CVE-2026-41574 Nhost Vulnerable to Account Takeover via OAuth Email Verification Bypass

Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.49.1, Nhost automatically links an incoming OAuth identity to an existing Nhost account when the email addresses match. This is only safe when the email has been verified by the OAuth provider. Nhost's controller trusts...

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization via the columns output mode, which renders string fields from eBPF events to the terminal without sanitizing control characters or ANSI escape sequences. An attacker can manipulate terminal behavior or display by...

CVE-2025-66623

A flaw was found in Strimzi. This vulnerability allows unauthorized GET access to all Kubernetes K8s Secrets that exist in the given Kubernetes K8s namespace via incorrect Kubernetes K8s Role creation. Mitigation Mitigation for this issue is either not available or the currently available options...

CVE-2025-66623

Strimzi (Kafka on Kubernetes/OpenShift) has a vulnerability in versions 0.47.0–0.49.0 where an incorrect Kubernetes Role allows GET access to all Secrets in the target namespace for Kafka Connect and MirrorMaker 2 operands. The issue is fixed in Strimzi 0.49.1. Impact is restricted to unauthorize...

Strimzi 安全漏洞

Strimzi is a program from the Strimzi open source that allows running Apache Kafka clusters on Kubernetes in various deployment configurations. A security vulnerability exists in Strimzi versions 0.47.0 through prior to 0.49.1, which stems from the creation of incorrect Kubernetes roles and could...

python311-starlette-0.49.1-1.1 on GA media (moderate)

python311-starlette-0.49.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:15696-1 Rating: moderate Cross-References: CVE-2025-62727 CVSS scores: CVE-2025-62727 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-62727 SUSE : 8.2...

SUSE CVE-2025-62727

Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion...

CVE-2025-62727

Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion...

CVE-2025-62727

Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion...

UBUNTU-CVE-2025-62727

Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion...

CVE-2025-62727

CVE-2025-62727 (Starlette) : Affects Starlette before version 0.49.1, where an unauthenticated attacker can send a crafted HTTP Range header triggering quadratic-time processing in FileResponse Range parsing/merging, causing CPU exhaustion and denial of service on file-serving endpoints. A fix is...

CVE-2025-62727

Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion...

CVE-2025-62727 Starlette vulnerable to O(n^2) DoS via Range header merging in starlette.responses.FileResponse

Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion...

OPENSUSE-SU-2024:14121-1 cadvisor-0.49.1-1.1 on GA media

These are all security issues fixed in the cadvisor-0.49.1-1.1 package on the GA media of openSUSE Tumbleweed...