CLEANSTART-2026-GN78570 Security fixes for CVE-2025-11579, CVE-2026-1229, CVE-2026-21726, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-32281, CVE-2026-32282, CVE-2026-33186, CVE-2026-33762, CVE-2026-33810, CVE-2026-34040, CVE-2026-34165, CVE-2026-34986, CVE-2026-39882, CVE-2026-39883, CVE-2026-41506, ghsa-3xc5-wrhm-f963, ghsa-497x-rrr9-68jp, ghsa-6g7g-w4f8-9c9x, ghsa-78h2-9frx-2jm8, ghsa-9h8m-3fm2-qjrq, ghsa-fw7p-63qq-7hpr, ghsa-gm2x-2g9h-ccm8, ghsa-jhf3-xxhw-2wpp, ghsa-jqcq-xjh3-6g23, ghsa-p77j-4mvh-x3m3, ghsa-q9hv-hpm4-hj6x, ghsa-rwvp-r38j-9rgg, ghsa-w8rr-5gcm-pp58, ghsa-x6gf-mpr2-68h6, ghsa-xmrv-pmrh-hhx2 applied in versions: 1.12.1-r2, 1.15.0-r0, 1.15.0-r1, 1.15.0-r2, 1.16.0-r0

Multiple security vulnerabilities affect the grafana-alloy-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-SA98061 Security fixes for CVE-2026-33186, CVE-2026-34986, ghsa-6v2p-p943-phr9, ghsa-78h2-9frx-2jm8, ghsa-c6gw-w398-hv78, ghsa-f6x5-jh6r-wrfv, ghsa-hcg3-p754-cr77, ghsa-j5w8-q4qc-rx2x, ghsa-qxp5-gw88-xv66, ghsa-v778-237x-gjrc, ghsa-vvgc-356p-c3xw applied in versions: 1.15.0-r1, 1.19.0-r0, 1.19.1-r0

Multiple security vulnerabilities affect the rabbitmq-messaging-topology-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

cn.sliew:flinkful-cli-descriptor-examples (>=1.0.2 <=1.0.7), cn.sliew:flinkful-sql-catalog (>=1.0.3 <=1.0.7) +102 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-planner_2.12 (>=1.15.0 <=1.20.3)

org.apache.flink:flink-table-planner2.12 MAVEN version =1.15.0, =1.0.2, =1.0.3, =1.0.0, =1.0.2, =1.0, =0.1, =0.6.1, =0.6.1, =1.17-2.5.2, =2.5.1-flink-1.17 and more Source cves: CVE-2026-35194 Source advisory: OSV:GHSA-2F54-V4HM-FX73...

cn.sliew:flinkful-cli-descriptor-examples (>=1.0.2 <=1.0.7), cn.sliew:flinkful-sql-catalog (>=1.0.3 <=1.0.7) +102 more potentially affected by CVE-2026-35194 via org.apache.flink:flink-table-planner_2.12 (>=1.15.0 <=1.20.3)

org.apache.flink:flink-table-planner2.12 MAVEN version =1.15.0, =1.0.2, =1.0.3, =1.0.0, =1.0.2, =1.0, =0.1, =0.6.1, =0.6.1, =1.17-2.5.2, =2.5.1-flink-1.17 and more Source cves: CVE-2026-35194 Source advisory: SNYK:JAVA-ORGAPACHEFLINK-16799799...

Security Bulletin: Axios NO_PROXY Bypass via Improper Hostname Normalization Leads to SSRF

Summary Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NOPROXY rules. Requests to loopback addresses like localhost. with a trailing dot or ::1 IPv6 literal skip NOPROXY matching an...

UBUNTU-CVE-2026-39883

OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This...

PT-2026-31450

Name of the Vulnerable Software and Affected Versions OpenTelemetry-Go versions 1.15.0 through 1.42.0 Description The fix for a previous issue changed the path used for one command but left another command vulnerable to a PATH hijacking attack on BSD and Solaris platforms. Specifically, the kenv...

