PT-2026-37052

Name of the Vulnerable Software and Affected Versions apko versions 0.14.8 through 1.2.4 Description A crafted .apk file can install a TypeSymlink tar entry with a target pointing outside the build root. Subsequent directory-creation or file-write entries in the same or later archive can traverse...

EUVD-2025-13444

Malicious code in bioql PyPI...

CVE-2025-45240

foxcms v1.2.5 was discovered to contain a SQL injection vulnerability via the executeCommand method in DataBackup.php...

CVE-2025-25790

An arbitrary file upload vulnerability in the component \controller\LocalTemplate.php of FoxCMS v1.2.5 allows attackers to execute arbitrary code via uploading a crafted Zip file...

CVE-2024-31216 source-controller leaks theAzure Storage SAS token into logs on connection errors

The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to versi...