v1/access/requests. This causes a...