882 matches found
Important: Red Hat Security Advisory: zero trust workload identity manager for Red Hat OpenShift 1.0.1
zero trust workload identity manager for Red Hat OpenShift 1.0.1 The Zero Trust Workload Identity Manager ZTWIM is a day-2 operator. The operator manages lifecycle of operand components from SPIRE project. The goal of ZTWIM is to provide secure, verifiable workload identities for workloads in...
Important: Red Hat Security Advisory: zero trust workload identity manager for Red Hat OpenShift 1.0.1
zero trust workload identity manager for Red Hat OpenShift 1.0.1 The Zero Trust Workload Identity Manager ZTWIM is a day-2 operator. The operator manages lifecycle of operand components from SPIRE project. The goal of ZTWIM is to provide secure, verifiable workload identities for workloads in...
Important: Red Hat Security Advisory: zero trust workload identity manager for Red Hat OpenShift 1.0.1
zero trust workload identity manager for Red Hat OpenShift 1.0.1 The Zero Trust Workload Identity Manager ZTWIM is a day-2 operator. The operator manages lifecycle of operand components from SPIRE project. The goal of ZTWIM is to provide secure, verifiable workload identities for workloads in...
Important: Red Hat Security Advisory: zero trust workload identity manager for Red Hat OpenShift 1.0.1
zero trust workload identity manager for Red Hat OpenShift 1.0.1 The Zero Trust Workload Identity Manager ZTWIM is a day-2 operator. The operator manages lifecycle of operand components from SPIRE project. The goal of ZTWIM is to provide secure, verifiable workload identities for workloads in...
CVE-2026-7790 Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS
Uncontrolled Resource Consumption vulnerability in ninenines cowlib cowhttpte module allows Excessive Allocation. The chunked transfer-encoding parser in cowhttpte accepts an unbounded number of hex digits in the chunk-size field. Each digit causes a bignum multiplication Len 16 + digit, so parsi...
Before the Breach, There Was a Test Environment
Key Takeaways Most security failures do not begin where they are discovered. By the time risk becomes visible in production, the decisions that created it are often already sitting in test environments. “Temporary” test infrastructure often becomes permanent, creating persistent misconfigurations...
GHSA-WG65-39GG-5WFJ Prometheus Azure AD remote write OAuth client secret exposed via config API
Impact Users who use Azure AD remote write with OAuth authentication are impacted. The clientsecret field in the Azure AD remote write OAuth configuration storage/remote/azuread was typed as string instead of Secret. Prometheus redacts fields of type Secret when serving the configuration via the...
CVE-2026-22165
CVE-2026-22165 involves a flaw in a GPU DDK where a web page serving unusual WebGPU content loaded into the GPU GLES render process can trigger a write UAF in the GPU GLES user-space shared library. The root cause is described as UAF reads of GLES3Context::psDrawParams and GLES3Context::psMode an...
Important: containerd
Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...
CVE-2026-5944
An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible within the network scope of the deployment environment without authentication. An unauthenticated...
CVE-2026-5944 Cisco Intersight Device Connector for Nutanix Prism Central Unauthenticated API Access
An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible within the network scope of the deployment environment without authentication. An unauthenticated...
CVE-2026-5944 Cisco Intersight Device Connector for Nutanix Prism Central Unauthenticated API Access
An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible within the network scope of the deployment environment without authentication. An unauthenticated...
CVE-2026-5944
An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible within the network scope of the deployment environment without authentication. An unauthenticated...
Towards Agentic Investigation of Security Alerts
Security analysts are overwhelmed by the volume of alerts and the low context provided by many detection systems. Early-stage investigations typically require manual correlation across multiple log sources, a task that is usually time-consuming. In this paper, we present an experimental, agentic...
PT-2026-35723
An improper access control vulnerability exists in the Cisco Intersight Device Connector for Nutanix Prism Central. The service exposes an API passthrough endpoint on TCP port 7373 that is accessible within the network scope of the deployment environment without authentication. An unauthenticated...
Security Misconfiguration
Apache Airflow is Vulnerable to Security Misconfiguration. The Vulnerability is due to insufficiently clear documentation of the security model, workload isolation, and JWT authentication behavior, which may lead deployment managers to make incorrect assumptions and configure insecure environment...
Insertion of Sensitive Information into Log File
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to JWT Tokens being embedded inside workload object in task logs. An attacker can gain unauthorized access to sensitive information by viewing log files containing JWT tokens. This...
CVE-2025-66236
Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and security model of Airflow. Some assumptions the Deployment Manager could make were not clear or explicit enough, even though...
CLEANSTART-2026-UQ68343 During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions
Multiple security vulnerabilities affect the kyverno-policy-reporter-kyverno-plugin-fips package. During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions. See references for individual vulnerabili...
CLEANSTART-2026-RR42740 During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions
Multiple security vulnerabilities affect the gpu-operator package. During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions. See references for individual vulnerability details...