355 matches found
PT-2026-45066
Summary Type: Vertical privilege escalation. The PATCH /workspaces/workspace id/members/user id endpoint is gated by require workspace memberworkspace id, which defaults to min role="member" and is never overridden by the route. The handler then calls MemberService.update roleworkspace id, user i...
PT-2026-44332
In the Linux kernel, the following vulnerability has been resolved: drm/gem: Fix inconsistent plane dimension calculation in drm gem fb init with funcs drm gem fb init with funcs computes sub-sampled plane dimensions using plain integer division: unsigned int width = mode cmd-width / i ? info-hsu...
Net::Statsd::Lite 注入漏洞
Net::Statsd::Lite is a lightweight StatsD client developed by Robert Rothenberg, which supports multiple metric data packets. Versions of Net::Statsd::Lite prior to 0.9.0 have a injection vulnerability. This vulnerability arises from the lack of checks for line breaks, colons, or vertical bars in...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux
In the Linux kernel, the following vulnerability has been resolved: fbdev: sisfb: Fixed strbuf array overflow issue. The values of the variables xres and yres are stored in strbuf. These variables are derived from strbuf1. The strbuf1 array contains digit characters; if the array contains non-dig...
CVE-2026-41680 Marked: OOM Denial of Service via Infinite Recursion in marked Tokenizer
Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service DoS vulnerability exists in marked. By providing a specific 3-byte input sequence a tab, a vertical tab, and a newline \x09\x0b\n—an unauthenticated attacker can trigger an infinite recursion loop during...
CVE-2026-32281 vulnerabilities
Vulnerabilities for packages: gitlab-kas, mailpit, ctop, nats-top, kubernetes-dashboard-metrics-scraper, cert-exporter, mods, db-operator, promxy, nri-mysql, omnibump, openbao, spark-operator, custom-pod-autoscaler-operator, x509-certificate-exporter, conjur-cli, docker-machine-driver-harvester,...
CLEANSTART-2026-MQ21261 Security fixes for CVE-2025-47911, CVE-2025-58190, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27141, CVE-2026-27142 applied in versions: 1.5.1-r0, 1.5.1-r1, 1.5.1-r2, 1.5.1-r3
Multiple security vulnerabilities affect the vertical-pod-autoscaler package. These issues are resolved in later releases. See references for individual vulnerability details...
OPENSUSE-SU-2026:20409-1 Security update for harfbuzz
This update for harfbuzz fixes the following issues: Update to version 11.4.5: Security fixes: - CVE-2026-22693: Fixed a NULL pointer dereference in SubtableUnicodesCache::create bsc1256459. Other fixes: - Bug fixes for “AAT” shaping, and other shaping micro optimizations. - Fix a shaping...
GHSA-8FJ7-8H3W-XWFM vulnerabilities
Vulnerabilities for packages: wolfictl, sops, kube-vip, chezmoi, bento, crossplane-provider-aws-lambda, descheduler, cert-manager-webhook-pdns, zot, crossplane-provider-aws-memorydb, crossplane-provider-aws-route53, crossplane-provider-aws-dynamodb, crossplane-provider-aws-elasticache,...
CVE-2026-27141 vulnerabilities
Vulnerabilities for packages: wolfictl, sops, kube-vip, chezmoi, bento, crossplane-provider-aws-lambda, descheduler, cert-manager-webhook-pdns, zot, crossplane-provider-aws-memorydb, crossplane-provider-aws-route53, crossplane-provider-aws-dynamodb, crossplane-provider-aws-elasticache,...
GHSA-8FJ7-8H3W-XWFM vulnerabilities
Vulnerabilities for packages: wolfictl, kubo-fips, sops, crossplane-provider-aws-lambda-fips, kube-vip, chezmoi, bento, crossplane-provider-aws-lambda, ollama-fips, seaweedfs-operator, descheduler, cert-manager-webhook-pdns, peerdb-flow, zot, omni, terraform-provider-aws-fips,...
CVE-2026-27141 vulnerabilities
Vulnerabilities for packages: wolfictl, kubo-fips, sops, crossplane-provider-aws-lambda-fips, kube-vip, chezmoi, bento, crossplane-provider-aws-lambda, ollama-fips, seaweedfs-operator, descheduler, cert-manager-webhook-pdns, peerdb-flow, zot, omni, terraform-provider-aws-fips,...
GHSA-H355-32PF-P2XM vulnerabilities
Vulnerabilities for packages: gitlab-kas, mailpit, ctop, nats-top, hydra, kubernetes-dashboard-metrics-scraper, cert-exporter, mods, db-operator, promxy, nri-mysql, openbao, spark-operator, custom-pod-autoscaler-operator, x509-certificate-exporter, docker-machine-driver-harvester,...
CVE-2025-68121 vulnerabilities
Vulnerabilities for packages: gitlab-kas, mailpit, ctop, nats-top, hydra, kubernetes-dashboard-metrics-scraper, cert-exporter, mods, db-operator, promxy, nri-mysql, openbao, spark-operator, custom-pod-autoscaler-operator, x509-certificate-exporter, docker-machine-driver-harvester,...
CVE-2025-61732 vulnerabilities
Vulnerabilities for packages: gitlab-kas, mailpit, ctop, nats-top, hydra, kubernetes-dashboard-metrics-scraper, cert-exporter, mods, db-operator, promxy, nri-mysql, openbao, spark-operator, custom-pod-autoscaler-operator, x509-certificate-exporter, docker-machine-driver-harvester,...
CVE-2025-61732 vulnerabilities
Vulnerabilities for packages: gitlab-kas, jaeger-operator-fips, ctop, mailpit, minio-fips, hydra, boring-registry-fips, kubernetes-dashboard-metrics-scraper, nats-top, flannel-fips, vault-k8s-fips, k8s-agents-operator, cert-exporter, mods, db-operator, promxy, nri-mysql, openbao, ko-fips,...
CVE-2025-68121 vulnerabilities
Vulnerabilities for packages: gitlab-kas, jaeger-operator-fips, ctop, mailpit, minio-fips, hydra, boring-registry-fips, kubernetes-dashboard-metrics-scraper, nats-top, flannel-fips, vault-k8s-fips, k8s-agents-operator, cert-exporter, mods, db-operator, promxy, nri-mysql, openbao, ko-fips,...
GHSA-8JVR-VH7G-F8GX vulnerabilities
Vulnerabilities for packages: gitlab-kas, jaeger-operator-fips, ctop, mailpit, minio-fips, hydra, boring-registry-fips, kubernetes-dashboard-metrics-scraper, nats-top, flannel-fips, vault-k8s-fips, k8s-agents-operator, cert-exporter, mods, db-operator, promxy, nri-mysql, openbao, ko-fips,...
CLEANSTART-2026-UM63521 Within HostnameError
Multiple security vulnerabilities affect the vertical-pod-autoscaler-fips package. Within HostnameError. See references for individual vulnerability details...
CVE-2025-23856
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Odyno Simple Vertical Timeline simple-vertical-timeline allows DOM-Based XSS.This issue affects Simple Vertical Timeline: from n/a through = 0.1...