CLEANSTART-2026-PI36812 Security fixes for CVE-2026-33186, ghsa-6v2p-p943-phr9, ghsa-c6gw-w398-hv78, ghsa-f6x5-jh6r-wrfv, ghsa-hcg3-p754-cr77, ghsa-j5w8-q4qc-rx2x, ghsa-qxp5-gw88-xv66, ghsa-v778-237x-gjrc, ghsa-vvgc-356p-c3xw applied in versions: 1.15.0-r1, 1.19.0-r0

Multiple security vulnerabilities affect the rabbitmq-messaging-topology-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

Twenty CRM 安全漏洞

Twenty CRM is an open-source customer relationship management system developed by Twenty. Versions of Twenty CRM 1.15.0 and earlier contain security vulnerabilities. These vulnerabilities stem from defects in the local.driver.ts module, which may allow remote attackers to execute arbitrary code...

@klardaten/n8n-nodes-datevconnect (>=1.0.1 <=1.0.2), @n8n/ai-workflow-builder (>=0.2.0 <=0.28.0) +15 more potentially affected by CVE-2025-65964 via @n8n/config (>=1.15.0 <=1.60.0)

@n8n/config NPM version =1.15.0, =1.0.1, =0.2.0, =1.3.0, =0.23.8, =1.51.0, =1.65.0, =1.65.0, =1.0.1, =0.3.3, =0.1.3, =0.2.0, =0.2.0, =0.1.0, =0.1.1 - n8n-nodes-tiny-request =0.1.0 and more Source cves: CVE-2025-65964 Source advisory: SNYK:JS-N8NCONFIG-14222433...

Slackware Linux 15.0 / current tigervnc Multiple Vulnerabilities (SSA:2025-302-02)

The version of tigervnc installed on the remote host is prior to 1.12.0 / 1.15.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-302-02 advisory. New tigervnc packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted...

SUSE CVE-2025-32793

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.15.0 to 1.15.15, 1.16.0 to 1.16.8, and 1.17.0 to 1.17.2, are vulnerable when using Wireguard transparent encryption in a Cilium cluster, packets that originate from a terminating endpoint can lea...

PT-2024-35709 · Unknown · Home-Gallery.Org

Name of the Vulnerable Software and Affected Versions: Home-Gallery.org versions 1.15.0 and earlier Description: Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. An open CORS policy in app.js may allow an attacker to view the images of home-gallery...

PT-2024-32836 · Cilium +1 · Cilium +1

Name of the Vulnerable Software and Affected Versions: Cilium versions 1.14.0 through 1.14.15 Cilium versions 1.15.0 through 1.15.9 Description: A policy rule denying a prefix that is broader than /32 may be ignored if there is a policy rule referencing a more narrow prefix CIDRSet or toFQDN and...

Open Neural Network Exchange Path Traversal Vulnerability

Open Neural Network Exchange ONNX is an open ecosystem that enables AI developers to choose the right tools as their projects evolve. A security vulnerability exists in Open Neural Network Exchange versions 1.15.0 and earlier, which stems from a field in the externaldata tensor prototype that may...

cifar-10-model (=7.4.0), gamornet-cpu (>=0.2.3 <=0.4.3) +8 more potentially affected by CVE-2023-25667 via tensorflow-cpu (>=1.15.0 <=2.11.0)

tensorflow-cpu PYPI version =1.15.0, =0.2.3, =0.0.5, =1.0.0, =1.8.2, =0.1.3, =0.3.0.dev221212, =0.7.0, =0.7.5 Source cves: CVE-2023-25667 Source advisory: OSV:GHSA-FQM2-GH8W-GR68...

SUSE CVE-2020-8551

The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on...

PT-2022-26933 · Shirasagi · Shirasagi

Name of the Vulnerable Software and Affected Versions: SHIRASAGI versions 1.14.4 through 1.15.0 Description: The issue allows a remote unauthenticated attacker to redirect users to an arbitrary web site, potentially conducting a phishing attack. Recommendations: For SHIRASAGI versions 1.14.4...

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +98 more potentially affected by CVE-2022-41901 via tensorflow-cpu (>=1.15.0 <=2.7.4)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-41901 Source advisory: OSV:GHSA-G9FM-R5MM-RF9F...

a62-emotion (>=0.10.12 <=0.11.4), aiproteomics (=0.2.1) +98 more potentially affected by CVE-2022-41896 via tensorflow-cpu (>=1.15.0 <=2.7.4)

tensorflow-cpu PYPI version =1.15.0, =0.10.12, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.0.1, =0.3.3 and more Source cves: CVE-2022-41896 Source advisory: OSV:GHSA-RMG2-F698-WQ35...