357 matches found
PT-2026-45066
Summary Type: Vertical privilege escalation. The PATCH /workspaces/workspace id/members/user id endpoint is gated by require workspace memberworkspace id, which defaults to min role="member" and is never overridden by the route. The handler then calls MemberService.update roleworkspace id, user i...
PT-2026-44332
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description An inconsistency exists in the calculation of sub-sampled plane dimensions within the drm gem fb init with funcs function. While the framebuffer check function uses DIV ROUND UP to round up...
Net::Statsd::Lite 注入漏洞
Net::Statsd::Lite is a lightweight StatsD client developed by Robert Rothenberg, which supports multiple metric data packets. Versions of Net::Statsd::Lite prior to 0.9.0 have a injection vulnerability. This vulnerability arises from the lack of checks for line breaks, colons, or vertical bars in...
CVE-2026-41680 Marked: OOM Denial of Service via Infinite Recursion in marked Tokenizer
Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service DoS vulnerability exists in marked. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline \x09\x0b\n—an unauthenticated attacker can trigger an infinite recursion loop during...
CVE-2026-32281 vulnerabilities
Vulnerabilities for packages: minio-operator, flux-image-reflector-controller, db-operator, aws-efs-csi-driver, k8ssandra-client, custom-pod-autoscaler-operator, prometheus-adapter, newrelic-infra-operator, rancher-agent, nri-f5, flux-image-automation-controller, runc, grafana-pyroscope, kargo,...
CLEANSTART-2026-MQ21261 Security fixes for CVE-2025-47911, CVE-2025-58190, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27141, CVE-2026-27142 applied in versions: 1.5.1-r0, 1.5.1-r1, 1.5.1-r2, 1.5.1-r3
Multiple security vulnerabilities affect the vertical-pod-autoscaler package. These issues are resolved in later releases. See references for individual vulnerability details...
OPENSUSE-SU-2026:20409-1 Security update for harfbuzz
This update for harfbuzz fixes the following issues: Update to version 11.4.5: Security fixes: - CVE-2026-22693: Fixed a NULL pointer dereference in SubtableUnicodesCache::create bsc1256459. Other fixes: - Bug fixes for “AAT” shaping, and other shaping micro optimizations. - Fix a shaping...
GHSA-8FJ7-8H3W-XWFM vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-route53, kube-rbac-proxy, crossplane-provider-aws-sqs, crossplane-provider-aws-cloudfront, terraform-provider-acme, emissary, src, trivy, caddy, crossplane-provider-aws-cloudwatchlogs, polaris, crossplane-provider-aws-iam, cloud-sql-proxy,...
CVE-2026-27141 vulnerabilities
Vulnerabilities for packages: crossplane-provider-aws-route53, kube-rbac-proxy, crossplane-provider-aws-sqs, crossplane-provider-aws-cloudfront, terraform-provider-acme, emissary, src, trivy, caddy, crossplane-provider-aws-cloudwatchlogs, polaris, crossplane-provider-aws-iam, cloud-sql-proxy,...
GHSA-8FJ7-8H3W-XWFM vulnerabilities
Vulnerabilities for packages: azure-service-operator-fips, crossplane-provider-aws-efs-fips, apm-server-fips, opentelemetry-collector-contrib-fips, tekton-pipelines-fips, gitlab-cng, ollama-fips, crossplane-provider-aws-sqs-fips, crossplane-provider-aws-efs, bento-fips, apm-server,...
CVE-2026-27141 vulnerabilities
Vulnerabilities for packages: azure-service-operator-fips, crossplane-provider-aws-efs-fips, apm-server-fips, opentelemetry-collector-contrib-fips, tekton-pipelines-fips, gitlab-cng, ollama-fips, crossplane-provider-aws-sqs-fips, crossplane-provider-aws-efs, bento-fips, apm-server,...
CVE-2025-68121 vulnerabilities
Vulnerabilities for packages: minio-operator, crossplane-provider-aws-route53, flux-image-reflector-controller, db-operator, azcopy, aws-efs-csi-driver, kuma, k8ssandra-client, k6, thanos, terraform-provider-google, custom-pod-autoscaler-operator, prometheus-adapter, newrelic-infra-operator,...
GHSA-H355-32PF-P2XM vulnerabilities
Vulnerabilities for packages: minio-operator, crossplane-provider-aws-route53, flux-image-reflector-controller, db-operator, azcopy, aws-efs-csi-driver, kuma, k8ssandra-client, k6, thanos, terraform-provider-google, custom-pod-autoscaler-operator, prometheus-adapter, newrelic-infra-operator,...
CVE-2025-61732 vulnerabilities
Vulnerabilities for packages: minio-operator, crossplane-provider-aws-route53, flux-image-reflector-controller, db-operator, azcopy, aws-efs-csi-driver, trust-manager, kuma, k8ssandra-client, k6, thanos, terraform-provider-google, custom-pod-autoscaler-operator, prometheus-adapter,...
CVE-2025-68121 vulnerabilities
Vulnerabilities for packages: ko, chaos-mesh, logstash-exporter, node-feature-discovery, rancher-agent, sftpgo-plugin-kms, apm-server-fips, openbao-k8s, prometheus-adapter, tekton-pipelines-fips, aws-efs-csi-driver-fips, nrdot-collector-k8s-fips, fluxcd-kustomize-mutating-webhook-fips,...
GHSA-8JVR-VH7G-F8GX vulnerabilities
Vulnerabilities for packages: ko, chaos-mesh, logstash-exporter, node-feature-discovery, rancher-agent, sftpgo-plugin-kms, apm-server-fips, openbao-k8s, prometheus-adapter, tekton-pipelines-fips, aws-efs-csi-driver-fips, nrdot-collector-k8s-fips, fluxcd-kustomize-mutating-webhook-fips,...
CVE-2025-61732 vulnerabilities
Vulnerabilities for packages: ko, chaos-mesh, logstash-exporter, node-feature-discovery, rancher-agent, sftpgo-plugin-kms, apm-server-fips, openbao-k8s, prometheus-adapter, tekton-pipelines-fips, aws-efs-csi-driver-fips, nrdot-collector-k8s-fips, fluxcd-kustomize-mutating-webhook-fips,...
CLEANSTART-2026-UM63521 Within HostnameError
Multiple security vulnerabilities affect the vertical-pod-autoscaler-fips package. Within HostnameError. See references for individual vulnerability details...
CVE-2025-23856
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Odyno Simple Vertical Timeline simple-vertical-timeline allows DOM-Based XSS.This issue affects Simple Vertical Timeline: from n/a through = 0.1...
CVE-2017-18826
Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15,...