Malicious Package

Overview opensearch-config-utility is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...

Malicious Package

Overview opensearch-setup is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those legitima...

Malicious Package

Overview @vpmdhaj/search-setup is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...

Malicious Package

Overview @vpmdhaj/devops-tools is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...

Malicious Package

Overview opensearch-setup-tool is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...

Malicious Package

Overview search-engine-setup is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...

Malicious Package

Overview search-cluster-setup is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...

Malicious Package

Overview @vpmdhaj/opensearch-setup is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...

CVE-2026-32288 vulnerabilities

Vulnerabilities for packages: flux-fips, grafana-fips, libnvidia-container, openbao, kine, witness, gh, gatekeeper-fips, kubescape, xeol-fips, gomplate-fips, kube-mgmt-fips, rancher, kube-arangodb, grafana, gitlab-kas, kubernetes-fips, redka, buildah-fips, rancher-agent, trivy-fips,...

GHSA-X4JJ-H2V8-HQQV vulnerabilities

Vulnerabilities for packages: flux-fips, grafana-fips, libnvidia-container, openbao, kine, witness, gh, gatekeeper-fips, kubescape, xeol-fips, gomplate-fips, kube-mgmt-fips, rancher, kube-arangodb, grafana, gitlab-kas, kubernetes-fips, redka, buildah-fips, rancher-agent, trivy-fips,...

GHSA-GJVH-7JH8-7XHM vulnerabilities

Vulnerabilities for packages: kubernetes-csi-livenessprobe-fips, grafana-mimir, nri-mssql-fips, flux-fips, grafana-beyla, descheduler, grafana-fips, request-1279, yunikorn-web-fips, libnvidia-container, openbao, kine, kyverno-policy-reporter-ui, seaweedfs-operator-fips,...

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: kubernetes-csi-livenessprobe-fips, grafana-mimir, nri-mssql-fips, flux-fips, grafana-beyla, descheduler, grafana-fips, request-1279, yunikorn-web-fips, libnvidia-container, openbao, kine, kyverno-policy-reporter-ui, seaweedfs-operator-fips,...

CVE-2026-32692

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization when saving credentials. An authenticated user can access plaintext values of secrets stored in external vaults by referencing a secret's external name in a credential, bypassing intended permission checks. Note:...

GO-2026-4781 Juju has unauthorized update of out-of-scope Vault secrets in github.com/juju/juju

Juju has unauthorized update of out-of-scope Vault secrets in github.com/juju/juju...

EUVD-2026-12817

Juju has unauthorized update of out-of-scope Vault secrets...

CVE-2026-32692 Unauthorized update of out-of-scope Vault secrets

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...

CVE-2026-32692

The CVE-2026-32692 entry describes an authorization bypass in the Vault secrets back-end of Juju (versions 3.1.6–3.6.18). An authenticated unit agent can perform unauthorized updates to secret revisions, potentially poisoning existing secret revisions within the Vault secret back-end. Metrics ind...

CVE-2026-32692 Unauthorized update of out-of-scope Vault secrets

An authorization bypass vulnerability in the Vault secrets back-end implementation of Juju versions 3.1.6 through 3.6.18 allows an authenticated unit agent to perform unauthorized updates to secret revisions. With sufficient information, an attacker can poison any existing secret revision within...

EUVD-2022-6511

Malicious code in bioql PyPI...