EUVD-2026-10939

Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a vulnerability in Envoy RBAC header matching could allow authorization policy bypass when policies rely on HTTP headers that may contain multiple values. An attacker could craft requests...

Istio 安全漏洞

Istio is an open-source platform that connects, manages, and protects microservices. There are security vulnerabilities in versions of Istio prior to 1.29.1, 1.28.5, and 1.27.8. These vulnerabilities stem from defects in the Envoy RBAC header matching mechanism, which may allow authorization...

Temporal—durable 安全漏洞

Temporal is a persistent execution platform open-sourced by temporal.io. A security vulnerability exists in Temporal-durable 1.29.1 and earlier versions, which stems from improper authorization of cross-namespace commands and could lead to unauthorized creation of workflows...

CVE-2025-59037 DuckDB NPM packages 1.3.3 and 1.29.2 briefly compromised with malware

DuckDB is an analytical in-process SQL database management system. On 08 September 2025, the DuckDB distribution for Node.js on npm was compromised with malware along with several other packages. An attacker published new versions of four of DuckDB's packages that included malicious code to...

nginx-1.29.1-1.1 on GA media (moderate)

nginx-1.29.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:15450-1 Rating: moderate Cross-References: CVE-2025-53859 CVSS scores: CVE-2025-53859 SUSE : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2025-53859 SUSE : 6.3...

Bruno 安全漏洞

Bruno is an open source IDE for exploring and testing Api from usebruno open source. A security vulnerability exists in Bruno version 1.29.1, which stems from Bruno's use of Electron shell.openExternal to open windows in the Markdown document viewer with no authentication...

WordPress Forminator Plugin <= 1.29.1 is vulnerable to Sensitive Data Exposure

Software Forminator Type Plugin Vulnerable versions = 1.29.1 Fixed in 1.29.2 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-7389 Patch priority Low CVSS severity Low 5.8 Developer WPMU DEV PSID d0a947757282 Credits Sean Murphy Required privilege...

Envoy Code Issue Vulnerability

Envoy is an open source distributed proxy server. A code issue vulnerability exists in Envoy versions prior to 1.29.1 that stems from a denial of service when the command type is LOCAL...

Envoy Resource Management Error Vulnerability

Envoy is an open source distributed proxy server. A resource management error vulnerability exists in Envoy versions prior to 1.29.1, which results from a denial of service when configuring the URI template matcher using regular expressions...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read such that parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic. Remediation Upgrade...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read such that parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic. Remediation Upgrade...

Google Protobuf Go Module 1.29 < 1.29.1 DoS

The version of Google Protobuf module for Go is affected by a denial of service DoS vulnerability. Parsing invalid messages with a minus sign or whitespace can lead to a denial of service. Note that Nessus has not tested for these issues but has instead relied only on the application's...

XWiki OIDC Authenticator vulnerable to bypassing OpenID login by providing a custom provider

Impact Even if a wiki has an OpenID provider configured through its xwiki.properties, it is possible to provide a third party provider by providing its details through request parameters. One can then bypass the XWiki authentication altogether by specifying its own provider through the...

GHSA-M7GV-V8XX-V47W XWiki OIDC Authenticator vulnerable to bypassing OpenID login by providing a custom provider

Impact Even if a wiki has an OpenID provider configured through its xwiki.properties, it is possible to provide a third party provider by providing its details through request parameters. One can then bypass the XWiki authentication altogether by specifying its own provider through the...

PT-2022-24946 · Xwiki · Xwiki Oidc

Name of the Vulnerable Software and Affected Versions: XWiki OIDC versions prior to 1.29.1 Description: The issue allows an attacker to bypass XWiki authentication by specifying their own OpenID provider through request parameters, such as oidc.endpoint., or by using an XWiki-based OpenID provide...

CVE-2022-39387 XWiki OIDC Authenticator vulnerable to OpenID login bypass due to improper authentication

XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Prior to version 1.29.1, even if a wiki has an OpenID provider configured through its xwiki.properties, it is possible to provide a third party provider its details through request parameters. One can then bypass the XWi...

Security update for netdata (moderate)

openSUSE Security Update: Security update for netdata Announcement ID: openSUSE-SU-2021:0730-1 Rating: moderate References: 1139094 1139095 1139098 Cross-References: CVE-2018-18836 CVE-2018-18837 CVE-2018-18838 CVE-2018-18839 CVSS scores: CVE-2018-18836 NVD : 6.5...

CloudBees Jenkins GitHub Plugin Information Disclosure Vulnerability (CNVD-2018-12811)

CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . GitHub Plugin is used in one of the...