CVE-2025-58190 affecting package cert-manager for versions less than 1.11.2-27

CVE-2025-58190 affecting package cert-manager for versions less than 1.11.2-27. A patched version of the package is available...

EUVD-2026-5633

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.5 to v1.11.2 openfga-0.2.22= Helm chart = openfga-0.2.51, v.1.8.5 = docker = v.1.11.2 are vulnerable to improper policy enforcement when certain Check call...

CVE-2026-24851 OpenFGA Improper Policy Enforcement

OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA v1.8.5 to v1.11.2 openfga-0.2.22= Helm chart = openfga-0.2.51, v.1.8.5 = docker = v.1.11.2 are vulnerable to improper policy enforcement when certain Check call...

GHSA-JQ9F-GM9W-RWM9 OpenFGA Improper Policy Enforcement

Impact OpenFGA v1.8.5 to v1.11.2 openfga-0.2.22 = Helm chart = openfga-0.2.51, v.1.8.5 = docker = v.1.11.2 are vulnerable to improper policy enforcement when certain Check calls are executed. Affected Users Users are affected by this vulnerability if all of the following preconditions are met: -...

CVE-2026-24414 Icinga for Windows certificate can have too-open permissions

The Icinga PowerShell Framework provides configuration and check possibilities to ensure integration and monitoring of Windows environments. In versions prior to 1.13.4, 1.12.4, and 1.11.2, permissions of the Icinga for Windows certificate directory grant every user read access, which results in...

WordPress URL Shortify plugin <= 1.11.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Nguyễn Đức Toàn in WordPress Plugin URL Shortify versions = 1.11.2...

PT-2025-53274

Name of the Vulnerable Software and Affected Versions Gora Tech Cooked versions through 1.11.2 Description An authorization issue exists in Gora Tech Cooked, allowing exploitation due to incorrectly configured access control security levels. Recommendations Update Gora Tech Cooked to a version...

CVE-2025-58180 OctoPrint is Vulnerable to RCE Attacks via Unsanitized Filename in File Upload

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.2 contain a vulnerability that allows an authenticated attacker to upload a file under a specially crafted filename that will allow arbitrary command execution if said filename...

Ingress NGINX Controller 安全漏洞

Ingress NGINX Controller is a Kubernetes open source entry controller for Kubernetes. A security vulnerability exists in Ingress NGINX Controller versions prior to 1.11.2, which stems from a participant with permission to create Ingress objects can bypass annotation validation to inject arbitrary...

HashiCorp Consul 资源管理错误漏洞

HashiCorp Consul is a suite of distributed, highly available data center-aware solutions from HashiCorp USA. The product is used to connect and provision applications across a dynamically distributed infrastructure. A resource management error vulnerability exists in HashiCorp Consul and Consul...