359 matches found
PYSEC-2026-481 praisonai-platform: Any workspace member can promote themselves or others to owner via PATCH /workspaces/{id}/members/{user_id}
Summary Type: Vertical privilege escalation. The PATCH /workspaces/workspaceid/members/userid endpoint is gated by requireworkspacememberworkspaceid, which defaults to minrole="member" and is never overridden by the route. The handler then calls MemberService.updateroleworkspaceid, userid,...
CVE-2026-55069 Kestra BasicAuth Password Stored as SHA-512 Enables Offline Brute-Force Attack
Kestra is an open-source, event-driven orchestration platform. Prior to 1.3.24, this vulnerability exists in the BasicAuth authentication component of the Kestra OSS workflow orchestration platform. An attacker who gains read access to the PostgreSQL database can exploit SHA-512's high computatio...
PT-2026-45066
Name of the Vulnerable Software and Affected Versions praisonai-platform affected versions not specified Description A vertical privilege escalation exists where a user with the lowest privilege level can promote themselves to a workspace owner. The issue occurs because the PATCH...
PT-2026-44332
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description An inconsistency exists in the calculation of sub-sampled plane dimensions within the drm gem fb init with funcs function. While the framebuffer check function uses DIV ROUND UP to round up...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: fbdev: sisfb: Fixed strbuf array overflow issue. The values of the variables xres and yres are stored in strbuf. These variables are obtained from strbuf1. The strbuf1 array contains digit characters, and a space if the array...
Net::Statsd::Lite 注入漏洞
Net::Statsd::Lite is a lightweight StatsD client developed by Robert Rothenberg, which supports multiple metric data packets. Versions of Net::Statsd::Lite prior to 0.9.0 have a injection vulnerability. This vulnerability arises from the lack of checks for line breaks, colons, or vertical bars in...
CVE-2026-41680 Marked: OOM Denial of Service via Infinite Recursion in marked Tokenizer
Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service DoS vulnerability exists in marked. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline \x09\x0b\n—an unauthenticated attacker can trigger an infinite recursion loop during...
CVE-2026-32281 vulnerabilities
Vulnerabilities for packages: trivy-operator, logstash-exporter, eksctl, kuberlr, opensearch-k8s-operator, aws-s3-controller, portieris, sriov-network-device-plugin, vt-cli, supercronic, nri-postgresql, docker-cli, grafana-rollout-operator, chart-testing, cert-manager-cmctl, s5cmd, gatekeeper,...
CLEANSTART-2026-MQ21261 Security fixes for CVE-2025-47911, CVE-2025-58190, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27141, CVE-2026-27142 applied in versions: 1.5.1-r0, 1.5.1-r1, 1.5.1-r2, 1.5.1-r3
Multiple security vulnerabilities affect the vertical-pod-autoscaler package. These issues are resolved in later releases. See references for individual vulnerability details...
OPENSUSE-SU-2026:20409-1 Security update for harfbuzz
This update for harfbuzz fixes the following issues: Update to version 11.4.5: Security fixes: - CVE-2026-22693: Fixed a NULL pointer dereference in SubtableUnicodesCache::create bsc1256459. Other fixes: - Bug fixes for “AAT” shaping, and other shaping micro optimizations. - Fix a shaping...
GHSA-8FJ7-8H3W-XWFM vulnerabilities
Vulnerabilities for packages: flux-operator, trivy-operator, crossplane-provider-aws-elasticache, grafana-alloy, apko, flux-kustomize-controller, crossplane-provider-aws-sns, kube-rbac-proxy, cloud-sql-proxy, crossplane-provider-aws-cloudfront, gitlab-pages, kube-vip, opa, descheduler, sops, zot,...
CVE-2026-27141 vulnerabilities
Vulnerabilities for packages: flux-operator, trivy-operator, crossplane-provider-aws-elasticache, grafana-alloy, apko, flux-kustomize-controller, crossplane-provider-aws-sns, kube-rbac-proxy, cloud-sql-proxy, crossplane-provider-aws-cloudfront, gitlab-pages, kube-vip, opa, descheduler, sops, zot,...
GHSA-8FJ7-8H3W-XWFM vulnerabilities
Vulnerabilities for packages: aws-ebs-csi-driver, kubo-fips, cg, telegraf, flux-operator-fips, external-dns, cloud-sql-proxy-fips, kyverno-policy-reporter-fips, crossplane-provider-aws-iam, apko, crossplane-provider-aws-backup, crossplane-provider-aws-cloudwatchlogs, crossplane-provider-aws-lambd...
CVE-2026-27141 vulnerabilities
Vulnerabilities for packages: aws-ebs-csi-driver, kubo-fips, cg, telegraf, flux-operator-fips, external-dns, cloud-sql-proxy-fips, kyverno-policy-reporter-fips, crossplane-provider-aws-iam, apko, crossplane-provider-aws-backup, crossplane-provider-aws-cloudwatchlogs, crossplane-provider-aws-lambd...
CVE-2025-61732 vulnerabilities
Vulnerabilities for packages: prometheus-alertmanager, gomplate, logstash-exporter, src-fingerprint, kuberlr, opensearch-k8s-operator, gops, grafana-alloy, aws-s3-controller, portieris, sriov-network-device-plugin, vt-cli, supercronic, octo-sts, flux-kustomize-controller, terraform-provider-googl...
CVE-2025-68121 vulnerabilities
Vulnerabilities for packages: prometheus-alertmanager, gomplate, logstash-exporter, src-fingerprint, kuberlr, opensearch-k8s-operator, grafana-alloy, aws-s3-controller, portieris, sriov-network-device-plugin, vt-cli, supercronic, octo-sts, flux-kustomize-controller, terraform-provider-google,...
GHSA-H355-32PF-P2XM vulnerabilities
Vulnerabilities for packages: prometheus-alertmanager, gomplate, logstash-exporter, src-fingerprint, kuberlr, opensearch-k8s-operator, grafana-alloy, aws-s3-controller, portieris, sriov-network-device-plugin, vt-cli, supercronic, octo-sts, flux-kustomize-controller, terraform-provider-google,...
CVE-2025-61732 vulnerabilities
Vulnerabilities for packages: velero-plugin-for-csi-fips, otel-cli, kubernetes-dashboard-metrics-scraper, nri-mssql, velero-plugin-for-gcp, aws-ebs-csi-driver, crossplane-provider-kubernetes-fips, kubo-fips, langfuse, nfpm, hivemind, kubernetes-csi-livenessprobe, kube-conformance, spark-operator,...
CVE-2025-68121 vulnerabilities
Vulnerabilities for packages: otel-cli, kubernetes-dashboard-metrics-scraper, nri-mssql, aws-ebs-csi-driver, crossplane-provider-kubernetes-fips, kubo-fips, langfuse, nfpm, kubernetes-csi-livenessprobe, spark-operator, kube-conformance, chartmuseum, kiali, kyverno-policy-reporter-fips, mcp-grafan...
GHSA-8JVR-VH7G-F8GX vulnerabilities
Vulnerabilities for packages: velero-plugin-for-csi-fips, otel-cli, kubernetes-dashboard-metrics-scraper, nri-mssql, velero-plugin-for-gcp, aws-ebs-csi-driver, crossplane-provider-kubernetes-fips, kubo-fips, langfuse, nfpm, hivemind, kubernetes-csi-livenessprobe, kube-conformance, spark-operator,...