CVE-2026-32737 Romeo's invalid NetworkPolicy enables a malicious actor to pivot into another namespace

Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from the "hardened" namespace to any Pod...

EUVD-2026-12999

Romeo gives the capability to reach high code coverage of Go ≥1.20 apps by helping to measure code coverage for functional and integration tests within GitHub Actions. Prior to version 0.2.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from the "hardened" namespace to any Pod...

Improper Restriction of Communication Channel to Intended Endpoints

Overview Affected versions of this package are vulnerable to Improper Restriction of Communication Channel to Intended Endpoints due to a misconfigured NetworkPolicy inter-ns. An attacker can gain unauthorized access to resources in other namespaces by exploiting an overly permissive network...

Monitoring 访问控制错误漏洞

Monitoring is an open-source component developed by CTFer.io for collecting and processing monitoring data. Versions of Monitoring prior to 0.2.1 contained a access control vulnerability, which was caused by errors in network policy writing. This vulnerability could allow malicious attackers to...

CVE-2026-32720

The CVE affects the github.com/ctfer-io/monitoring component. Root cause: a mis-written NetworkPolicy allowed a malicious actor to pivot from one component to another namespace, breaking security-by-default and enabling lateral movement. The vulnerability exists prior to version 0.2.1 and is addr...

CVE-2026-32720

The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals i.e. logs, metrics and distributed traces. Prior to 0.2.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from a component to any other namespace. This breaks the...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to a misconfigured NetworkPolicy. An attacker can gain unauthorized access to resources in other namespaces by exploiting the overly permissive network policy configuration. Workaround This vulnerability can ...

PT-2026-25399

Name of the Vulnerable Software and Affected Versions CTFer.io Monitoring versions prior to 0.2.1 Description The CTFer.io Monitoring component handles the collection, processing, and storage of signals like logs, metrics, and distributed traces. A misconfigured NetworkPolicy allows a malicious...

OpenViking 安全漏洞

OpenViking is an open-source artificial intelligence agent-based context database developed by Volcengine. Versions of OpenViking prior to 0.2.1 contained security vulnerabilities. These vulnerabilities were due to path traversal issues during the .ovpack import process, which could allow attacke...

Thread Redirect plugin for MyBB – Cross-site scripting vulnerabilities

The Thread Redirect plugin for MyBB is a plugin developed by Jamie Sage, an individual developer. The Thread Redirect plugin for MyBB version 0.2.1 has a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of custom text input fields, which may lead to cross-site...

GHSA-38VQ-G6VR-W8WF Sentencepiece has a a heap overflow issue

Invalid memory access in Sentencepiece versions less than 0.2.1 when using a vulnerable model file, which is not created in the normal training procedure...

CVE-2025-14127

The Testimonial Master plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2025-14127

The Testimonial Master plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2025-13847

The PhotoFade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'time' parameter in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2025-14127 Testimonial Master <= 0.2.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

The Testimonial Master plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2025-13847 PhotoFade <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The PhotoFade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'time' parameter in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2025-13847

CVE-2025-13847 — PhotoFade (WordPress) Vulnerability type: Stored XSS in the PhotoFade WordPress plugin via the time parameter. Affected versions: all versions up to and including 0.2.1. Root cause: Insufficient input sanitization and output escaping in the time parameter. Impact: Authenticated a...

WordPress plugin Testimonial Master 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scriptin...

PT-2026-1608

Name of the Vulnerable Software and Affected Versions PhotoFade plugin for WordPress versions up to and including 0.2.1 Description The PhotoFade plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to inadequate input sanitization and output escaping related to the tim...

CVE-2025-62114 WordPress Download Media Library plugin <= 0.2.1 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in marcelotorres Download Media Library download-media-library allows Retrieve Embedded Sensitive Data.This issue affects Download Media Library: from n/a through = 0.2.1...